Authenticating eXtreme Scale server connections in stand-alone environments

Connections between eXtreme Scale servers must be authenticated to prevent an unauthorized server from accessing the data grid.

About this task

The following settings in the server.properties file determine how servers authenticate to one another:
  • securityEnabled=true
  • secureTokenManagerType=autoSecret
  • authenticationSecret=OurGridServersExampleSecret
All of the eXtreme Scale servers in a domain, as well as all of the servers in any linked domains, must use the same values for these three properties in the server.properties file, or communication fails. For more information about how to specify these properties in the server properties file, see Server properties file.

Procedure

  1. Enable server to server authentication.
    Set the securityEnabled property to true; for example: 
    securityEnabled=true
    The default value for this property is false.
  2. Establish a secure server configuration.

    The secureTokenManagerType is a property that you define in the Server Properties file.

    One secureTokenManagerType that you can use for a secure configuration is autoSecret, which performs token encryption and signing using keys derived from the authenticationSecret property. Secure tokens are used in server-to-server authentication and also for client single sign-on tokens. A value of none for secureTokenManagerType is not secure because this setting prevents the creation of encrypted tokens.

    You can also specify a setting of secureTokenManagerType=default. However, this option requires that you set up of a key store and related artifacts.

  3. Specify a long string value for authenticationSecret (note: one word) that is difficult for others to guess.
    You can encode this value using the FilePasswordEncoder utility. For more information, see Storing security artifacts for authorized users. Do not use the ObjectGridDefaultSecret property, which is the value that is used in the sampleServer.properties file.

Results

When you start a stand-alone eXtreme Scale server, specify the name of the properties file is on the command line. By specifying the server properties file, the authentication properties that you added are loaded when the server starts. For more information, see Starting secure servers in a stand-alone environment.

What to do next

Authenticating client requests in stand-alone environments