Changing protocol configuration settings

The adapter uses the DAML protocol to communicate with the IBM® Security Identity server. By default, when the adapter is installed, the DAML protocol is configured for a non-secure environment. Use the Protocol Configuration option to configure the protocol properties for the adapter.

About this task

The DAML protocol is the only supported protocol that you can use. Do not add or remove a protocol.

Procedure

  1. Access the Agent Main Configuration Menu.
    For more information, see Starting the adapter configuration tool.
  2. At the Main menu prompt, type B. The DAML protocol is configured and available by default for the adapter. 
    Agent Protocol Configuration Menu
-----------------------------------
Available Protocols: DAML
Configured Protocols: DAML
A. Add Protocol.
B. Remove Protocol.
C. Configure Protocol.

X. Done

Select menu option
  3. At the Agent Protocol Configuration Menu, type C to display the Configure Protocol Menu. 
    Configure Protocol Menu
-----------------------------------
A. DAML
X. Done
Select menu option
  4. Type A to display the Protocol Properties Menu for the configured protocol with protocol properties. The following screen is an example of the DAML protocol properties. 
    DAML Protocol Properties
--------------------------------------------------------------------
A. USERNAME             ****** ;Authorized user name.
B. PASSWORD             ****** ;Authorized user password.
C. MAX_CONNECTIONS      100    ;Max Connections.
D. PORTNUMBER           45580  ;Protocol Server port number.
E. USE_SSL              FALSE  ;Use SSL secure connection.
F. SRV_NODENAME         9.38.215.20 ;Event Notif. Server name.
G. SRV_PORTNUMBER       9443 ;Event Notif. Server port number.
H. HOSTADDR             ANY;Listen on address (or "ANY")
I. VALIDATE_CLIENT_CE   FALSE ;Require client certificate.
J. REQUIRE_CERT_REG	    FALSE ;Require registered certificate.
K. READ_TIMEOUT         0 ;Socket read timeout (seconds)
L. DISABLE_TLS10        TRUE ;Disable TLS 1.0 and earlier
M. DISABLE_TLS11        TRUE ;Disable TLS 1.1 
N. DISABLE_TLS12        TRUE ;Disable TLS 1.2

X. Done	

Select menu option:
  5. Change the protocol value:
    1. Type the letter of the menu option for the protocol property to configure. The table below describes each property.
    2. Change the property value and press Enter to display the Protocol Properties Menu with the new value.

      If you do not want to change the value, press Enter.

    Table 1. Options for the DAML protocol menu
    Option Configuration task
    A Displays the following prompt:
    Modify Property 'USERNAME':

    Type a user ID, for example, admin.

    The IBM Security Identity server uses this value to connect to the adapter.
    B Displays the following prompt
    Modify Property 'PASSWORD':

    Type a password, for example, admin.

    The IBM Security Identity server uses this value to connect to the adapter.
    C Displays the following prompt: 
    Modify Property 'MAX_CONNECTIONS':
    Enter the maximum number of concurrent open connections that the adapter supports.
    The default value is 100.
    Note: This setting is sufficient and does not require adjustment.
    D Displays the following prompt:
    Modify Property 'PORTNUMBER':

    Type a different port number.

    The IBM Security Identity server uses the port number to connect to the adapter. The default port number is 45580.

    E Displays the following prompt: 
    Modify Property 'USE_SSL':

    Type TRUE to use a secure SSL connection to connect the adapter. When you set this option, you must install a certificate. For more information, see Installing the certificate.

    Type FALSE to not use a secure SSL connection. The default value is TRUE.

    F Displays the following prompt:
    Modify Property 'SRV_NODENAME':

    Type a server name or an IP address of the workstation where you installed the IBM Security Identity server.

    This value is the DNS name or the IP address of the IBM Security Identity server that is used for event notification and asynchronous request processing.

    Note: If your operating system supports Internet Protocol version 6 (IPv6) connections, you can specify an IPv6 server.
    G Displays the following prompt:
    Modify Property 'SRV_PORTNUMBER':

    Type a different port number to access the IBM Security Identity server.

    The adapter uses this port number to connect to the IBM Security Identity server. The default port number is 9443.
    H The HOSTADDR option is useful when the system, where the adapter is running, has more than one network adapter. You can select which IP address to which the adapter must listen. The default value is ANY.
    I
    Displays the following prompt:
    Modify Property 'VALIDATE_CLIENT_CE':

    Type TRUE for the IBM Security Identity server to send a certificate when it communicates with the adapter. When you set this option, you must configure options D through I.

    Type FALSE for the IBM Security Identity server can communicate with the adapter without a certificate.
    Note:
    • The property name is VALIDATE_CLIENT_CERT. It is truncated by the agentCfg to fit in the screen.
    • You must use certTool to install the appropriate CA certificates and optionally register the IBM Security Identity server certificate.
    J
    Displays the following prompt:
    Modify Property 'REQUIRE_CERT_REG':

    This value applies when option I is set to TRUE.

    Type TRUE to register the adapter with the client certificate from the IBM Security Identity server before it accepts an SSL connection.

    Type FALSE to verify the client certificate against the list of CA certificates. The default value is FALSE.

    For more information about certificates, see Configuring SSL authentication.
    K
    Displays the following prompt: 
    Modify Property 'READ_TIMEOUT':

    Specify the timeout value in seconds. The default value is 0 which specifies that no read timeout is set.

    Note: READ_TIMEOUT prevents open threads in the adapter, which might cause "hang" problems. The open threads might be caused by firewall or network connection problems and might be seen as TCP/IP ClosWait connections that remain on the adapter.
    Note:

    If you encounter such problems, set the value of READ_TIMEOUT to a time longer than the IBM Security Identity server timeout, but less than any firewall timeout. The IBM Security Identity server timeout is specified by the maximum connection age DAML property.

    The adapter must be restarted because READ_TIMEOUT is set at adapter initialization.
    L
    Displays the following prompt: 
    Modify Property 'DISABLE_TLS10':

    Type FALSE to use the TLSv1.0 protocol to connect the adapter.

    The default value is TRUE.
    M
    Displays the following prompt: 
    Modify Property 'DISABLE_TLS11':

    Type FALSE to use the TLSv1.1 protocol to connect the adapter.

    The default value is TRUE.
    N
    Displays the following prompt: 
    Modify Property 'DISABLE_TLS12':

    Type FALSE to use the TLSv1.2 protocol to connect the adapter.

    The default value is FALSE.
  6. Repeat step 5 to configure the other protocol properties.
  7. At the Protocol Properties Menu, type X to exit.