User guide

ManualsBrandsRed Hat ManualsComputer equipmentNETSCAPE ENTERPRISE SERVER 6.0 - NSAPI PROGRAMMER GUIDE

261

262

263

264

265

266

267

268

269

270

Developing Java Applications

7-27

permission javax.security.auth.AuthPermission

"createLoginContext.com.fujitsu.interstage.sso";

permission javax.security.auth.AuthPermission "doAs";

permission javax.security.auth.PrivateCredentialPermission

"com.fujitsu.interstage.sso.auth.ISAuthenticationCredential

com.fujitsu.interstage.sso.auth.ISUserPrincipal \"*\"", "read";

permission javax.security.auth.PrivateCredentialPermission

"com.fujitsu.interstage.sso.auth.ISAuthorizationCredential

com.fujitsu.interstage.sso.auth.ISUserPrincipal \"*\"", "read";

};

grant codeBase "file:C:\\Interstage\\F3FMsso\\ssoatzag\\lib\\isssomod14.jar

" {

grant codeBase "file:/opt/FJSVssoaz/lib/isssomod14.jar " {

permission java.lang.RuntimePermission

"accessClassInPackage.sun.net.www.protocol.https";

･･･

com.fujitsu.interstage.sso.auth.ISUserPrincipal \"*\"", "read";

permission javax.security.auth.PrivateCredentialPermission

"com.fujitsu.interstage.sso.auth.ISAuthorizationCredential

com.fujitsu.interstage.sso.auth.ISUserPrincipal \"*\"", "read";

};

Creating a Trust Store File

A trust store file is required when a Java application that receives a user ID/password from a client to

perform authentication uses a user ID/password for authentication with an authentication server in SSL

communication. By using the trust store file, the Java application can verify the site certificate of the

authentication server.

If the site certificate of an authentication server is not to be verified in SSL communication with the

authentication server, specify authservertrusted="yes" in the login configuration file. In this case, no

trust store file is required. For login configuration file details, refer to Creating Login Configuration File.

The following two methods can be used to create a trust store file:

1. Using the Interstage certificate environment

2. Using the JDK keytool command.

Using the Interstage Certificate Environment

Obtain the site certificate of the authentication server and the CA certificate that is a certificate of the site

certificate issuer. If a load balancer (such as Interstage Traffic Director) is used, use a site certificate

issued with the load balancer FQDN. Register the obtained certificate in the Interstage certificate

environment. For registration details, refer to “Configuring Environments” in “Setting and Use of the

Interstage Certificate Environment” in the Security System Guide.

When the certificate is registered, the trust store file is stored in a file with the paths shown below.

Specify the file name with the system property javax.net.ssl.trustStore when the application starts.

Interstage install directory: C:\Interstage

C:\Interstage\etc\security\env\keystore\.keystore