11.3 Identikey Server Configuration
11.3.9 Configuration File
11.3.9.2 Linux Example Configuration File
<?xml version="1.0" ?>
- <VASCO>
- <Server-Config>
<Server-Location type="string" data="10.2.10.100" />
</Server-Config>
<ProductInfo />
- <Tracing>
<Trace-Header type="unsigned" data="47" />
<Trace-Mask type="unsigned" data="0x3FFFFFFF" />
<Trace-File type="string" data="/var/vasco/identikey/ikeyserver.trace" />
</Tracing>
- <Encryption>
<Storage-Key type="string" data="" />
<Cipher-Name type="string" data="des_ede" />
<Cipher-Module type="string" data="" />
<Enable-Engine type="bool" data="false" />
<Engine-Module type="string" data="" />
<Engine-Parameters />
</Encryption>
<Storage>
<Storage-Engine type="string" data="ODBC" />
<ODBC>
<Library-Path type="string" data="/usr/lib/libikstorageodbc.so" />
<Load-Balancing type="bool" data="false" />
<Connection-Timeout type="unsigned" data="5000" />
- <Domain-Cache>
<Max-Age type="unsigned" data="900" />
<Max-Size type="unsigned" data="200" />
<Clean-Threshold type="unsigned" data="100" />
<Min-Clean-Interval type="unsigned" data="60" />
</Domain-Cache>
- <Data-Sources>
- <Data-Source00>
<Display-Name type="string" data="Identikey Server" />
<DSN type="string" data="identikey server" />
<Username type="string" data="digipass" />
<Password type="string" data="hXRzkAU8HIsQpKpelZwAT4k=" />
<Control-Table type="string" data="vdsControl" />
<Min-Reconnect-Interval type="unsigned" data="0" />
<Max-Reconnect-Interval type="unsigned" data="10" />
</Data-Source00>
</Data-Sources>
</ODBC>
</Storage>
- <VDPClient>
<MDC-IP type="string" data="127.0.0.1" />
<MDC-Port type="unsigned" data="20007" />
</VDPClient>
- <Replication>
<Library-Path type="string" data="/usr/lib/libikreplication.so" />
<Enabled type="bool" data="false" />
<Repl-Server type="string" data="10.2.10.100" />
<Allow-Loopback type="bool" data="true" />
<Connection-Timeout type="unsigned" data="60" />
<Min-Reconnect-Interval type="unsigned" data="1" />
<Max-Reconnect-Interval type="unsigned" data="60" />
<Dead-Item-Cleanup-Threshold type="unsigned" data="60" />
- <Queue>
<File-Path type="string" data="/var/vasco/repldata/" />
<Max-Retry-Count type="unsigned" data="3" />
<Retry-Interval type="unsigned" data="60" />
<Max-File-Size type="unsigned" data="100" />
</Queue>
<Server-List />
</Replication>
- <Audit>
- <Libraries>
<ODBC type="string" data="/usr/lib/libdpauditodbc.so" />
<live type="string" data="/usr/lib/libdpauditlive.so" />
</Libraries>
- <Plugins>
- <Profile00>
<Enabled type="bool" data="true" />
<Type type="string" data="utf8file" />
<Display-Name type="string" data="Text File" />
<Fail-On-Error type="bool" data="false" />
<Unhandled-Only type="bool" data="false" />
<Error type="bool" data="true" />
<Warning type="bool" data="true" />
<Info type="bool" data="true" />
<Success type="bool" data="true" />
<Failure type="bool" data="true" />
- <Plugincfg>
<Log-File type="string" data="/var/vasco/identikey/ikeyserver{year}{month}.audit" />
<Keep-Open type="bool" data="true" />
<Use-GMT type="bool" data="false" />
<Allow-Newlines type="bool" data="false" />
</Plugincfg>
</Profile00>
- <Profile01>
<Enabled type="bool" data="true" />
<Type type="string" data="syslog" />
<Display-Name type="string" data="Linux Syslog (errors only)" />
<Fail-On-Error type="bool" data="false" />
<Unhandled-Only type="bool" data="false" />
<Error type="bool" data="true" />
<Warning type="bool" data="false" />
<Info type="bool" data="false" />
<Success type="bool" data="false" />
<Failure type="bool" data="false" />
- <Plugincfg>
<Syslog-Facility type="string" data="local0" />
</Plugincfg>
</Profile01>
- <Profile02>
<Enabled type="bool" data="true" />
<Type type="string" data="syslog" />
<Display-Name type="string" data="Linux Syslog (fall-back)" />
<Fail-On-Error type="bool" data="true" />
<Unhandled-Only type="bool" data="true" />
<Error type="bool" data="true" />
<Warning type="bool" data="true" />
<Info type="bool" data="true" />
<Success type="bool" data="true" />
<Failure type="bool" data="true" />
- <Plugincfg>
<Syslog-Facility type="string" data="local0" />
</Plugincfg>
</Profile02>
- <Profile03>
<Enabled type="bool" data="true" />
<Type type="string" data="live" />
<Display-Name type="string" data="Live Audit Viewer" />
<Fail-On-Error type="bool" data="false" />
<Unhandled-Only type="bool" data="false" />
<Error type="bool" data="true" />
<Warning type="bool" data="true" />
<Info type="bool" data="true" />
<Success type="bool" data="true" />
<Failure type="bool" data="true" />
- <Plugincfg>
<IP-Address type="string" data="10.2.10.100" />
<Server-Port type="unsigned" data="20006" />
<Auth-Timeout type="unsigned" data="60" />
<Max-Connections type="unsigned" data="3" />
</Plugincfg>
</Profile03>
<Profile04>
<Display-Name type="string" data="odbc" />
<Type type="string" data="odbc" />
<Fail-On-Error type="bool" data="false" />
<Unhandled-Only type="bool" data="false" />
<Error type="bool" data="true" />
<Warning type="bool" data="true" />
<Info type="bool" data="true" />
<Success type="bool" data="true" />
<Failure type="bool" data="true" />
<Plugincfg>
<DSN type="string" data="identikey server" />
<Username type="string" data="digipass" />
<Password type="string" data="vSMkx1JrS9xHUfpvDctsd_Y=" />
</Plugincfg>
<Enabled type="bool" data="true" />
</Profile04>
</Plugins>
</Audit>
<Component-Cache>
<Max-Age type="unsigned" data="900" />
<Max-Size type="unsigned" data="1000" />
<Clean-Threshold type="unsigned" data="800" />
<Min-Clean-Interval type="unsigned" data="60" />
</Component-Cache>
-<Policy-Cache>
<Max-Age type="unsigned" data="900" />
<Max-Size type="unsigned" data="200" />
<Clean-Threshold type="unsigned" data="100" />
<Min-Clean-Interval type="unsigned" data="60" />
</Policy-Cache>
<Challenge-Cache>
<Max-Age type="unsigned" data="60" />
<Max-Size type="unsigned" data="1200" />
<Clean-Threshold type="unsigned" data="1000" />
<Min-Clean-Interval type="unsigned" data="5" />
</Challenge-Cache>
<BackEnd-Cache>
<Max-Age type="unsigned" data="900" />
<Max-Size type="unsigned" data="200" />
<Clean-Threshold type="unsigned" data="100" />
<Min-Clean-Interval type="unsigned" data="60" />
</BackEnd-Cache>
<DPX-Cache>
<Max-Age type="unsigned" data="86400" />
<Max-Size type="unsigned" data="200" />
<Clean-Threshold type="unsigned" data="100" />
<Min-Clean-Interval type="unsigned" data="60" />
</DPX-Cache>
<Admin-Session-Cache>
<Max-Concurrent-Sessions type="unsigned" data="10" />
<Max-Session-Time type="unsigned" data="86400" />
<Session-Timeout type="unsigned" data="3600" />
</Admin-Session-Cache>
<Report-Cache>
<Max-Age type="unsigned" data="86400" />
<Max-Size type="unsigned" data="400" />
<Clean-Threshold type="unsigned" data="100" />
<Min-Clean-Interval type="unsigned" data="60" />
</Report-Cache>
<Task-Manager>
<Max-Workers type="unsigned" data="30" />
</Task-Manager>
<BackEndAuthenticators>
<RADIUS>
<Enabled type="bool" data="true" />
<Library-Path type="string" data="/usr/lib/libikcommradius.so" />
</RADIUS>
<Engines />
</BackEndAuthenticators>
- <Communicators>
- <SealCommunicator>
<Enabled type="bool" data="false" />
<Library-Path type="string" data="/usr/lib/libikcommseal.so" />
<IP-Address type="string" data="10.2.10.100" />
<IP-Port type="unsigned" data="20003" />
<Require-Client-Component type="bool" data="false" />
</SealCommunicator>
- <SoapCommunicator>
<Enabled type="bool" data="true" />
<Library-Path type="string" data="/usr/lib/libikcommsoap.so" />
<DPX-Upload-Location type="string" data="/usr/share/vasco/identikey/dpx/" />
<IP-Port type="unsigned" data="8888" />
<SSL>
<Enabled type="bool" data="false" />
<Server-Certificate type="string" data="/etc/vasco/ikeypvk.pem" />
<Private-Key-Password type="string" data="LOeH9$Q5YOa0" />
<CA-Certificate-Store type="string" data="/etc/vasco/ikeycerts.pem" />
<Client-Authentication-Method type="string" data="none" />
<Reverify-Client-On-Reconnect type="bool" data="false" />
</SSL>
</SoapCommunicator>
<RadiusCommunicator>
<Enabled type="bool" data="true" />
<Library-Path type="string" data="/usr/lib/libikcommradius.so" />
<Authentication-Port type="string" data="1812" />
<Accounting-Port type="string" data="1813" />
<Request-Cache>
<Max-Age type="unsigned" data="5" />
<Max-Size type="unsigned" data="0" />
<Clean-Threshold type="unsigned" data="200" />
<Min-Clean-Interval type="unsigned" data="30" />
</Request-Cache>
<Proxy-Cache>
<Max-Age type="unsigned" data="99999999" />
<Max-Size type="unsigned" data="0" />
<Clean-Threshold type="unsigned" data="200" />
<Min-Clean-Interval type="unsigned" data="30" />
</Proxy-Cache>
</RadiusCommunicator>
</Communicators>
<Scenarios>
<ScenarioModule00>
<Enabled type="bool" data="true" />
<Display-Name type="string" data="Authentication Scenario" />
<Library-Path type="string" data="/usr/lib/libikscenauth.so" />
</ScenarioModule00>
<ScenarioModule01>
<Enabled type="bool" data="true" />
<Display-Name type="string" data="Signature Validation Scenario" />
<Library-Path type="string" data="/usr/lib/libikscensign.so" />
</ScenarioModule01>
<ScenarioModule02>
<Enabled type="bool" data="true" />
<Display-Name type="string" data="Provisioning Scenario" />
<Library-Path type="string" data="/usr/lib/libikscenprovision.so" />
- <Reactivation>
<Min-Time-Before-Reactivation type="unsigned" data="1440" />
<Max-Nbr-Attempts type="unsigned" data="3" />
<Max-Nbr-Locations type="unsigned" data="5" />
</Reactivation>
</ScenarioModule02>
<ScenarioModule03>
<Enabled type="bool" data="true" />
<Display-Name type="string" data="Administration Scenario" />
<Library-Path type="string" data="/usr/lib/libikscenadmin.so" />
</ScenarioModule03>
<ScenarioModule04>
<Enabled type="bool" data="true" />
<Display-Name type="string" data="Reporting Scenario" />
<Library-Path type="string" data="/usr/lib/libikscenreport.so" />
<Report-Location type="string" data="/usr/share/vasco/identikey/reports/" />
<Audit>
<Plug-ins>
<Plugin01 type="string" data="/usr/lib/libdpauditodbc.so" />
</Plug-ins>
<Source type="string" data="utf8file" />
<ODBC>
<Username type="string" data="test" />
<Password type="string" data="O9jfPKmQsCe8TkQkdQ1H8Zs=" />
<DSN type="string" data="postgres" />
</ODBC>
<UTF8>
<Path type="string" data="/var/vasco/identikey/" />
<Extension type="string" data=".audit" />
</UTF8>
</Audit>
</ScenarioModule04>
<ScenarioModule05>
<Enabled type="bool" data="true" />
<Display-Name type="string" data="Audit Scenario" />
<Library-Path type="string" data="/usr/lib/libikscenaudit.so" />
</ScenarioModule05>
<ScenarioModule06>
<Enabled type="bool" data="true" />
<Display-Name type="string" data="Replication Scenario" />
<Library-Path type="string" data="/usr/lib/libikscenrepl.so" />
</ScenarioModule06>
</Scenarios>
</VASCO>