These DataSource configuration items allow a DataSource application to work with KeyMaster.
Use these configuration items to set up Liberator, Transformer and C-based Integration Adapters so they can work with KeyMaster. KeyMaster is used to authenticate user logins to Liberator via a single sign-on facility. It can also be used to authenticate monitoring connections to Liberator, Transformer and C-based Integration Adapters.
add-sigkey specifies the properties of a signature key.
Use in: C
add-sigkey key-id [string] hashing-algorithm [integer/string] keyfile [string] timeout [float] end-sigkey
The options for
||integer or string||
The algorithm to use for validating the digital signature in user credentials tokens provided by KeyMaster.
The hashing algorithms that DataSource applications can use are:
Pick the setting that corresponds to the algorithm used by your KeyMaster Signature Generator.
A name identifying the signature key.
If you're setting up KeyMaster for Liberator, and the Liberator is using the XMLauth authentication module, the
(For more about XMLauth, see Liberator user authentication and permissioning.)
The filename and path of the DER (binary) format public key file.
The directory path can contain the parameter
The length of time in seconds for which a user credentials token is valid.
This overrides the signature-validtime configuration item.
Example of add-sigkey:
add-sigkey key-id testkey keyfile %r/etc/publickey.der hashing-algorithm sha256 timeout 300 end-sigkey
signature-hashsize specifies the size in buckets of the hash table for storing signature keys.
Use this configuration item to tune the Liberator's performance when authorizing users; set it to twice the number of user credentials tokens that are likely to be created within the configured time out period (as defined by the configuration item signature-validtime and the timeout option of add-sigkey).
Use in: C
Syntax: signature-hashsize <hash-table-size-in-buckets>
signature-validtime specifies the length of time in seconds for which a user credentials token is valid. This timeout applies to any user credentials token that doesn't have a specific timeout configuration item defined for it in the timeout option of an add-sigkey item.
Use in: C
Syntax: signature-validtime <time-in-seconds>