Click Add to add an authentication source

2. Two options are available:

— LDAP Server, page 66

— BC Database, page 68

After the LDAP sever or a BC Database are configured, they are displayed in the Source Alias list.

LDAP Server

When LDAP is selected, a window opens with the configuration fields described in Table 20:

Table 20 LDAP Server Settings

Field Description

Alias Alias name for the LDAP server.

Host Name The IP address or name of the machine on which the LDAP server resides.

Port Number The port number on the LDAP machine to use for connecting to LDAP.

User Authentication Configuration

|

⁶⁷

Bind DN and Bind Password

The LDAP server's Bind DN. The base DN is an X.500 distinguished name, which denotes the sub-tree of an LDAP directory where the to-be-authenticated user records are posted, such as: ou=people,dc=unit,dc=company

The Bind DN provided can be an LDAP user that has both read and write permissions to LDAP. The user needs permission to:

— Read and write LDAP user objects

— Read and write LDAP group objects

Authenticate other users to LDAP (that is, call the LDAP authenticate API or have read access to password/credentials of LDAP user objects).

Base DN Gets prepended to Bind DN when searching for users. This is the starting point in the LDAP hierarchy at which the search begins.

User Search Filter

You can specify a user search filter and only users that have the specified attribute are returned. Using the defaults for the user search filters, all users are returned. For example:

• Base DN: dc=na,dc=tibco,dc=com

• User Search Filter: objectclass=person

User Name Attribute

Provide the LDAP attribute name that represents the user name in the LDAP directory server.

It is good practice to use the value of ^cn for all the supported LDAP servers.

User to Group or Role Membership Attribute

Provide the LDAP attribute that represents the User to Group (or Role) membership attribute in the LDAP directory server. The value for this attribute lists the Groups or Role the user is enrolled for the DN.

Note: Different LDAP servers have different User to Group or Role membership attributes. For example, specify the value of ^memberOf for the Open LDAP server or Microsoft Active Directory LDAP server, ^nsrolsedn for the Sun ONE LDAP server, and

ibm-allGroups for the IBM Tivoli Directory Server.

isSecure Used to check whether this is a secure LDAP URL.

isEnabled Used to check whether the LDAP connection is enabled. No operations are permitted for disabled connections.

isReadOnly Used to check whether the LDAP connection has Read Only permission. Read-only LDAP connections permit only read operations. However, read-only LDAP connections Table 20 LDAP Server Settings (Cont’d)

Field Description

TIBCO BusinessConnect Trading Partner Administration 68

|

Chapter 4 System Settings

BC Database

The BC Database option is added by default when a user chooses it and it is then used as a source of user information.

Authentication Source Defaults

The added and configured authentication sources are displayed in the Source Alias list.

The Priority column indicates the order in which TIBCO BusinessConnect will use the sources to authenticate external users. For example, if you add BC Database and then LDAP as authentication sources, BCDB (the BC Database alias) will be listed first in the Source Alias list with a Priority of 1; LDAP will be listed second in the Source Alias list with a Priority of 2. When authenticating external users, TIBCO BusinessConnect will use BCDB, the source with a Priority of 1, first. If authentication fails with that source, TIBCO BusinessConnect will retry the authentication using LDAP, the source with a Priority of 2.

You can use Move Up and Move Down in User Authentication Configuration to adjust the priority of an authentication source.

Removing the Configured LDAP Server or the BC Database

Click Remove to remove the configured LDAP server or a BC Database.

Server Certificate

The server certificate used for secure LDAP communication. Select one of the certificates that was configured under System Settings > Certificate Store > Server Identities &

Certificates.

Test Connection

Click Test Connection to verify whether the connection works.

If the test is not successful, review the configuration steps.

The distinguished name of an LDAP entry that contains role entries must be set.

See LDAP Configuration on page 80 for more information about the LDAP Role BaseDN Attribute.

Table 20 LDAP Server Settings (Cont’d)

Field Description

Activated Protocol Plug-ins and Properties

|

⁶⁹

Activated Protocol Plug-ins and Properties

This section explains management of the BusinessConnect plug-in properties. The Activated Protocol Plug-ins and Properties window displays any installed and activated protocol. From this window, you can perform the following steps:

• Verify the installed protocols and their versions.

• Add, change, or remove TIBCO BusinessConnect or protocol specific properties.

Table 21 Activated Protocol Plug-ins and Properties

Plug-in Title Protocols

BC BusinessConnect Interior Server

Note: The pre-defined (default) properties for TIBCO BusinessConnect cannot be deleted by a user. This applies also to the internal (hidden) TIBCO BusinessConnect properties.

In the Edit Plug-in Properties, enter or select data as described in Table 22.

TIBCO BusinessConnect AS1 Transport TIBCO BusinessConnect AS2 Transport

BCRemote BusinessConnect Remote Client Service

Currently there are no default properties specific to the TIBCO BusinessConnect Remote Client Server.

GS-FILE BusinessConnect Plug-in for FILE FILE Gateway Service

GS-FTPS BusinessConnect Plug-in for FTP Server FILE Gateway Server

GS-HTTP BusinessConnect Plug-in for HTTP HTTP Gateway Service

GS-MGMT BusinessConnect Gateway Management Gateway Service Instance Gateway Service Session Lost and Found

GS-PX BusinessConnect Plug-in for PartnerExpress PartnerExpress Gateway Service

TIBCO BusinessConnect Trading Partner Administration 70

|

Chapter 4 System Settings

This screen will contain any other activated protocols. Refer to the documentation for each of the protocols for details.

Adding, Deleting, and Editing Plug-in Properties for the TIBCO BusinessConnect Server Table 22 lists plug-in properties for the TIBCO BusinessConnect server.

GS-SFTP BusinessConnect Plug-in for SSH Server SSH Server

GS-TCM BusinessConnect Plug-in for Trading Community Management

tibEDI BusinessConnect EDI Protocol powered by Instream EDIFACT Gateway Service TEXT

TRADACOMS X12

Table 21 Activated Protocol Plug-ins and Properties (Cont’d)

Plug-in Title Protocols

Table 22 TIBCO BusinessConnect Server Properties Overview (Sheet 1 of 12) Table

Section Field Explanation / Enter

BC (BusinessConnect Interior Server) Database

Settings

bc.db.maxretry The maximum number of retries for a database connection in case of failures.

The default value is 3. bc.db.sleep.between

.retry

The time interval between retries, in milliseconds. The default value is 1000.

Activated Protocol Plug-ins and Properties

|

⁷¹

bc.db.auditlog.style How audit and non-repudiation data is stored: Uncompressed or Compressed.

Messages are compressed to save disk space, which also triggers the overhead of compressing the messages. Therefore, choosing whether messages will be stored in compressed or in uncompressed format depends on the priorities for a specific server: saving disk space or keeping better performance.

Note: This property cannot be changed dynamically: the TIBCO BusinessConnect server has to be restarted for this property to take effect.

HTTP Settings

bc.http.threadPool.

maximum

Maximum number of threads used for Outbound HTTP (or HTTPS) requests.

The default value is 32. SSL Caching

Setting

bc.ssl.disableSessio nCache

Disable session cache for outbound HTTPS and FTPS.

HTTPS (SSL) transport endpoints (HTTPS, AS2-HTTPS) and FTPS use an internal SSL transport cache to significantly improve the performance of negotiating security parameters while establishing trusted connections. In some situations, problems might arise when third party server

implementations are not able to properly handle cached sessions or

renegotiation of security properties at the beginning of each application level communication session. For example, when the Initiator always wants to ensure that the peer's credential is the one that is trusted and hasn't changed during any cached session.

The cache usually holds successfully negotiated security parameters for about 5 minutes, so that large numbers of transactions between the Initiator and any given trading partner require a credential renegotiation in approximately 5 minutes.

In order for TIBCO BusinessConnect to enforce the renegotiation of the peer's credentials, the Disable Session Cache check box can be selected for any individual outgoing transport. If selected, each time TIBCO

BusinessConnect has business data to be delivered to the corresponding trading partner, the peer's credentials are requested and re-verified.

Note: When session caching for outgoing HTTPS/FTPS transports is disabled, performance can be significantly degraded and this should be done only if there are known problems with the involved third party server application's handling of SSL session caching.

IPFilter Settings

bc.ipfilter.enabled Enable and disable Gateway Service Network filtering.

Table 22 TIBCO BusinessConnect Server Properties Overview (Sheet 2 of 12) Table

Section Field Explanation / Enter

TIBCO BusinessConnect Trading Partner Administration 72

|

Chapter 4 System Settings

bc.ipfilter.default.n oMatchPolicy

Default IP Filter Policy when no matching rules are evaluated on an inbound Gateway Service request where applicable. Valid values are Accept or Deny.

On the Gateway engine, when the incoming trading partner IP address does not match any of the IP filters available at the Gateway Instance, then this selected no matching policy will be evaluated to either Accept or Deny the request.

On the Interior server side, when the trading partner IP address does not match any available IP filters on the trading partner level, then this no matching policy is evaluated to either Accept the request or Deny the request.

Table 22 TIBCO BusinessConnect Server Properties Overview (Sheet 3 of 12) Table

Section Field Explanation / Enter

Activated Protocol Plug-ins and Properties

|

⁷³

Scheduler Poller

bc.task.scheduler.p olling.interval

Scheduler Polling Interval (secs). The default value is 60.

Queue Poller bc.queue.poller.ena bled

Turns the message queue poller on or off. The Queue Poller monitors the message queue table to schedule sets of transactions to be sent as batches.

By default, this property is enabled.

bc.queue.poller.poll ingInterval

Queue Poller Polling Interval (secs). The default value is 60.

MDN Poller bc.mdn.poller.enab led

Turns the MDN timeout poller on or off. The MDN poller should be enabled when asynchronous MDNs (receipts) are used with the standard Email, AS1 Email or AS2 HTTP/S transports. The MDN poller checks for expired receipt requests. The default option is on.

bc.mdn.poller.polli ngInterval

MDN Poller Interval (secs)

The polling interval specified determines how often TIBCO BusinessConnect will check for expired receipt (MDN) requests for the standard Email, AS1 Email and AS2 transports. A shorter polling interval will allow MDN timeouts to be detected closer to the timeout period configured in the Receipt Timeout field of the Email, AS1, and AS2 transports.

However, the polling interval should be long enough so that MDN timeout polling does not bog down the system. If possible, the polling interval should be less than or equal to the smallest timeout period specified in the Receipt Timeout field amongst all of the configured Email, AS1 and AS2 transports.

The default value is 300.

The Cancel Poller is used to monitor the Poller table for any pending transactions that have been marked for cancel by a user.

By default, this property is enabled.

bc.tx.terminator.po llingInterval

Cancel Polling Interval (secs). Specifies the polling interval of the cancel poller, which is responsible for terminating transactions that were marked for cancelling from the GUI.

Turns the resend poller on or off. The resend poller is used to monitor the Resend table for any transactions that have been marked for resending by a user.

By default, this property is enabled.

Table 22 TIBCO BusinessConnect Server Properties Overview (Sheet 4 of 12) Table

Section Field Explanation / Enter

TIBCO BusinessConnect Trading Partner Administration 74

|

Chapter 4 System Settings

bc.tx.resend.polling Interval

Resend polling interval, in seconds. Transactions can be selected to be resent from the GUI. BusinessConnect keeps polling for such transactions at a regular interval so it can collect them and send them as requested. The polling interval specifies the lookup frequency for the transactions that are sent.

The default value is 120. bc.tx.resend.messag

esPerPoll

This property specifies the maximum number of messages that BusinessConnect resends during one polling cycle. If there are many messages that need to be resent, memory might be heavily utilized to reprocess them all at once. For example, if 2,000 transactions are selected for resend, they pick up 500 at a time until there are no more transactions to be resent.

This property along with the property bc.tx.resend.pollingInterval makes it possible to fine tune resend behavior by limiting the maximum number of messages to be processed in one polling cycle.

The default value is 500. Hibernation

Poller

bc.hibernation.polli ngInterval

The Hibernation Poller periodically looks for hibernated messages that have exceeded their expiration time. A message is put into hibernation because it is waiting for a response from a trading partner. The request message from the Request/Reply transaction is put into hibernation until the reply is received or the reply timeout is exceeded.

The request message from a receipt request for the standard Email, AS1 Email or AS2 HTTP/S transports will be put into hibernation until the receipt is received or the receipt timeout is exceeded. The Hibernation poller is also used for the FTPGet transport with TEXT.

The Hibernation Polling interval specifies how long TIBCO BusinessConnect will sleep between each polling cycle for expired hibernated messages.

The default value is 75.

This property indicates that the poller is enabled.

By default, this property is enabled.

Table 22 TIBCO BusinessConnect Server Properties Overview (Sheet 5 of 12) Table

Section Field Explanation / Enter

Activated Protocol Plug-ins and Properties

|

⁷⁵

bc.ftpget.poller.poll ingInterval

FTP polling interval, in seconds. The polling interval specifies how long TIBCO BusinessConnect sleeps between each cycle of retrieving files from the trading partners FTP sites.

The default value is 120. bc.ftpget.timeout FTP timeout, in seconds.

The value specified is used to set the socket timeout for an FTP get command.

The FTP get command terminates if it does not complete within the timeout period.

The default value is 300.

bc.ftpget.workers Max FTP/SSHFTP Workers per Poll.

The FTP Poller is now multithreaded. This means that each polling cycle can utilize one or more workers. The default value is 5.

Each worker can process an FTP/S or SSHFTP poll at a time and they are executed concurrently. One polling cycle completes if every participant's transport (that wanted to use the poller) has completed the poll.

For example, if there are 10 participants that have set up FTP GET (or SSHFTP GET) and you specified 5 workers, then the 10 tasks will start processing with no more than 5 polls being executed at any given time. If no participant's transport is waiting for the execution, the polling cycle ends and the next start in a similar fashion as required by the polling interval.

The default value is 5.

bc.ftp.enablecmd.p assive

Enable the FTP Passive mode.

In the FTP Passive mode, the FTP client initiates both data and command connections to the remote FTP server.

By default, this property is enabled.

bc.honorThreshold Honor Inbound Threshold for FTP Large Files. When selected, this check box directs TIBCO BusinessConnect to honor the preset inbound threshold for the large file sizes using FTP.

If you change this setting, be sure to restart the BusinessConnect engine for the changes to take effect.

By default, this property is enabled.

Table 22 TIBCO BusinessConnect Server Properties Overview (Sheet 6 of 12) Table

Section Field Explanation / Enter

TIBCO BusinessConnect Trading Partner Administration 76

|

Chapter 4 System Settings

SSHFTP

在文檔中 TIBCO BusinessConnect™ Trading Partner Administration (頁 88-98)