6.3.23 ssoconsoled action definition file (ssoconsoled.def)

In the ssoconsoled action definition file, define the actions of the ssoconsoled daemon process. If you have made any changes in this definition file, perform one of the following operations to apply these changes:

Execute the ssoconsoled -r command.

Note that the changes might not become valid depending on the key that has been changed.
Restart the ssoconsoled daemon process.

Organization of this subsection

(1) Format
(2) Description
(3) Note

(1) Format

The following shows the format of the ssoconsoled action definition file.

[Figure]

When coding definitions in the ssoconsoled action definition file, note the following:

If the definition file includes the same definitions, the definition written last is assumed to be valid, and those definitions preceding the last definition are ignored.
When omitting the specification of a key on a line, omit the whole line.

To Page Top

(2) Description

The next table lists the items that must be, or can be, defined in the ssoconsoled action definition file.

Key name	Value
`authentication:`^#1 <<`sso`>>	Specify the user authentication method to be used for the login to the SSO console. You can also specify omission of the user authentication. `sso`: SSO authentication method `jp1`: JP1 authentication method `none`: Omission of user authentication
`logical-hostname:`^#1 <<`none`>>	When JP1/Base is installed on the same logical host where SSO is installed, specify the logical host name set in JP1/Base for user authentication (JP1 authentication method) in a cluster environment. By using this setting, the JP1/Base on the logical host is used for the user authentication. When `none` is specified, the JP1/Base on the physical host is used for the user authentication. For how to set a logical name on JP1/Base, see the JP1/Base User's Guide.
`logout-time:`^#1 <<`1080`>> ((0, 30 to 1440 minutes))	Specify a session timeout for the SSO console. This setting is valid for SSO or JP1 authentication. When 0 is specified, session timeout is not implemented.
`max-logfile-size:` <<`4`>> ((1 to 32 megabytes))	Specify the maximum size of a log file.
`logfile-num:` <<`3`>> ((1 to 10))	Specify the number of the log files.
`trace:` <<`off`>>	Specify whether to output a trace file for troubleshooting at failure occurrence. To output the trace file, specify `on`. To not output the trace file, specify `off`.
`max-tracefile-size:` <<`4`>> ((1 to 32 megabytes))	Specify the maximum size of a trace file.
`tracefile-num:` <<`3`>> ((1 to 10))	Specify the number of the trace files.
`web-protocol:`^#1 <<`http,https`>>	Specify one or more communication protocols that can be used for communication between the SSO console and Web browser. When you specify two or more values, use a comma (`,`) as a separator. `http`: Uses the HTTP communication protocol. `https`: Uses the HTTPS communication protocol.
`ssl-protocol:`^#1 <<`tlsv1`, `tlsv11`, `tlsv12`>>	Specify one or more TLS protocol versions that can be used when the protocol for communication between the SSO console and Web browser is HTTPS. When you specify two or more values, use a comma (`,`) as a separator. `tlsv1`: Uses TLS protocol version 1.0. `tlsv11`: Uses TLS protocol version 1.1. `tlsv12`: Uses TLS protocol version 1.2. This setting takes effect if the HTTPS communication protocol is used. If multiple versions are specified, the highest version supported by both SSO and the Web browser is used for communication between the SSO console and Web browser.
`ssl-ca-cert:`^#1 <<`off`>>	Specify whether to use an intermediate CA certificate (chained CA certificate). To use it, specify `on`. To not use it, specify `off`. An intermediate CA certificate is required if you use the SSL server certificate that was issued by a chained CA (Certificate Authority).
`max-admin-num:`^{#1, #2} <<`0`>> ((0, 1 to 99 persons))	Specify the maximum number of users (sessions) who can log in to the SSO console as a user with the administrator permission. This setting takes effect during user authentication.^#3 If you specify 0, there will be no limit on the number of users who can log in.
`max-operator-num:`^{#1, #2} <<`0`>>((0, 1 to 99 persons))	Specify the maximum number of users (sessions) who can log in to the SSO console as a user with the operator permission. This setting takes effect during user authentication.^#3 If you specify 0, there will be no limit on the number of users who can log in.
`gui-launch:`^{#1, #4} <<`applet`>>	Specify the method for launching windows from the SSO console. `applet`: Applet method `jws`: JWS application method `remoteapp`: Remote application method

Key name

Value

authentication:^#1

<<sso>>

Specify the user authentication method to be used for the login to the SSO console. You can also specify omission of the user authentication.

sso: SSO authentication method

jp1: JP1 authentication method

none: Omission of user authentication

logical-hostname:^#1

<<none>>

When JP1/Base is installed on the same logical host where SSO is installed, specify the logical host name set in JP1/Base for user authentication (JP1 authentication method) in a cluster environment. By using this setting, the JP1/Base on the logical host is used for the user authentication. When none is specified, the JP1/Base on the physical host is used for the user authentication. For how to set a logical name on JP1/Base, see the JP1/Base User's Guide.

logout-time:^#1

<<1080>> ((0, 30 to 1440 minutes))

Specify a session timeout for the SSO console. This setting is valid for SSO or JP1 authentication. When 0 is specified, session timeout is not implemented.

max-logfile-size:

<<4>> ((1 to 32 megabytes))

Specify the maximum size of a log file.

logfile-num:

<<3>> ((1 to 10))

Specify the number of the log files.

trace:

<<off>>

Specify whether to output a trace file for troubleshooting at failure occurrence. To output the trace file, specify on. To not output the trace file, specify off.

max-tracefile-size:

<<4>> ((1 to 32 megabytes))

Specify the maximum size of a trace file.

tracefile-num:

<<3>> ((1 to 10))

Specify the number of the trace files.

web-protocol:^#1

<<http,https>>

Specify one or more communication protocols that can be used for communication between the SSO console and Web browser. When you specify two or more values, use a comma (,) as a separator.

http: Uses the HTTP communication protocol.

https: Uses the HTTPS communication protocol.

ssl-protocol:^#1

<<tlsv1, tlsv11, tlsv12>>

Specify one or more TLS protocol versions that can be used when the protocol for communication between the SSO console and Web browser is HTTPS.

When you specify two or more values, use a comma (,) as a separator.

tlsv1: Uses TLS protocol version 1.0.

tlsv11: Uses TLS protocol version 1.1.

tlsv12: Uses TLS protocol version 1.2.

This setting takes effect if the HTTPS communication protocol is used.

If multiple versions are specified, the highest version supported by both SSO and the Web browser is used for communication between the SSO console and Web browser.

ssl-ca-cert:^#1

<<off>>

Specify whether to use an intermediate CA certificate (chained CA certificate). To use it, specify on. To not use it, specify off.

An intermediate CA certificate is required if you use the SSL server certificate that was issued by a chained CA (Certificate Authority).

max-admin-num:^{#1, #2}

<<0>>

((0, 1 to 99 persons))

Specify the maximum number of users (sessions) who can log in to the SSO console as a user with the administrator permission.

This setting takes effect during user authentication.^#3

If you specify 0, there will be no limit on the number of users who can log in.

max-operator-num:^{#1, #2}

<<0>>((0, 1 to 99 persons))

Specify the maximum number of users (sessions) who can log in to the SSO console as a user with the operator permission.

This setting takes effect during user authentication.^#3

If you specify 0, there will be no limit on the number of users who can log in.

gui-launch:^{#1, #4}

<<applet>>

Specify the method for launching windows from the SSO console.

applet: Applet method

jws: JWS application method

remoteapp: Remote application method

#1

If you change the value of this item, you must restart the ssoconsoled daemon process.

#2

We recommend setting values for the max-admin-num and max-operator-num keys so that the sum of those values does not exceed 99. You can set 0 (no limit) for one key and 99 for the other key.

Note that, even if you are able to log in to the SSO console, you might not be able to launch certain windows, because the number of windows that can be launched is controlled by the max-client keys in the ssocolmng action definition file (ssocolmng.def) and in the ssoapmon action definition file (ssoapmon.def).

#3

For details on which functions can be used with each type of user authority, see 2.1.1(2) Menu frame.

#4

At installation, the value set in the ssoconsoled action definition file is remoteapp.

To Page Top

(3) Note

If a ssoconsoled daemon process that was activated without specifying http for the web-protocol: key is running, you cannot use the ssoconsoled -r command to reload definition files. In such cases, restart the ssoconsoled daemon process to reload definition files.

To Page Top