6.3.23 ssoconsoled action definition file (ssoconsoled.def)
In the ssoconsoled action definition file, define the actions of the ssoconsoled daemon process. If you have made any changes in this definition file, perform one of the following operations to apply these changes:
-
Execute the ssoconsoled -r command.
Note that the changes might not become valid depending on the key that has been changed.
-
Restart the ssoconsoled daemon process.
- Organization of this subsection
(1) Format
The following shows the format of the ssoconsoled action definition file.
When coding definitions in the ssoconsoled action definition file, note the following:
-
If the definition file includes the same definitions, the definition written last is assumed to be valid, and those definitions preceding the last definition are ignored.
-
When omitting the specification of a key on a line, omit the whole line.
(2) Description
The next table lists the items that must be, or can be, defined in the ssoconsoled action definition file.
Key name |
Value |
---|---|
authentication:#1 <<sso>> |
Specify the user authentication method to be used for the login to the SSO console. You can also specify omission of the user authentication. sso: SSO authentication method jp1: JP1 authentication method none: Omission of user authentication |
logical-hostname:#1 <<none>> |
When JP1/Base is installed on the same logical host where SSO is installed, specify the logical host name set in JP1/Base for user authentication (JP1 authentication method) in a cluster environment. By using this setting, the JP1/Base on the logical host is used for the user authentication. When none is specified, the JP1/Base on the physical host is used for the user authentication. For how to set a logical name on JP1/Base, see the JP1/Base User's Guide. |
logout-time:#1 <<1080>> ((0, 30 to 1440 minutes)) |
Specify a session timeout for the SSO console. This setting is valid for SSO or JP1 authentication. When 0 is specified, session timeout is not implemented. |
max-logfile-size: <<4>> ((1 to 32 megabytes)) |
Specify the maximum size of a log file. |
logfile-num: <<3>> ((1 to 10)) |
Specify the number of the log files. |
trace: <<off>> |
Specify whether to output a trace file for troubleshooting at failure occurrence. To output the trace file, specify on. To not output the trace file, specify off. |
max-tracefile-size: <<4>> ((1 to 32 megabytes)) |
Specify the maximum size of a trace file. |
tracefile-num: <<3>> ((1 to 10)) |
Specify the number of the trace files. |
web-protocol:#1 <<http,https>> |
Specify one or more communication protocols that can be used for communication between the SSO console and Web browser. When you specify two or more values, use a comma (,) as a separator. http: Uses the HTTP communication protocol. https: Uses the HTTPS communication protocol. |
ssl-protocol:#1 <<tlsv1, tlsv11, tlsv12>> |
Specify one or more TLS protocol versions that can be used when the protocol for communication between the SSO console and Web browser is HTTPS. When you specify two or more values, use a comma (,) as a separator. tlsv1: Uses TLS protocol version 1.0. tlsv11: Uses TLS protocol version 1.1. tlsv12: Uses TLS protocol version 1.2. This setting takes effect if the HTTPS communication protocol is used. If multiple versions are specified, the highest version supported by both SSO and the Web browser is used for communication between the SSO console and Web browser. |
ssl-ca-cert:#1 <<off>> |
Specify whether to use an intermediate CA certificate (chained CA certificate). To use it, specify on. To not use it, specify off. An intermediate CA certificate is required if you use the SSL server certificate that was issued by a chained CA (Certificate Authority). |
max-admin-num:#1, #2 <<0>> ((0, 1 to 99 persons)) |
Specify the maximum number of users (sessions) who can log in to the SSO console as a user with the administrator permission. This setting takes effect during user authentication.#3 If you specify 0, there will be no limit on the number of users who can log in. |
max-operator-num:#1, #2 <<0>>((0, 1 to 99 persons)) |
Specify the maximum number of users (sessions) who can log in to the SSO console as a user with the operator permission. This setting takes effect during user authentication.#3 If you specify 0, there will be no limit on the number of users who can log in. |
gui-launch:#1, #4 <<applet>> |
Specify the method for launching windows from the SSO console. applet: Applet method jws: JWS application method remoteapp: Remote application method |
(3) Note
If a ssoconsoled daemon process that was activated without specifying http for the web-protocol: key is running, you cannot use the ssoconsoled -r command to reload definition files. In such cases, restart the ssoconsoled daemon process to reload definition files.