Uploaded image for project: 'OpenAM'
  1. OpenAM
  2. OPENAM-7154

Allow for use of OpenDJ's secureReplication option with embedded configuration stores

    XMLWordPrintable

    Details

    • Type: Improvement
    • Status: Resolved
    • Priority: Minor
    • Resolution: Won't Fix
    • Affects Version/s: 12.0.2
    • Fix Version/s: None
    • Component/s: configurator
    • Labels:
      None
    • Rank:
      1|hzqbl3:
    • Support Ticket IDs:

      Description

      When adding an OpenAM server to an existing deployment using the configuration GUI or configurator command-line tool, it's not possible to set the dsreplication switch --secureReplication.

      So although two embedded configuration stores will use SSL to authenticate one another, they will not use SSL to encrypt the traffic.

      By way of explanation:
      The replication protocol is a binary proprietary protocol built on an SSL connection. Servers mutually authenticate each other in the SSL handshakes.
      If secureReplication is true, then during the handshake the servers will negotiate some sort of encryption. If it is false, they'll negotiate NULL_NULL.
      Or whatever the cipher suite name is for no encryption.

        Attachments

          Activity

            People

            Assignee:
            peter.major Peter Major [X] (Inactive)
            Reporter:
            andrew.dunn Andrew Dunn [X] (Inactive)
            Votes:
            1 Vote for this issue
            Watchers:
            6 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved: