Created On: 01 February 2011
Problem:
- Product Name: VisiBroker
- Product Version: 8.0 SP1/SP2/SP3
- Product Component: Gatekeeper
- Platform/OS Version: all supported
- JDK/Compiler Version: all supported
vbroker.orb.alwaysProxy=true is set to force communication between Client and Server to go through Gatekeeper. Since VisiBroker 8.0 SP1 onwards, Gatekeeper is bypassed when setting HIOP or HIOPS transport.
Test case:
${VBROKER}/examples/vbroker/security/secure_gatekeeper example can be used to reproduce the issue with applying VisiBroker 8.0 SP1/SP2/SP3.
GateKeeper properties used in the test:
Test case:
${VBROKER}/examples/vbroker/security/secure_gatekeeper example can be used to reproduce the issue with applying VisiBroker 8.0 SP1/SP2/SP3.
GateKeeper properties used in the test:
vbroker.se.exterior.scm.ex-iiop.listener.port=1688
vbroker.se.exterior.scm.ex-ssl.listener.port=1689
vbroker.se.exterior.scm.ex-hiop.listener.port=8089
vbroker.se.interior.scm.in-iiop.listener.port=1690
vbroker.se.interior.scm.in-ssl.listener.port=1691
vbroker.se.iiop_tp.scm.hiop_ts.listener.port=9092
vbroker.se.iiop_tp.scm.iiop_tp.listener.port=1692
vbroker.orb.enableBiDir=both
vbroker.security.disable=false
vbroker.se.exterior.scms=ex-iiop,ex-hiop,ex-ssl
vbroker.se.interior.scms=in-iiop,in-ssl
vbroker.gatekeeper.enablePassthru=true
vbroker.security.peerAuthenticationMode=require_and_trust
vbroker.security.trustpointsRepository=Directory:trustpoints
vbroker.security.wallet.type=Directory:identities
vbroker.security.wallet.identity=sigma
vbroker.security.wallet.password=Sigm@$$$
vbroker.security.server.transport=SECURE_ONLY
vbroker.se.exterior.scm.ex-iiop.listener.type=Disabled-IIOP
vbroker.se.interior.scm.in-iiop.listener.type=Disabled-IIOP
vbroker.security.support.gatekeeper.end2endCSIV2=true
Resolution:
An issue report has been filed with no: RPI 1076573. Please login to the Supportline portal to find out the status for this bug.
The vbroker.orb.bidOrder property allows the client ORB to determine the transport to connect to the server process. The default value and precedence is shown below:
The vbroker.orb.bidOrder property allows the client ORB to determine the transport to connect to the server process. The default value and precedence is shown below:
inprocess, liop, ssl, iiop, proxy, hiop, locator
The vbroker.orb.alwaysProxy property changes the precedence to the proxy bid.
Workaround:
Set the following property in the client to give precedence to the proxy bid.
vbroker.orb.bidOrder=inprocess:proxy:hiops:hiop:liop:ssl:iiop:locator
Incident #2473430
Old KB# 33103
#Security
#VisiBroker
#gatekeeper
