CSP Gateway Configuration Guide - InterSystems Documentation

More documents

Recommendations

Info

CSP Gateway Operation and Configuration • ../bin • ../../bin The Gateway attempts to load the library at the time it is first required. If successful, the following status message is written to the Event Log: CSP Gateway Initialization The CCONNECT library is loaded - Version: 5.3.0.175.0. (This library is used for the optional Kerberos-based security between the Gateway and Caché) If the Gateway is unable to locate or link to the cconnect library, a suitable statement of failure and error message is written to the Event Log. For Kerberized communications between the Gateway and Caché, the Gateway is the Kerberos client. The procedure for configuring the Gateway to use Kerberos is as follows. Windows Kerberos key tables are not implemented for Windows. Therefore, authentication uses network credentials that are either obtained when the hosting service starts in a named account or from the Trusted Computing Base (TCB) when the hosting service runs in the System Logon Session (that is, as LOCAL SYSTEM). Windows domain accounts use a permanent key derived from a password to acquire a Kerberos Ticket Granting Ticket (TGT) and service ticket for the local machine. The local machine must also have a permanent Kerberos key, shared with the Key Distribution Centre (KDC) component of the domain controller. That key can be used to acquire a TGT and service ticket to authenticate to another Kerberos principal such as Caché. For practical purposes the Gateway, operating within the context of a Windows-based Web server is operating through either the Network Service logon session or the System logon session. The account used must have Log on as a batch job rights assigned. The built-in Network Service logon session has access to the machine's credentials and is designed for services that need network credentials to authenticate to other machines. However, the Network Service logon session is not always present. The System logon session can also be used for the purpose of authenticating the Gateway to Caché. For IIS installations, and ISAPI extensions in particular, using the Network Service login session is the preferred means through which both databases (local and remote) and remote computers should be accessed. Gateway Configuration Set the Service Principal Name to that of the target Caché server that the Gateway is connecting to. Leave the User Name, Password, and Key Table fields empty. The client principal name (or client username) is that of the Gateway host. This is the Kerberos name representing the Gateway hosts' network service session: $ Assign this principal the necessary privileges in the Caché server to allow the Gateway’s service to operate. UNIX® and OpenVMS These Operating Systems support Kerberos Key Tables. The Gateway configuration is conceptually more straightforward for these systems. Gateway Configuration Set the Service Principal Name to that of the target Caché server that the Gateway is connecting to. Enter the name of the key table file (including the full path) in the Key Table field. Set the User Name field to the name of the appropriate key in the key table file. Leave the Password field empty. 30 CSP Gateway Configuration Guide
CGI Environment Variables The client principal name (or client username) is that of the Gateway host. This is the name used to identify the key in the Kerberos Key Table. Assign this principal the necessary privileges in the Caché server to allow the Gateway’s service to operate. 2.3 CGI Environment Variables CGI Environment Variables are derived both from the client’s HTTP request headers and from the environment in which the Web server is operating. The CSP Gateway transmits the common environment variables to Caché with each and every request. If extra environment variables are required by the application, they must be explicitly requested in the CSP Gateway configuration (via the Extra CGI Environment Variables setting in the Application Access section of the configuration) [Home] > [Configuration] > [CSP Gateway Managment] and select Application Access The list of environment variables transmitted is shown in the table below together with a brief description of each. Further documentation can be obtained from standard Web text books. See also the section “CgiEnvs Property and CGI Environment Variables” in Using Caché Server Pages. Environment Variable AUTH_PASSWORD AUTH_TYPE CONTENT_TYPE GATEWAY_INTERFACE HTTP_ACCEPT HTTP_ACCEPT_CHARSET HTTP_ACCEPT_LANGUAGE HTTP_AUTHORIZATION HTTP_COOKIE HTTP_REFERER Value Value entered in the client’s authentication dialog. This variable is available only if Basic authentication is used. Contains the authentication method that the server uses to validate users when they attempt to access a protected script. For requests which have attached information, such as HTTP POST and PUT, this is the content type of the data. Revision of the CGI specification to which this server complies. Format: CGI/revision Value of the Accept request header that contains a list of accepted formats (MIME types). For example: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/vnd.ms-excel. The values of the fields for the HTTP_ACCEPT variable are concatenated, and separated by a comma (,). Comma-delimited list of the character encodings that the client accepts. Contains a string describing the language to use for displaying content (such as en-us). Contains the Base-64 encoded username, password, scheme and realm sent by the client. Holds the contents of the client’s cookie(s). Holds a string that contains the URL of the page that referred the request to the current page using an HTML tag. Note that the URL is the one that the user typed into the browser address bar, which may not include the name of a default document. If the page is redirected, HTTP_REFERER is empty. CSP Gateway Configuration Guide 31
Page 1 and 2: CSP Gateway Configuration Guide Ver
Page 3 and 4: Table of Contents About this Book .
Page 5: 5 Web Servers for UNIX®, Linux, an
Page 9 and 10: 1 Introduction to the CSP Gateway T
Page 11 and 12: Using the Network Service Daemon (N
Page 13 and 14: Minimal Apache Web Server or Privat
Page 15 and 16: 2 CSP Gateway Operation and Configu
Page 17 and 18: CSP Web Gateway Management Page The
Page 19 and 20: CSP Web Gateway Management Page 2.1
Page 21 and 22: CSP Web Gateway Management Page Use
Page 25 and 26: CSP Web Gateway Management Page Log
Page 29 and 30: CSP Web Gateway Management Page 2.1
Page 31 and 32: CSP Web Gateway Management Page Par
Page 33 and 34: CSP Gateway and Security 4. Click S
Page 35: CSP Gateway and Security Windows Pa
Page 39 and 40: HTTP Response Headers by invoking o
Page 41 and 42: Compressing the Response to Request
Page 43 and 44: Compressing the Response to Request
Page 45 and 46: CSP Page Output Caching 2.7.1 %resp
Page 47 and 48: CSP with Microsoft Active Server Pa
Page 49 and 50: Registering Additional File Types w
Page 51 and 52: Registering Additional File Types w
Page 53 and 54: Implementing HTTP authentication fo
Page 55: Implementing HTTP authentication fo
Page 58 and 59: Using Caché Server Pages with a Re
Page 65 and 66: 4 Web Servers for Microsoft Windows
Page 67 and 68: Microsoft Internet Information Serv
Page 87 and 88:
Microsoft Internet Information Serv
Page 89 and 90:
Page 91 and 92:
Page 93 and 94:
Page 95 and 96:
Page 97 and 98:
Apache Servers This, for example, i
Page 99 and 100:
Apache Servers 4.3.2 Option 1: Apac
Page 101 and 102:
Apache Servers Duplicate this confi
Page 103 and 104:
Apache Servers 4.3.4.1 Operating an
Page 105 and 106:
Apache Servers copy c:\MyCache\csp\
Page 107 and 108:
Operating the Network Service Daemo
Page 109 and 110:
5 Web Servers for UNIX®, Linux, an
Page 111 and 112:
Sun Web Servers 3. HyperEvents Comp
Page 113 and 114:
Apache Servers Locate the block of
Page 115 and 116:
Apache Servers /usr/CSPGateway/bin
Page 117 and 118:
Apache Servers To be consistent wit
Page 119 and 120:
Apache Servers SetHandler csp-hand
Page 121 and 122:
Apache Servers ScriptAliasMatch /*\
Page 123 and 124:
Apache Servers 5.2.4.2 Check the Ap
Page 125 and 126:
Apache Servers The Web server confi
Page 127 and 128:
Page 129:
Page 132 and 133:
Web Servers for Hewlett-Packard (HP
Page 134 and 135:
Page 136 and 137:
show all

CSP Gateway Configuration Guide - InterSystems Documentation

Create successful ePaper yourself

Delete template?

Save as template?