arcotcommon.ini
The arcotcommon.ini file contains the parameters for database and instance settings for CA Risk Authentication Sever and other components (Administration Console, User Data Service and User Behavior Profiling). Typically, you must edit the following sections in this file:
aa813test
The arcotcommon.ini file contains the parameters for database and instance settings for CA Risk Authentication Sever and other components (Administration Console, User Data Service and User Behavior Profiling). Typically, you must edit the following sections in this file:
- Database Settings
- HSM Encryption Settings
- Instance Settings
You can also change the default startup logging settings for CA Risk Authentication Server and Case Management Queuing Server by using arcotcommon.ini. For more information, see
Changing Server Startup Logging Parameter
s.Database Settings
The database settings in arcotcommon.ini allow you to identify the database to which the server connects and the backup database to use for failover. These settings also enable you to configure database communications resources available between the server and the database.
For notes and recommendations for database settings, refer to the
Chapter Preparing for Installation.
You must edit the following sections, which are related to database settings in the arcotcommon.ini file:
- [arcot/db/dbconfig]
- [arcot/db/primarydb]
- [arcot/db/backupdb]
[arcot/db/dbconfig]
This section enables you to specify the type of database and generic information about this database type. The following table lists the database setting parameters in the [arcot/db/dbconfig] section.
Parameter
| Default
| Description
|
DbType | -- | The type of database applicable to all database connections. The supported values are: oracle mssqlserver |
Driver | -- | The fully-qualified name of the database driver class that is supplied by the JDBC driver vendor. Note: Consult your JDBC vendor documentation for the right driver name. For example: - Oracle: oracle.jdbc.driver.OracleDriver - Microsoft SQL Server: com.microsoft.sqlserver.jdbc.SQLServerDriver |
MinConnections | 4 | The minimum number of connections to initially create between the server and the database. |
MaxConnections | 64 | The maximum number of connections that will be created between the server and the database. Note: There is a limit to how many connections a database allows and that limit may limit the server from creating the MaxConnections number of connections. See your database driver documentation for more information about the limit on the number of inbound connections. |
IncConnections | 2 | The number of connections that will be created when a new connection is needed between the CA Risk Authentication components and the database. |
MaxIdleConnections | 64 | The maximum number of idle database connections that the server can maintain. |
MaxWaitTimeFor Connection | 30000 | The maximum time (in milliseconds ) the server must wait for a connection to become available (when there are no available connections) before timing out. |
AutoRevert | 1 | Whether or not the system will attempt to connect to the primary database after a failover occurs. Set AutoRevert=1, if you have a backup database configured and if you want the server to try to connect back to the primary database after a failover occurs. |
MaxTries | 3 | The number of times the server will attempt to connect to the database before aborting the connection. |
ConnRetrySleep Time | 100 | The number of milliseconds to delay between attempts to connect to the database. |
MonitorSleepTime | 50 | The amount of time in seconds the Monitoring Thread sleeps between heartbeats checks on all databases. |
Profiling | 0 | Whether the database messages are being logged. Set the value to 1 if you want to enable logging of database messages. |
EnableBrandLicensing | 1 | Whether a branded ODBC driver is in use. |
BrandLicenseFile | IVWF.LIC | The license file name when you use a branded ODBC driver. This parameter is required if the value of EnableBrandLicensing is 1. Otherwise it is ignored. Important! If present, this value must not be edited. |
MaxTransactionRetries | 3 | The maximum number of times the transaction is retried with a database instance for pre-defined error conditions. |
TransactionRetrySleep Time | 10 | The interval in milliseconds between two consecutive transaction retries. |
[arcot/db/primarydb]
This section enables you to specify the primary database to which CA Risk Authentication Server is connected. You can configure more than one primary database by specifying the required number,
N
in the following parameters:- Datasource.N
- AppServerConnectionPoolName.N
- URL.N
- Username.N
- TrustStorePath.N
- KeyStorePath.N
- HostNameInCertificate.N
The following table lists the database setting parameters in the [arcot/db/primarydb] section.
Parameter
| Default
| Description
|
Datasource. N
| No default | The name of the ODBC System Data Source Name (DSN) pointing to the primary database hosting the server data. |
AppServerConnection PoolName. N
| No default | The JNDI name used to look up the connection pool object, if the database connection pooling feature of the application server is being used. A pool by this JNDI name should be created in the containing application server, and sufficient access right must be given to Web applications for it to use the connection pool. If the JNDI name is configured in Apache Tomcat , then use a fully qualified JNDI name. For example:AppServerConnectionPoolName.1=java:comp/env/SampleDS For other application servers , specify only the JNDI name. For example:AppServerConnectionPoolName.1=SampleDS See appendix, "Configuring Application Server for Database Connection Pooling" for more information. If the application server connection pool is not required, then leave this configuration empty. |
URL. N
| No default | The name of the JDBC data source. For Oracle -> jdbc:oracle:thin:<server >:<database_port >:<sid >Microsoft SQLServer -> jdbc:sqlserver://<server >:<database_port >;databaseName=<databasename >;selectMethod=cursor |
Username. N
| No default | The user ID used by the server to access the database. |
TrustStorePath. N Note: To be used only if you have SSL configured between CA Risk Authentication and the database. | No default | The SSL Certificate Truststore Path corresponding to Datasource. N . The path (including the filename) refers to the certificate Truststore file, which contains the list of certificates that the client trusts.Important! The password corresponding to TrustStorePath.N must be securely stored in securestore.enc, with the value of TrustStorePath.N as the key. The DBUtil tool is used to achieve this.Note: See the CA Risk Authentication Administration Guide for more information about DBUtil. |
HostNameInCertificate. N Note: To be used only if you have SSL configured between CA Risk Authentication and the database. | No default | The value of Common Name (CN) in the subject Distinguished Name (DN) of Datasource. N SSL Certificate in Truststore. |
[arcot/db/backupdb]
This section [arcot/db/backupdb] enables you to specify the backup database to use for failover. You can configure more than one failover database by specifying the required number,
N
in the following parameters:- Datasource.N
- AppServerConnectionPoolName.N
- URL.N
- Username.N
- TrustStorePath.N
- KeyStorePath.N
- HostNameInCertificate.N
HSM Encryption Settings
The arcotcommon.ini file enables you to specify the configurations for your Hardware Security Module (HSM). As a result, you can store the Private Keys that are used for CA Risk Authentication in an encrypted format. The following HSMs are supported:
- Chrysalis-ITS Luna SA
- Thales nFast (nCipher netHSM)
The following table lists the common configurations for secure storage, as specified in the [arcot/crypto/device] section.
Parameter
| Default
| Description
|
HSMDevice | S/W | The mode that sets whether the CA Risk Authentication information must be encrypted with a key stored in database or with the one in stored the HSM. Supported values are: S/W: Indicates that the data is encrypted with the key label that is stored in database. chrysalis: Indicates that the Chrysalis (Luna) HSM is used to encrypt the data. nfast: Indicates nFast (nCipher netHSM) is used to encrypt the data. |
The following table lists the configuration parameters for Chrysalis-ITS Luna SA, as specified in the [crypto/pkcs11modules/chrysalis] section.
Parameter
| Default
| Description
|
sharedLibrary | < location/to/cryptoki .dll> | The absolute path to the PKCS#11 shared library corresponding to the HSM. The default value for Chrysalis (Luna) is: C:\Program Files\LunaSA\cryptoki.dll |
storageSlot | 0 | The HSM slot where the encryption keys (symmetric as well as asymmetric) are present. |
accelSlot | 0 | The slot for internal use by CA. |
sessionCount | 20 | The maximum number of sessions that can be established with the HSM device. |
The following table lists the configuration parameters for nCipher netHSM, as specified in the [crypto/pkcs11modules/nfast] section.
Parameter
| Default
| Description
|
sharedLibrary | < location/to/ccknfast .dll> | The absolute path to the PKCS#11 shared library corresponding to the HSM. The default value for nFast (nCipher netHSM) is: C:\nfast\bin\cknfast.dll |
storageSlot | 1 | The HSM slot where the encryption keys (symmetric as well as asymmetric) are present. |
accelSlot | 0 | The slot for internal use by CA. |
sessionCount | 200 | The maximum number of sessions that can be established with the HSM device. |
Instance Settings
In a farm of servers, it is recommended that every instance of the server has its own unique identification. CA Risk Authentication supports a parameter to set and identify every instance of the servers. This section enables you to configure these system-wide settings for unique instances. The following table lists the instance setting parameters in the [arcot/system] section.
Parameter
| Default
| Description
|
InstanceId | 1 | The parameter that can be used to identify any server instance. Important! It is mandatory that you provide unique values for every instance of the server.The server instance is also displayed in the transaction reports, making it easier to trace the server instance to the transaction. |
Change Server Startup Login Parameters
If you want to change the logging parameters that you see when CA Risk Authentication Server or Case Management Queuing Server starts up, Follow these steps::
- Navigate to the conf directory in ARCOT_HOME.
- Open arcotcommon.ini in a text editor.
- (For CA Risk Authentication Server) Add the following section at the end of the file:[arcot/riskfort/startup]LogFile=LogFileSize=10485760BackupLogFileDir=LogLevel=LogTimeGMT=0The following table explains these parameters.
Parameter
| Default
| Description
|
LogFile | The file path to the default directory and the file name of the log file. Note: This path is relative to ARCOT_HOME (<install_location >\Arcot Systems\). | |
LogFileSize | 10485760 | The maximum number of bytes the log file can contain. When a log file reaches this size, a new file is started and the old file is moved to the location specified for BackupLogFileDir. |
BackupLogFileDir | The location of the directory where backup log files are maintained, after the current file exceeds LogFileSize bytes. Note: This path is relative to ARCOT_HOME (<install_location >\Arcot Systems\). | |
LogLevel | The default logging level for the server, unless an override is specified. The possible values are: 0: FATAL 1: WARNING 2: INFO 3: DETAIL | |
LogTimeGMT | 0 | The parameter which indicates the time zone of the time stamp in the log files. The possible values are: 0: Local Time 1: GMT |
- (For Case Management Queuing Server)Add the following section at the end of the file:[arcot/riskfortcasemgmtserver/startup]LogFile=LogFileSize=10485760BackupLogFileDir=LogLevel=LogTimeGMT=0The table in the previous step explains these parameters.
- Set the required values for the parameters.
- Save and close the file.
- Restart CA Risk Authentication Server.