arcotcommon.ini

The arcotcommon.ini file contains the parameters for database and instance settings for CA Risk Authentication Server and other components (such as Administration Console, UDS, and UBP). Typically, you must edit the following sections in this file:
aa9
The arcotcommon.ini file contains the parameters for database and instance settings for CA Risk Authentication Server and other components (such as Administration Console, UDS, and UBP). Typically, you must edit the following sections in this file:
  • Database Settings
  • HSM Encryption Settings
  • Instance Settings
You can also change the default startup logging settings for CA Risk Authentication Server and Case Management Queuing Server by using arcotcommon.ini. For more information, see
Changing Server Startup Logging Parameter
s.
Database Settings
The database settings in arcotcommon.ini allow you to identify the database to which the server connects and the backup database to use for failover. These settings also enable you to configure database communications resources available between the server and the database.
For notes and recommendations for database settings, see the
Installation
section.
You must edit the following sections, which are related to database settings in the arcotcommon.ini file:
  • [arcot/db/dbconfig]
  • [arcot/db/primarydb]
  • [arcot/db/backupdb]
[arcot/db/dbconfig]
This section enables you to specify the type of database and generic information about this database type. The following table lists the database setting parameters in the [arcot/db/dbconfig] section.
Parameter
Default
Description
DbType
--
The type of database applicable to all database connections. The supported values are:
Oracle
mssqlserver
Driver
--
The fully qualified name of the database driver class that is supplied by the JDBC driver vendor.
Note:
Consult your JDBC vendor documentation for the right driver name. For example:
-
Oracle:
oracle.jdbc.driver.OracleDriver
-
Microsoft SQL Server:
com.microsoft.sqlserver.jdbc.SQLServerDriver
MinConnections
4
The minimum number of connections to create between the server and the database.
MaxConnections
64
The maximum number of connections that are created between the server and the database.
 
Note:
There is a limit to how many connections a database allows and that limit may limit the server from creating the MaxConnections number of connections. See your database driver documentation for more information.
IncConnections
2
The number of created connections when a new connection is needed between the CA Risk Authentication components and the database.
MaxIdleConnections
64
The maximum number of idle database connections that the server can maintain.
MaxWaitTimeFor
Connection
30000
The maximum time (in
milliseconds
) the server must wait for a connection to become available (when there are no available connections) before timing out.
AutoRevert
1
Indicates the system attempts to connect to the primary database after a failover occurs. Set AutoRevert=1, if you have a backup database and if you want the server to connect to the primary database after a failover.
MaxTries
3
The number of times the server attempt to connect to the database before aborting the connection.
ConnRetrySleep
Time
100
The number of
milliseconds
to delay between attempts to connect to the database.
MonitorSleepTime
50
The amount of time in
seconds
the Monitoring Thread sleeps between heartbeats checks on all databases.
Profiling
0
Whether the database messages are being logged.
Set the value to 1 if you want to enable logging of database messages.
EnableBrandLicensing
1
Whether a branded ODBC driver is in use.
BrandLicenseFile
DDWF.LIC
The license file name when you use a branded ODBC driver. This parameter is required if the value of EnableBrandLicensing is 1. Otherwise it is ignored.
Important!
If present, this value must
not
be edited.
MaxTransactionRetries
3
The maximum number of times the transaction is retried with a database instance for pre-defined error conditions.
TransactionRetrySleep
Time
10
The interval in milliseconds between two consecutive transaction retries.
[arcot/db/primarydb]
This section enables you to specify the primary database to which CA Risk Authentication Server is connected. You can configure more than one primary database by specifying the required number,
N
in the following parameters:
  • Datasource.
    N
  • AppServerConnectionPoolName.
    N
  • URL.
    N
  • Username.
    N
  • TrustStorePath.
    N
  • KeyStorePath.
    N
  • HostNameInCertificate.
    N
The following table lists the database setting parameters in the [arcot/db/primarydb] section.
Parameter
Default
Description
Datasource.
N
No default
The name of the ODBC System Data Source Name (DSN) pointing to the primary database hosting the server data.
AppServerConnection
PoolName.
N
No default
The JNDI name used to look up the connection pool object, if the database connection pooling feature of the application server is being used.
Create a pool by this JNDI name in the containing application server and give access rightsto web applications to use the connection pool.
If the JNDI name is configured in
Apache Tomcat
, then use a fully qualified JNDI name. For example:
AppServerConnectionPoolName.1=java:comp/env/SampleDS
For
other application servers
, specify only the JNDI name. For example:
AppServerConnectionPoolName.1=SampleDS
See "Configuring Application Server for Database Connection Pooling" for more information.
If the application server connection pool is
not
required, then leave this configuration empty.
URL.
N
No default
The name of the JDBC data source. For
Oracle
-> jdbc:oracle:thin:<
server
>:<
database_port
>:<
sid
>
Microsoft SQLServer
-> jdbc:sqlserver://<
server
>:<
database_port
>;databaseName=<
databasename
>;selectMethod=cursor
Username.
N
No default
The user ID used by the server to access the database.
TrustStorePath.
N
 
Note:
Only if you have SSL configured between CA Risk Authentication and the database.
No default
The SSL Certificate trustStore Path corresponding to Datasource.
N
. The path (including the filename) refers to the certificate trustStore file, which contains the list of certificates that the client trusts.
Important!
The password corresponding to TrustStorePath.
N
must be securely stored in securestore.enc, with the value of TrustStorePath.
N
as the key through the DBUtil tool.
Note:
See the
CA Risk Authentication Administration Section
for more information about DBUtil.
HostNameInCertificate.
N
 
Note:
Only if you have SSL configured between CA Risk Authentication and the database.
No default
The value of Common Name (CN) in the subject Distinguished Name (DN) of Datasource.
N
SSL Certificate in trustStore.
[arcot/db/backupdb]
This section [arcot/db/backupdb] enables you to specify the backup database to use for failover. You can configure more than one failover database by specifying the required number,
N
in the following parameters:
  • Datasource.
    N
  • AppServerConnectionPoolName.
    N
  • URL.
    N
  • Username.
    N
  • TrustStorePath.
    N
  • KeyStorePath.
    N
  • HostNameInCertificate.
    N
HSM Encryption Settings
The arcotcommon.ini file enables you to specify the configurations for your Hardware Security Module (HSM). As a result, you can store the Private Keys that are used for CA Risk Authentication in an encrypted format. The following HSMs are supported:
  • Chrysalis-ITS Luna SA
  • Thales nFast (nCipher netHSM)
The following table lists the common configurations for secure storage, as specified in the [arcot/crypto/device] section.
Parameter
Default
Description
HSMDevice
S/W
Indicates the mode that sets whether the CA Risk Authentication information must be encrypted with a key stored in database or with the one in stored the HSM.
Supported values are:
  • S/W: Indicates that the data is encrypted with the key label that is stored in database.
  • chrysalis: Indicates that the Chrysalis (Luna) HSM is used to encrypt the data.
  • nfast: Indicates nFast (nCipher netHSM) is used to encrypt the data.
The following table lists the configuration parameters for Chrysalis-ITS Luna SA, as specified in the [crypto/pkcs11modules/chrysalis] section.
Parameter
Default
Description
sharedLibrary
<
location/to/cryptoki
.dll>
The absolute path to the PKCS#11 shared library corresponding to the HSM. The default value for Chrysalis (Luna) is:
C:\Program Files\LunaSA\cryptoki.dll
storageSlot
0
The HSM slot where the encryption keys (symmetric and asymmetric) are present.
accelSlot
0
The slot for internal use by CA.
sessionCount
20
The maximum number of sessions that can be established with the HSM device.
 
The following table lists the configuration parameters for nCipher netHSM, as specified in the [crypto/pkcs11modules/nfast] section.
Parameter
Default
Description
sharedLibrary
<
location/to/ccknfast
.dll>
The absolute path to the PKCS#11 shared library corresponding to the HSM. The default value for nFast (nCipher netHSM) is:
C:\nfast\bin\cknfast.dll
storageSlot
1
The HSM slot where the encryption keys (symmetric and asymmetric) are present.
accelSlot
0
The slot for internal use by CA.
sessionCount
200
The maximum number of sessions that can be established with the HSM device.
 
Instance Settings
In a farm of servers, it is recommended that every instance of the server has its own unique identification. CA Risk Authentication supports a parameter to set and identify every instance of the servers. This section enables you to configure these systemwide settings for unique instances. The following table lists the instance setting parameters in the [arcot/system] section.
Parameter
Default
Description
InstanceId
1
The parameter that can be used to identify any server instance.
Important!
It is mandatory that you provide unique values for every instance of the server.
The server instance is also displayed in the transaction reports, making it easier to trace the server instance to the transaction.
 
Change Server Startup Login Parameters
If you want to change the logging parameters that you see when CA Risk Authentication Server or Case Management Queuing Server starts up, Follow these steps::
  1. Navigate to the conf directory in ARCOT_HOME.
  2. Open arcotcommon.ini in a text editor.
  3. (For CA Risk Authentication Server
    ) Add the following section at the end of the file:
    [arcot/riskfort/startup]
    LogFile=
    LogFileSize=10485760
    BackupLogFileDir=
    LogLevel=
    LogTimeGMT=0
    The following table explains these parameters.
Parameter
Default
Description
LogFile
 
The file path to the default directory and the file name of the log file.
 
Note:
This path is relative to ARCOT_HOME (<
install_location
>\).
LogFileSize
10485760
The maximum number of
bytes
the log file can contain. When a log file reaches this size, a new file is started and the old file is moved to the location specified for BackupLogFileDir.
BackupLogFileDir
 
The location of the directory where backup log files are maintained, after the current file exceeds LogFileSize bytes.
Note:
This path is relative to ARCOT_HOME (<
install_location
>\).
LogLevel
 
The default logging level for the server, unless an override is specified.
The possible values are:
  • 0: FATAL
  • 1: WARNING
  • 2: INFO
  • 3: DETAIL
LogTimeGMT
0
The parameter which indicates the time zone of the timestamp in the log files. The possible values are:
  • 0: Local Time
  • 1: GMT
  1. (For Case Management Queuing Server)
    Add the following section at the end of the file:
    [arcot/riskfortcasemgmtserver/startup]
    LogFile=
    LogFileSize=10485760
    BackupLogFileDir=
    LogLevel=
    LogTimeGMT=0
    The table in the previous step explains these parameters.
  2. Set the required values for the parameters.
  3. Save and close the file.
  4. Restart CA Risk Authentication Server.