arcotcommon.ini
The arcotcommon.ini file contains the parameters for database and instance settings for CA Risk Authentication Server and other components (such as Administration Console, UDS, and UBP). Typically, you must edit the following sections in this file:
aa9
The arcotcommon.ini file contains the parameters for database and instance settings for CA Risk Authentication Server and other components (such as Administration Console, UDS, and UBP). Typically, you must edit the following sections in this file:
- Database Settings
- HSM Encryption Settings
- Instance Settings
You can also change the default startup logging settings for CA Risk Authentication Server and Case Management Queuing Server by using arcotcommon.ini. For more information, see
Changing Server Startup Logging Parameter
s.Database Settings
The database settings in arcotcommon.ini allow you to identify the database to which the server connects and the backup database to use for failover. These settings also enable you to configure database communications resources available between the server and the database.
For notes and recommendations for database settings, see the
Installation
section.You must edit the following sections, which are related to database settings in the arcotcommon.ini file:
- [arcot/db/dbconfig]
- [arcot/db/primarydb]
- [arcot/db/backupdb]
[arcot/db/dbconfig]
This section enables you to specify the type of database and generic information about this database type. The following table lists the database setting parameters in the [arcot/db/dbconfig] section.
Parameter
| Default
| Description
|
DbType | -- | The type of database applicable to all database connections. The supported values are: Oracle mssqlserver |
Driver | -- | The fully qualified name of the database driver class that is supplied by the JDBC driver vendor. Note: Consult your JDBC vendor documentation for the right driver name. For example: - Oracle: oracle.jdbc.driver.OracleDriver - Microsoft SQL Server: com.microsoft.sqlserver.jdbc.SQLServerDriver |
MinConnections | 4 | The minimum number of connections to create between the server and the database. |
MaxConnections | 64 | The maximum number of connections that are created between the server and the database. Note: There is a limit to how many connections a database allows and that limit may limit the server from creating the MaxConnections number of connections. See your database driver documentation for more information. |
IncConnections | 2 | The number of created connections when a new connection is needed between the CA Risk Authentication components and the database. |
MaxIdleConnections | 64 | The maximum number of idle database connections that the server can maintain. |
MaxWaitTimeFor Connection | 30000 | The maximum time (in milliseconds ) the server must wait for a connection to become available (when there are no available connections) before timing out. |
AutoRevert | 1 | Indicates the system attempts to connect to the primary database after a failover occurs. Set AutoRevert=1, if you have a backup database and if you want the server to connect to the primary database after a failover. |
MaxTries | 3 | The number of times the server attempt to connect to the database before aborting the connection. |
ConnRetrySleep Time | 100 | The number of milliseconds to delay between attempts to connect to the database. |
MonitorSleepTime | 50 | The amount of time in seconds the Monitoring Thread sleeps between heartbeats checks on all databases. |
Profiling | 0 | Whether the database messages are being logged. Set the value to 1 if you want to enable logging of database messages. |
EnableBrandLicensing | 1 | Whether a branded ODBC driver is in use. |
BrandLicenseFile | DDWF.LIC | The license file name when you use a branded ODBC driver. This parameter is required if the value of EnableBrandLicensing is 1. Otherwise it is ignored. Important! If present, this value must not be edited. |
MaxTransactionRetries | 3 | The maximum number of times the transaction is retried with a database instance for pre-defined error conditions. |
TransactionRetrySleep Time | 10 | The interval in milliseconds between two consecutive transaction retries. |
[arcot/db/primarydb]
This section enables you to specify the primary database to which CA Risk Authentication Server is connected. You can configure more than one primary database by specifying the required number,
N
in the following parameters:- Datasource.N
- AppServerConnectionPoolName.N
- URL.N
- Username.N
- TrustStorePath.N
- KeyStorePath.N
- HostNameInCertificate.N
The following table lists the database setting parameters in the [arcot/db/primarydb] section.
Parameter
| Default
| Description
|
Datasource. N
| No default | The name of the ODBC System Data Source Name (DSN) pointing to the primary database hosting the server data. |
AppServerConnection PoolName. N
| No default | The JNDI name used to look up the connection pool object, if the database connection pooling feature of the application server is being used. Create a pool by this JNDI name in the containing application server and give access rightsto web applications to use the connection pool. If the JNDI name is configured in Apache Tomcat , then use a fully qualified JNDI name. For example:AppServerConnectionPoolName.1=java:comp/env/SampleDS For other application servers , specify only the JNDI name. For example:AppServerConnectionPoolName.1=SampleDS See "Configuring Application Server for Database Connection Pooling" for more information. If the application server connection pool is not required, then leave this configuration empty. |
URL. N
| No default | The name of the JDBC data source. For Oracle -> jdbc:oracle:thin:<server >:<database_port >:<sid >Microsoft SQLServer -> jdbc:sqlserver://<server >:<database_port >;databaseName=<databasename >;selectMethod=cursor |
Username. N
| No default | The user ID used by the server to access the database. |
TrustStorePath. N Note: Only if you have SSL configured between CA Risk Authentication and the database. | No default | The SSL Certificate trustStore Path corresponding to Datasource. N . The path (including the filename) refers to the certificate trustStore file, which contains the list of certificates that the client trusts.Important! The password corresponding to TrustStorePath.N must be securely stored in securestore.enc, with the value of TrustStorePath.N as the key through the DBUtil tool.Note: See the CA Risk Authentication Administration Section for more information about DBUtil. |
HostNameInCertificate. N Note: Only if you have SSL configured between CA Risk Authentication and the database. | No default | The value of Common Name (CN) in the subject Distinguished Name (DN) of Datasource. N SSL Certificate in trustStore. |
[arcot/db/backupdb]
This section [arcot/db/backupdb] enables you to specify the backup database to use for failover. You can configure more than one failover database by specifying the required number,
N
in the following parameters:- Datasource.N
- AppServerConnectionPoolName.N
- URL.N
- Username.N
- TrustStorePath.N
- KeyStorePath.N
- HostNameInCertificate.N
HSM Encryption Settings
The arcotcommon.ini file enables you to specify the configurations for your Hardware Security Module (HSM). As a result, you can store the Private Keys that are used for CA Risk Authentication in an encrypted format. The following HSMs are supported:
- Chrysalis-ITS Luna SA
- Thales nFast (nCipher netHSM)
The following table lists the common configurations for secure storage, as specified in the [arcot/crypto/device] section.
Parameter
| Default
| Description
|
HSMDevice | S/W | Indicates the mode that sets whether the CA Risk Authentication information must be encrypted with a key stored in database or with the one in stored the HSM. Supported values are:
|
The following table lists the configuration parameters for Chrysalis-ITS Luna SA, as specified in the [crypto/pkcs11modules/chrysalis] section.
Parameter
| Default
| Description
|
sharedLibrary | < location/to/cryptoki .dll> | The absolute path to the PKCS#11 shared library corresponding to the HSM. The default value for Chrysalis (Luna) is: C:\Program Files\LunaSA\cryptoki.dll |
storageSlot | 0 | The HSM slot where the encryption keys (symmetric and asymmetric) are present. |
accelSlot | 0 | The slot for internal use by CA. |
sessionCount | 20 | The maximum number of sessions that can be established with the HSM device. |
The following table lists the configuration parameters for nCipher netHSM, as specified in the [crypto/pkcs11modules/nfast] section.
Parameter
| Default
| Description
|
sharedLibrary | < location/to/ccknfast .dll> | The absolute path to the PKCS#11 shared library corresponding to the HSM. The default value for nFast (nCipher netHSM) is: C:\nfast\bin\cknfast.dll |
storageSlot | 1 | The HSM slot where the encryption keys (symmetric and asymmetric) are present. |
accelSlot | 0 | The slot for internal use by CA. |
sessionCount | 200 | The maximum number of sessions that can be established with the HSM device. |
Instance Settings
In a farm of servers, it is recommended that every instance of the server has its own unique identification. CA Risk Authentication supports a parameter to set and identify every instance of the servers. This section enables you to configure these systemwide settings for unique instances. The following table lists the instance setting parameters in the [arcot/system] section.
Parameter
| Default
| Description
|
InstanceId | 1 | The parameter that can be used to identify any server instance. Important! It is mandatory that you provide unique values for every instance of the server.The server instance is also displayed in the transaction reports, making it easier to trace the server instance to the transaction. |
Change Server Startup Login Parameters
If you want to change the logging parameters that you see when CA Risk Authentication Server or Case Management Queuing Server starts up, Follow these steps::
- Navigate to the conf directory in ARCOT_HOME.
- Open arcotcommon.ini in a text editor.
- (For CA Risk Authentication Server) Add the following section at the end of the file:[arcot/riskfort/startup]LogFile=LogFileSize=10485760BackupLogFileDir=LogLevel=LogTimeGMT=0The following table explains these parameters.
Parameter
| Default
| Description
|
LogFile | The file path to the default directory and the file name of the log file. Note: This path is relative to ARCOT_HOME (<install_location >\). | |
LogFileSize | 10485760 | The maximum number of bytes the log file can contain. When a log file reaches this size, a new file is started and the old file is moved to the location specified for BackupLogFileDir. |
BackupLogFileDir | The location of the directory where backup log files are maintained, after the current file exceeds LogFileSize bytes. Note: This path is relative to ARCOT_HOME (<install_location >\). | |
LogLevel | The default logging level for the server, unless an override is specified. The possible values are:
| |
LogTimeGMT | 0 | The parameter which indicates the time zone of the timestamp in the log files. The possible values are:
|
- (For Case Management Queuing Server)Add the following section at the end of the file:[arcot/riskfortcasemgmtserver/startup]LogFile=LogFileSize=10485760BackupLogFileDir=LogLevel=LogTimeGMT=0The table in the previous step explains these parameters.
- Set the required values for the parameters.
- Save and close the file.
- Restart CA Risk Authentication Server.