F. Add the optional DCAS client parameters (if desired).

Unlike the previous set of DCAS parameters, the following parameters are optional. Which of these parameters you add to the web.xml file depends on your environment and your objectives as an administrator:
CMPI_DCAS_TRACE_LEVEL
This parameter specifies the trace level for the DCAS plug-in. The trace messages are logged to the log file specified by CMPI_TRACE_LOG_FILE parameter. Depending on your Web application server, they may or may not be logged to the console. Trace level values include the following:
  • 0 = None: No tracing. This is the default.
  • 1 = Minimum: Trace APIs and parameters, return values, and errors.
  • 2 = Normal: Trace Minimum plus internal APIs and parameters and informational messages.
  • 3 = Maximum: Trace Normal plus Java exceptions.
Code example:
<init-param> 
   <param-name>CMPI_DCAS_TRACE_LEVEL</param-name> 
   <param-value>3</param-value> 
</init-param>
CMPI_DCAS_HOST_PORT
The DCAS host address is determined based on the destination host specified in the request. The default port address of 8990 is used, but you may override it using this parameter.
Code example:
<init-param> 
   <param-name>CMPI_DCAS_HOST_PORT</param-name> 
   <param-value>8990</param-value> 
</init-param>
CMPI_DCAS_USE_WELLKNOWN_KEYS
This parameter defaults to false, and when it is true, it indicates that JSSE will use the specified truststore to look up the DCAS client and server certificates.
Code example:
<init-param> 
   <param-name>CMPI_DCAS_USE_WELLKNOWN_KEYS</param-name> 
   <param-value>true</param-value> 
</init-param>
CMPI_DCAS_WELLKNOWN_PASSWORD
If you choose to replace the provided truststore with your own, you will need to specify the password here. Place your truststore file in the same directory where the provided version was located.

top Graphic Image
This password should be encrypted using the encrypt password tool. For more information about the password encryption tool, refer to Password encryption tool.
Code example:
<init-param> 
   <param-name>CMPI_DCAS_WELLKNOWN_PASSWORD</param-name> 
   <param-value>tuBu9v8lHiJi1jt08UgHzA==</param-value> 
</init-param>
CMPI_DCAS_VERIFY_SERVER_NAME
This parameter indicates if the server host name in the certificate must be verified in addition to the certificate validation. The default is false.
Code example:
<init-param> 
   <param-name>CMPI_DCAS_VERIFY_SERVER_NAME</param-name> 
   <param-value>false</param-value> 
</init-param>
CMPI_DCAS_REQUEST_TIMEOUT
This parameter specifies the passticket request timeout in milliseconds. It should be less than the Z and I Emulator for Web macro time-out value. The default is 50000.
Code example:
<init-param> 
   <param-name>CMPI_DCAS_REQUEST_TIMEOUT</param-name> 
   <param-value>50000</param-value> 
</init-param>

top Certificate-based Web Express Logon
The CMPI_DCAS_DB_PRESERVE_WHITESPACE and CMPI_DCAS_DB_CASE_SENSITIVE parameters are not used for Certificate-based Web Express Logon.
CMPI_DCAS_DB_PRESERVE_WHITESPACE
This parameter indicates whether to trim white spaces from the credential request parameters or not. If true, the white spaces are not trimmed. The default is false.
Code example:
<init-param> 
   <param-name>CMPI_DCAS_DB_PRESERVE_WHITESPACE</param-name> 
   <param-value>false</param-value> 
</init-param>
CMPI_DCAS_DB_CASE_SENSITIVE
This parameter specifies whether or not the DCAS plug-in converts the application ID and network ID of the user to lowercase characters and then uses the lcase() method to make SQL queries to the HCM database. This parameter should be set to true when using SQL applications that do not support the lcase() method.
Code example:
<init-param> 
   <param-name>CMPI_DCAS_DB_CASE_SENSITIVE</param-name> 
   <param-value>false</param-value> 
</init-param>
CMPI_DCAS_USE_DEFAULT_TRUSTSTORE
This parameter indicates that JSSE should use the default truststore to lookup the DCAS certificates. This parameter is overridden by the CMPI_DCAS_USE_WELLKNOWN_KEYS parameter when CMPI_DCAS_USE_WELLKNOWN_KEYS is set to true. The default is false.
CMPI_DCAS_NO_FIPS
This parameter indicates that the FIPS security provider should not be used. The default security provider will be used instead. The default is false.