Table of Contents
Advertisement
Chapter 10: Configuring Advanced Security
After you install Advanced security on Solaris, you should disable all caching options
whenever you're working in the Advanced Server Security page in the ColdFusion
Administrator. Specifically, make sure you disable the following settings:
Load Security Server Policy Store Cache at Startup
Use Security Server Policy Store Cache
After you disable these caching options, make sure you restart ColdFusion Server using
the stop and start scripts in the /coldfusion/bin directory. For more information about
security cachesettings, see "Caching Advanced Security Information" on page 300.
Setting Up a Security Server
The first step to implementing Advanced security is setting up a security server. In a
non-clustered environment, the security server is the server hosting ColdFusion,
where your ColdFusion programming resources, files, data sources, custom tags, Verity
collections and so on, are stored. In a clustered environment, you can define a single
security server in the cluster to handle all security authentication and authorization. In
this case, the other servers in the cluster all point to the security server to authenticate
and authorize users and groups.
You can only administer Advanced security from the security server. You can't
administer it from a client or from another server in a cluster.
Note
To set up a security server:
1.
Open the ColdFusion Administrator.Click the Advanced Security link.
You see the Advanced Server Security page.
2.
Select the Use Advanced Server Security check box. This enables you to set up a
security context with policies, rules, and users.
3.
Enter the physical location of the security server and click Apply. By default, this is
the localhost IP# 127.0.0.1. You can supply an IP address or a logical name that can
be resolved to a physical address.
4.
Enter a Shared Secret, which is part of the encryption key that validates Advanced
security transactions. Since the default is the same for all ColdFusion Server
configurations, you should change the shared secret at least once.
5.
ColdFusion reserves the Authorization and Authentication ports to pass security
information. Change the port number values only in the unlikely event that these
ports are already in use by some other process on the server.
It's a good idea to take the ColdFusion server offline while you're
configuring Advanced security.
299
Advertisement
Table of Contents
Troubleshooting
