Software AG Products 10.7 | Administering Integration Server | Customizing Authentication Using JAAS | JAAS Configuration File | X509ValidatorModule
 
X509ValidatorModule
In the above IS_Transport login context, the X509ValidatorModule is commented out because it is optional functionality. When enabled, this module performs path validation on the given X509Certificate chain, and you can configure it to perform certificate revocation lists (CRLs) checking by adding the check_crl_status and crl_url parameters as shown below:
IS_Transport
{
com.wm.app.b2b.server.auth.jaas.X509ValidatorModule requisite
check_crl_status=true
crl_url="file:///C:\\webMethods\\sec\\crl\\lh.crl";
com.wm.app.b2b.server.auth.jaas.X509LoginModule requisite;
com.wm.app.b2b.server.auth.jaas.BasicLoginModule requisite;
com.wm.app.b2b.server.auth.jaas.SamlOSGiLoginModule requisite;
};
The crl_url can point to a file url as shown above or it can point to a live CRL url (for example, http://myca.com/crl/lh.crl).
For certificate path validation, this module tries to use the truststore associated with the port on which the request came in. If the port does not identify a truststore, then this module uses Integration Server's default outbound truststore. You can override this and provide your own Integration Server truststore alias using the "trustStore_alias" property of the module as shown below:
com.wm.app.b2b.server.auth.jaas.X509ValidatorModule requisite
trustStore_alias="my trustStore";