Security considerations for Rational® Integration Tester
Ensure that your installation is secure, customize your security settings, and set up user access controls. Also, know about any security limitations that you might encounter with this application.
Privacy policy considerations
Depending on the configurations that are deployed, this software offering might use cookies that can help enable you to collect personally identifiable information. For information about this offerings use of cookies see the Notices topic.
Rational® Integration Tester
- Enabling security during installation
- Enabling secure communication between multiple applications
- Ports, protocols, and services
- Secure communication between Rational Integration Tester and other applications
- Setting up user roles and access
- Kerberos sign-on for project permissions
- Security limitations
Enabling security during installation
When installing Rational® Integration Tester, you do not have to enable, select, or configure any security options. After installing the application, the following points apply:
- Security is based on each project instance.
- If you create a project results database, the database access is configured within the project settings and uses the standard JDBC connection approach (see Configuring the project results database). This approach allows a user name and password to be specified. Depending on the vendor of the database used and the database driver support, security can be extended further, for example, with Kerberos.
Enabling secure communication between multiple applications
Rational® Integration Tester does not support single sign-on.
The IBM® Rational® Quality Manager adaptor of Rational® Integration Tester, which is hosted within the Rational® Integration Tester Agent process, specifies that a user name and password must be used to connect to Rational® Quality Manager. The password in the configuration file can be encrypted by using the EncryptPassword program supplied with Rational® Integration Tester. The connection is usually over HTTPS but the exact configuration of the connection depends on the configuration of Rational® Quality Manager.
In Rational® Integration Tester, you can also define a number of quality management settings for test management and defect management systems. See Permission settings.
Ports, protocols, and services
Rational® Integration Tester processes and tasks can be run by any user with appropriate privileges to access the required files.
Port 7883 is used for the Topology Discovery view. Rational® Integration Tester creates a TCP connection to the Rational® Test Control Panel on this port and periodically receives information about the resources that are observed by the proxies and intercepts.
Secure communication between Rational® Integration Tester and other applications
Rational® Integration Tester uses Transport Layer Security (TLS) secure communications between Rational® Integration Tester and any other third-party applications. For example, when you configure an HTTP physical transport and enable SSL, Rational® Integration Tester uses the highest available TLS protocol version (currently 1.3) to secure the communication.
Setting up user roles and access
In Rational® Integration Tester, there is no user creation or management. However, if Active Directory or LDAP permission settings are enabled for a project, user management is controlled through Active Directory or LDAP. See Permission settings.
Kerberos sign-on for project permissions
krb5.ini
or krb5.config
file,
or by applying the following JVM arguments in the Library Manager:-Djava.security.krb5.realm=
REALM-Djava.security.krb5.kdc=
KEY DISTRIBUTION CENTER
- REALM must be the value of
USERDOMAIN
. - KEY DISTRIBUTION CENTER must be the value of
LOGONSERVER
with any leading slashes removed (that is,DOMAIN_SERVER
not\\DOMAIN_SERVER
).
allowtgtsessionkey
must be aDWORD
value with a value of1
.
On Microsoft™
Windows™ XP systems, add
allowtgtsessionkey
to the following variable:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\Kerberos
On Microsoft™
Windows™ 2000, Windows™ Vista, and Windows™ 7 systems, add
allowtgtsessionkey
to the following variable:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\Kerberos\Parameters
Security limitations
Project resources contain passwords that are used to access middleware and databases. These passwords are stored in an obfuscated form that can be reversed. Therefore, the accounts should have only the minimum set of rights that are needed to interact with these resources for test execution or virtualization of services that use them.