CA EEM Getting Started › Configuring CA EEM SDK › CA EEM SDK Initialization › About the eiam.config File

About the eiam.config File

Use the eiam.config file to control CA EEM SDK configuration data such as:

• Cyclic buffer
• Logger configuration file
• SAF folder for storing audit files
• FIPS compatible mode
• SafeContext-related information

The eiam.config file consists of the following configurable parameters:

CyclicBuffer size

Specifies the number of log messages contained in a cyclic buffer. The cyclic buffer stores the specified number of latest log messages in the memory. As the buffer reaches the specified size, a new log message replaces the oldest log message in the buffer. If the application crashes, you can recover the latest log messages from the core.

Default: 500

Minimum: 0

Maximum: 1000

Note: This parameter is valid only for the CA EEM C++ SDK.

enable

Specifies if the cyclic buffer is enabled. If enabled is set to false, the cyclic buffer is disabled. So, you need not specify values of the parameters CyclicBuffer size, dump, and file.

Value: [true|false]

Default: true

Important! Cyclic buffer is enabled by default. If you enable the cyclic buffer, performance of CA EEM is affected.

dump

Specifies if the contents of cyclic buffer are written to a file if the eiam.config file is modified or updated.

Value: [true|false]

Default: false

file

Specifies filename of the dump file. If dump is set to false, the log messages are not written to a dump file. The file extension of file is .log.

LoggerConfiguration file

Specifies absolute path of the logger configuration files for CA EEM Java, C# SDK, and C++ SDKs. The CA EEM logging information is stored in the logger configuration files. eiam.log4cxx.config, eiam.log4net.config, and eiam.log4j.config are the logger configuration files for CA EEM C++ SDK, CA EEM C# SDK, and CA EEM Java SDK.

audit

SAF folder where audit files are stored for processing.

Note: For more information about SAF Directory, see the Reliable Event Delivery section in the Programming Guide.

Network sockettimeout

Specifies the socket timeout in milliseconds.

Default: 120000 (120 seconds)

Note: This parameter is valid only for the CA EEM C++ SDK and CA EEM Java SDK.

<SDK type ="C#">

Specifies the FIPS mode settings for C# SDK.

FIPSMode

Specifies the FIPS mode for CA EEM SDK. For FIPS-only mode, set the value to On.

Value: [Off|On]

Default: Off

digestAlgorithm

Specifies the cryptographic algorithm used to sign server requests. In FIPS mode, CA EEM C# SDK uses SHA1 as the digest algorithm by default. If FIPS mode is disabled, CA EEM C# SDK uses MD5 as the digest algorithm. MD5 is not supported in FIPS-only mode.

Value: [MD5|SHA1]

Default: MD5 for non-FIPS mode.

Note: In FIPS-only mode, CA EEM C# SDK supports only SHA1 as the digest algorithm.

<SDK type ="Java">

Specifies the FIPS mode settings for Java SDK.

FIPSMode

Specifies the FIPS mode for CA EEM SDK. For FIPS-only mode, set the value to On.

Value: [Off|On]

Default: Off

JCEProvider

Specify the Java Cryptography Extension (JCE) provider to use in the FIPS-only mode.

digestAlgorithm

Specifies the cryptographic algorithm used to sign server requests. For CA EEM SDK enabled in FIPS-only mode, use SHA1 as the digestAlgorithm. FIPS does not support MD5. If FIPS-only mode is disabled, the server requests are signed using MD5.

Value: MD5/SHA1/SHA256/SHA384/SHA512

Default: SHA1 for FIPS-only mode and MD5 for non-FIPs mode.

logLevel

Specifies the log level.

Value: [Error|Warning|Trace|Nolevel]

logToFile

Specifies if the log messages must be stored in a file.

Value: [True|False]

Default: False

logFile

Specifies the absolute path to the log file. This parameter is valid only if logToFile is set to True.

maxLogSize

Specifies the maximum size of the log file in MB.

<SDK type ="C++">

Specifies the FIPS mode settings for C++ SDK.

FIPSMode

Specifies the FIPS mode for CA EEM SDK. For FIPS-only mode, set the value to On.

Value: [Off|On]

Default: Off

etpkiCryptoLib

Specifies the installation path for the etpki libraries.

secureProtocol

Specifies the protocol that the CA EEM SDK uses to communicate with CA EEM Server.

Default: SSLV23

Values: SSLV23 / SSLV3 / TLSV1

Note: FIPS-only communication mode supports only TLSV1. Communication fails if you use SSLV2 or SSLV3 when FIPS mode is set to True.

digestAlgorithm

Specifies the cryptographic algorithm used to sign server requests. For CA EEM SDK enabled in FIPS mode, use SHA1 as the digestAlgorithm. FIPS does not support MD5. If FIPS mode is disabled, the server requests are signed using MD5.

Value: MD5/SHA1/SHA256/SHA384/SHA512

Default: MD5 for non-FIPS and SHA1 for FIPS-only mode. If the tag is empty, CA EEM uses the default values.

logLevel

Specifies the log level.

Value: [Error|Warning|Trace|Nolevel]

logToFile

Specifies if the log messages must stored in a file.

Value: [True|False]

Default: False

logFile

Specifies the absolute path to the log file. This parameter is valid only if logToFile is set to True.

maxLogSize

Specifies the maximum size of the log file in MB.

<SafeContext>

Specifies the information required to generate a SafeContext using the SafeContextFactory method.

Note: You can include more than one SafeContext tag in the eiam.config file. However, the refid must be unique for each SafeContext tag.

refid

Specifies the reference ID for a SafeContext tag. This ID must be unique. The SafeContextFactory uses the reference ID to pick the information required to generate a SafeContext.

Backend

Specifies the hostname of the CA EEM Server.

Application

Specifies the name of the application instance for which the SafeContext is generated. If the application name is not specified, SafeContextFactory attaches to the global application.

Locale

Specifies the locale.

Authentication Type

Specifies the authentication that the SafeContextFactory uses to attach to an application. The following are the supported authentication types:

• password-based authentication; use the UserAuth tags for this authentication
• PEM certificates; use the <Certificate type="pem"> for this authentication
• P12 certificates; use the <Certificate type="p12"> for this authentication
• PKCS#11 certificates; use the <Certificate type="p11"> for this authentication

Note: Use only one authentication type with a SafeContext tag.

UserAuth

Specify password-based authentication method.

Username

Specifies the username of the administrator needed to attach to an application instance or global instance.

Password

Specifies the munged password needed to authenticate the administrator.

PEM certificates

Specifies the details required for a PEM certificate-based authentication.

CertURI

Specifies the path including the certificate filename.

KeyURI

Specifies the path including the key file.

KeyPW

Specifies the munged password required to read the certificate file. This tag is valid only for the CA EEM C++ SDK. In FIPS-only mode, this tag must be blank.

PKCS#11 certificates

Specifies the details required for a P11 certificate-based authentication.

Provider

Specifies the path to the encryption libraries.

Userpin

Specifies the userpin to use with the PKCS#11 device.

ID

Specifies the ID of the PKCS#11 certificate.

P12 certificates

Specifies the details required for a P12 certificate-based authentication.

CertURI

Specifies the path including the P12 certificate filename.

KeyPW

Specifies the munged password to read or write to the certificate file.