Release 10.1A: OpenEdge Application Server:
Administration

Security considerations for OpenEdge Adapter for Sonic ESB

The security of communications between services deployed to the OpenEdge Adapter for Sonic ESB and the clients of those services is a function of two distinct connections, each of which is configured separately with respect to security.

The first connection, that between the OpenEdge Adapter for Sonic ESB and the client, is secured by the facilities of the Sonic ESB and thus is outside the scope of OpenEdge administration. See the Sonic ESB documentation for information about making this connection secure.

The second connection is via AppServer protocol between the deployed service and the AppServer. For this connection to be secure, the following conditions must be met:

You must obtain and install public key certificates for the OpenEdge Adapter for Sonic ESB host machine.
The service must send SSL requests to the AppServer that is to process the client requests. To configure the service to send SSL requests, you set the value of the appServiceProtocol property to AppServerS or AppServerDCS. You set this property, either for a specific service (see the "Editing OpenEdge service properties" section) or as the default for services deployed to a given adapter instance (see the "Editing the default service properties" section). Note that this property applies to deployed services, not to the WSA itself.
The AppServer must be SSL-enabled, meaning that it accepts SSL requests from the OpenEdge Adapter for Sonic ESB (or other clients). You set the property sslEnable=1 by checking the Enable SSL Client Connections box in the SSL General properties category in the Progress Explorer, or by manually editing the ubroker.properties file. You must also obtain and install a server private key and public key certificate and set additional SSL server properties. See the "SSL-enabled AppServer operation" section for more information.
Note: You can use the mergeprop utility installed with OpenEdge to manually edit the ubroker.properties file. For information on using mergeprop, see OpenEdge Getting Started: Installation and Configuration .

For more information on SSL support in OpenEdge, including configuring and operating a Sonic ESB service as a client of an SSL-enabled AppServer, see OpenEdge Getting Started: Core Business Services .

SSL-related service properties

You can set the following properties, either as defaults for services deployed to a given OpenEdge Adapter for Sonic ESB instance or as properties of a specific service:

appServiceProtocol — Assigns a value of AppServerS or AppServerDCS to support SSL communication with the AppServer.
noHostVerify — Controls whether the WSA compares the host name of the connecting AppServer with the Common Name specified in the server digital certificate.
noSessionReuse — Controls whether the service requests reuse of the session ID for successive connections to the same AppServer.

For more information about these and other service properties, see Appendix A "Reference to Progress 4GL Web Service Properties."