Enable encryption for ODBC connections to Oracle in Policy Server
search cancel

Enable encryption for ODBC connections to Oracle in Policy Server

book

Article ID: 16934

calendar_today

Updated On:

Products

CA Single Sign On Secure Proxy Server (SiteMinder) CA Single Sign On SOA Security Manager (SiteMinder) CA Single Sign-On SITEMINDER

Issue/Introduction


To configure the Oracle database for connectivity, the DBAs are asking to enable the following settings to enable encryption when connecting to the database:

  oracle.net.encryption_client=REQUIRED
  oracle.net.encryption_types_client=AES256
  oracle.net.crypto_checksum_client=REQUIRED
  oracle.net.crypto_checksum_types_client=SHA1

How to configure the settings above in our Linux and Windows Policy Servers when using the Datadirect (Progress) drivers?

 

Resolution


For Linux Policy Servers, the following parameters should be added in the system_odbc.ini file (1)(2)(3)(4):

  EncryptionLevel=3
  EncryptionTypes=AES256
  DataIntegrityLevel=3
  DataIntegrityTypes=SHA1

The level value 3 means the encryption and/or the data integrity check is required, and the type parameters specify which algorithms are allowed.

For Windows Policy Servers, open the ODBC Data Source administrator and modify the settings for your Oracle connection using the Oracle Wire protocol driver clicking on "Configure", and going to the Advanced Security tab, where to specify the same values as above:

  Encryption Level: 3 - Required
  Encryption Types: (select the types allowed by enabling the corresponding checkboxes; in this case, only need: AES256)
  Data Integrity Level: 3 - Required
  Data Integrity Types: (select the types allowed by enabling the corresponding checkboxes; in this case, only need: SHA1)

Note: Use the "Test Connect" button to ensure the connection is done properly after changing the settings. After the changes are set, click the Ok button twice to save the changes.

 

Additional Information

Powered by Wolken Software