JNDI Connection Properties

This section discusses JMS properties associated with a JNDI connection.

Authentication Scheme

This property specifies the authentication scheme and applies to both the JNDI and data connection.

  • Supported by: For basic and client certificate authentication schemes, event brokers running Solace PubSub+ version 6.1 and higher. For a Kerberos authentication scheme, event brokers running Solace PubSub+ version 7.0 and higher.
  • Type: String
  • Format must be one of the following:
    • SupportedProperty.AUTHENTICATION_SCHEME_BASIC (username/password authentication). This is the default authentication scheme.
      Refer to AUTHENTICATION_SCHEME_BASIC for more information.
    • SupportedProperty.AUTHENTICATION_SCHEME_CLIENT_CERTIFICATE (Client Certificate Authentication).
      Refer to AUTHENTICATION_SCHEME_CLIENT_CERTIFICATE for more information.
    • SupportedProperty.AUTHENTICATION_SCHEME_GSS_KRB (Kerberos).
      Refer to AUTHENTICATION_SCHEME_GSS_KRB for more information.
    • SupportedProperty.AUTHENTICATION_SCHEME_OAUTH2 (OAuth 2.0). You can use OAUTH2_ACCESS_TOKEN, OIDC_ID_TOKEN or both. Both are required depending on your requirements.
  • Default: SupportedProperty.AUTHENTICATION_SCHEME_BASIC

When AUTHENTICATION_SCHEME_CLIENT_CERTIFICATE is used then at least one of these properties have to be set:

  • SSL_KEY_STORE_PASSWORD
  • SSL_PRIVATE_KEY_PASSWORD

The SSL_KEY_STORE property becomes mandatory when AUTHENTICATION_SCHEME is set to AUTHENTICATION_SCHEME_CLIENT_CERTIFICATE. For more information, refer to the Class JCSMPProperties page.

The following are the the Authentication Scheme Properties:
Property Source (in descending priority) Property Source (in descending priority)

Initial Context

The example below shows how to enable Client Certificate authentication.

env.put(SupportedProperty.SOLACE_JMS_AUTHENTICATION_SCHEME, SupportedProperty.AUTHENTICATION_SCHEME_CLIENT_CERTIFICATE);

JNDI Properties File

Solace_JMS_Authentication_Scheme=AUTHENTICATION_SCHEME_BASIC

Solace_JMS_Authentication_Scheme=AUTHENTICATION_SCHEME_GSS_KRB

Solace_JMS_Authentication_Scheme=AUTHENTICATION_SCHEME_CLIENT_CERTIFICATE

Solace_JMS_Authentication_Scheme=AUTHENTICATION_SCHEME_OAUTH2

Allow Duplicate Client ID Enabled

The property specifies whether new JMS connections can use the same Client identifier (ID) as an existing connection. If the property is enabled and the JMS client did not provide a client ID, the API could just use the auto-generated unique client-id used for the initial connection.

  • Supported by: Version 8.6.0 or higher on the Solace PubSub+ software event broker and version 8.3.0 or higher on the Solace appliance. Also, JMS API 10.2.0 or higher is required.
  • Type: Boolean
  • Format: [true|false]
  • Default: false

Allow Duplicate Client ID Enabled Property
Property Source (in descending priority) Example

JNDI Connection Factory

CLI/SEMP - Set through the property list "client-properties", Property "allow-duplicate-client-id"

Client Description

This property specifies the application description.

  • Supported by: Solace PubSub+ version 5.0 and higher
  • Type: String
  • Format: A maximum of 254 ASCII characters.
  • Default: “JNDI”

Client Description Property
Property Source (in descending priority) Example

Initial Context

env.put(SupportedProperty.SOLACE_JMS_JNDI_CLIENT_DESCRIPTION, “My JNDI Client Description”);

JNDI Properties File

Solace_JMS_JNDI_ClientDescription=My JNDI Client Description

Client ID

This property specifies the client name. If not specified, the API generates a unique client ID.

  • Supported by: Solace PubSub+ version 5.0 and higher
  • Type: String
  • Format: Must be a valid topic name; a maximum of 160 bytes is supported when encoded in UTF-8.
  • Default: A generated client ID

Client ID Property
Property Source (in descending priority) Example

Initial Context

env.put(SupportedProperty.SOLACE_JMS_JNDI_CLIENT_ID, “My JNDI Client”);

JNDI Properties File

Solace_JMS_JNDI_ClientID=My JNDI Client

Compression Level

This property is used to enable and specify the ZLIB compression level.

  • Type: Integer
  • Format: Valid values for the compression level are 0 (no compression), or 1 through 9 (where 1 offers the least amount of compression and fastest data throughput, and 9 offers the most compression and slowest data throughput). The default value is 0.
  • Default: 0

Compression Level Property
Property Source (in descending priority) Example

Initial Context

env.put(SupportedProperty.SOLACE_JMS_COMPRESSION_LEVEL, 6);

JNDI Properties File

Solace_JMS_CompressionLevel=6

Connect Retries

This property specifies the maximum number of times to attempt a JNDI Connection if the first connect fails. If this value is -1 or greater than 1, and a host list is used, each connect retry will traverse the host list according to the value set for the Connect Retries property.

  • Type: Integer
  • Format: Valid values are -1 through 2147483647. 0 means do not perform any automatic connection retries (that is, try once and give up); –1 means retry forever.
  • Default: 0

Connect Retries Property
Property Source (in descending priority) Example

Initial Context

env.put(SupportedProperty.SOLACE_JMS_JNDI_CONNECT_RETRIES, 5);

JNDI Properties File

Solace_JMS_JNDI_ConnectRetries=3

System

-DJNDI_Connect_Retries=3

Connection Retries Per Host

When using a list of hosts for the URL property (refer to URL), this property defines the maximum number of times to retry a JNDI connection attempt to a single host before moving on to the next host in the list.

When traversing the list, each entry may be attempted the number of times set for the connection retries per host property plus 1.

  • Type: Integer
  • Format: Valid values are -1 through 2147483647. 0 means no retries (that is, try once and give up); –1 means retry forever (that is, the API only tries to connect or reconnect to first host listed.)
  • Default: 0

This property works in conjunction with the connect and reconnect retries settings; it does not replace them.

Connection Retries Per Host Property
Property Source (in descending priority) Example

Initial Context

env.put(SupportedProperty.SOLACE_JMS_JNDI_CONNECT_RETRIES_PER_HOST, 5);

JNDI Properties File

Solace_JMS_JNDI_ConnectRetriesPerHost=10

System

-DJNDI_Connection_Retries_Per_Host=10

Connect Timeout

This property specifies the maximum amount of time (in milliseconds) permitted for a JNDI connection attempt.

  • Type: Integer
  • Format: In milliseconds; valid values are 0 through 2147483647. 0 means wait forever.
  • Default: 30000 (that is, 30 seconds)

Connection Timeout Property
Property Source (in descending priority) Example

Initial Context

env.put(SupportedProperty.SOLACE_JMS_JNDI_CONNECT_TIMEOUT, 50000);

JNDI Properties File

Solace_JMS_JNDI_ConnectTimeout=60000

System

-DJNDI_Connect_Timeout=60000

Interceptors

These properties specify the producer interceptor (pre-send hook) and consumer interceptor (pre-receive hook) used by applications to address core-concepts, such as logging or encryption. It is used to set the fully-qualified name of classes whose methods are called prior to sending or receiving the message using the producer interceptor and consumer interceptor, respectively.

Consumer Interceptor

  • Type: String 
  • Format: The name that refers to the interceptor that runs prior to receiving a message.

Consumer Interceptor Properties
Property Source Example

Initial Context

For the consumer interceptor:

env.put(SupportedProperty.SOLACE_JMS_MESSAGE_CONSUMER_INTERCEPTOR_CLASS_NAME, CONSUMER_INTERCEPTOR_CLASS_NAME);

JNDI Properties File

For the consumer interceptor, where the fully-qualified name of the class is com.solace.example.MyDecryptingReceiverInterceptor:

Solace_JMS_MessageConsumerInterceptorClassName=com.solace.example.MyDecryptingReceiverInterceptor

System

For the consumer interceptor:

-DSolace_JMS_MessageConsumerInterceptorClassName=com.solace.example.MyDecryptingReceiverInterceptor

Producer Interceptor

  • Type: String 
  • Format: The name that refers to the interceptor that runs prior to sending a message.

Producer Interceptor Properties
Property Source Example

Initial Context

For the producer interceptor:

env.put(SupportedProperty.SOLACE_JMS_MESSAGE_PRODUCER_INTERCEPTOR_CLASS_NAME, PRODUCER_INTERCEPTOR_CLASS_NAME);

JNDI Properties File

For the producer interceptor, where the fully-qualified name of the class is com.solace.example.MyEncryptingMessageProducerInterceptor:

Solace_JMS_MessageProducerInterceptorClassName=com.solace.example.MyEncryptingMessageProducerInterceptor

System

For the producer interceptor:

-DSolace_JMS_MessageProducerInterceptorClassName=com.solace.example.MyEncryptingMessageProducerInterceptor

JAAS Login Context

This property specifies a name that applications use to refer to the entry in a login configuration file when they instantiate a LoginContext.

  • Type: String
  • Format: The name that refers to the entry in the login configuration file.
  • Default: SolaceGSS

JAAS Login Context Property
Property Source (in highest priority) Example

Initial Context

env.put(SupportedProperty.SOLACE_JMS_JAAS_LOGIN_CONTEXT, “SolaceGSS”);

JAAS Configuration File Reload Enabled

This property, when true, indicates the login configuration file is reloaded before connect or reconnect to the event broker.

  • Type: Boolean
  • Format: [true | false]
  • Default: false (disabled)

JAAS Configuration File Reload Enabled Property
Property Source (in highest priority) Example

Initial Context

env.put(SupportedProperty.SOLACE_JMS_JAAS_CONFIG_FILE_RELOAD_ENABLED, true);

JMSX User ID Enabled

This property specifies if the identity of the user is included in the messages it sends.

  • Supported by: Solace PubSub+ 7.2 and higher
  • Type: Boolean
  • Format: [true|false]
  • Default: false

JMSX UserID Property
Property Source (in descending priority) Example

JNDI Connection Factory

SolAdmin—Set through the Messaging Properties tab of the New JMS Connection Factory or Edit JMS Connection Factory dialog box.

CLI/SEMP—Set through Property List “messaging‑properties”, Property “jmsx-user-id-enabled”.

Kerberos Mutual Authentication

This property specifies that mutual authentication is to be used when the Kerberos authentication scheme is enabled.

  • Supported by: Solace PubSub+ 7.0 and higher
  • Type: Boolean
  • Format: [true|false]
  • Default: true

This property applies to both the JNDI and data connections.

Kerberos Mutual Authentication Property
Property Source (in descending priority) Example

Initial Context

env.put(SupportedProperty.SOLACE_JMS_KRB_MUTUAL_AUTHENTICATION, false);

JNDI Properties File

Solace_JMS_KRB_Mutual_Authentication=false

Kerberos Service Name

This property specifies that mutual authentication is to be used when the Kerberos authentication scheme is enabled.

  • Supported by: Solace PubSub+ 7.0 and higher
  • Type: String
  • Format: Any string. The total SPN value must not exceed 190 characters, including Service Name, Host FQDN, ‘@’ symbol, and ‘REALM’ name.
  • Default: “solace” (SupportedProperty.DEFALUT_KRB_SERVICE_NAME)

This property applies to both the JNDI and data connections.

Kerberos Service Name Property
Property Source (in descending priority) Example

Initial Context

env.put(SupportedProperty.SOLACE_JMS_KRB_SERVICE_NAME, "solace");

JNDI Properties File

Solace_JMS_KRB_Service_Name=KRBName

Local Host

This property specifies the IP address of the local interface to use. By default, the operating system picks the interface. This property applies to both the JNDI and data connections.

  • Type: String
  • Format: IP address
  • Default: none

Local Host Property
Property Source (in descending priority) Example

Initial Context

env.put(

SupportedProperty.SOLACE_JMS_LOCALHOST, "192.168.1.1");

JNDI Properties File

Solace_JMS_Localhost=192.168.1.1

System

-DJMS_Solace_localhost=192.168.1.1

Password

This property specifies a password to connect to the event broker with. By default, no password is specified. This password applies to both the JNDI and JMS (that is, data) connections, but it can be overridden when creating a JMS connection. For more information, refer to Managing Sessions.

  • Type: String
  • Format: The maximum length is 128 characters.
  • Default: “”

Password Property
Property Source (in descending priority) Example

System

-Djava.naming.security.credentials=pwd

Initial Context

env.put(Context. SECURITY_CREDENTIALS, pwd);

JNDI Properties File

java.naming.security.credentials=pwd

URL

smf://user1:pwd@192.168.1.1:55555

With host lists there is the capability to specify a username or password with every URL. In this case, the chosen username and password are the first ones found in the URL list.

Read Timeout

This property specifies the maximum amount of time (in milliseconds) permitted for reading a JNDI lookup reply from the host.

  • Type: Integer
  • Format: Valid values are 0 through 2147483647. 0 means wait forever.
  • Default: 10000 (that is, ten seconds)

Read Timeout Property
Property Source (in descending priority) Example

Initial Context

env.put(SupportedProperty.SOLACE_JMS_JNDI_READ_TIMEOUT, 60000);

JNDI Properties File

Solace_JMS_JNDI_ReadTimeout=60000

System

-DJNDI_Read_Timeout=60000

Reconnect Retries

This property specifies the number of times to attempt to reconnect to a host once an established JNDI connection has been lost. The JNDI connection to the host will not be reestablished if there is no JNDI lookup that needs to be performed.

When using a list of hosts for the URL property (refer to URL), and no connection is reestablished to any of the hosts, the API can reattempt connecting to the listed hosts again starting with the first host in the list. Each time the API works through the host list without establishing a reconnection is considered an reconnect retry. For example, if a Reconnect Retries value of two is used, the API could possibly work through all of the listed hosts without reconnecting to them three times: one time through for the initial connect attempt, and then two times through for reconnect retries.

After each unsuccessful attempt to reconnect to a host, the API waits for the amount of time set for Reconnect Retry Wait property (refer to Reconnect Retry Wait) before attempting another reconnection to a host. It should be noted that the number times to attempt to reconnect to one host before moving on to the next listed host is determined by the value set for the Connection Retries Per Host property (refer to Connection Retries Per Host).

  • Type: Integer
  • Format: Valid values are -1 through 2147483647. 0 means no automatic reconnect retries (that is, try once and give up); –1 means retry forever.
  • Default: 20

Reconnect Retries Property
Property Source (in descending priority) Example

Initial Context

env.put(SupportedProperty.SOLACE_JMS_JNDI_RECONNECT_RETRIES, 100);

JNDI Properties File

Solace_JMS_JNDI_ReconnectRetries=100

System

-DJNDI_Reconnect_Retries=100

Reconnect Retry Wait

If a connect or reconnect attempt to a host is not successful, the API waits the amount of time (in milliseconds) set for this property, and then makes another connect or reconnect attempt.

When using a list of hosts for the URL property (refer to URL), the Connect Retries Per Host property (refer to Connection Retries Per Host) sets how many connection or reconnection attempts can be made before moving on to the next host in the list.

  • Type: Integer
  • Format: Valid values are 0 through 60000. 0 means do not wait.
  • Default 3000 (that is, three seconds)

Reconnect Retry Wait Property
Property Source (in descending priority) Example

Initial Context

env.put(SupportedProperty.SOLACE_JMS_JNDI_RECONNECT_RETRY_WAIT, 10000);

JNDI Properties File

Solace_JMS_JNDI_ReconnectRetryWait=10000

System

-DJNDI_Reconnect_Retry_Wait=3000

SSL Certificate Validation

Indicates whether the API should validate server certificates with the trusted certificates in the trust store. A JKS or PKCS12 certificate file is used for the trust store. This property must be set to true to use the SSL Certificate Host Validation and SSL Certificate Date Validation properties.

  • Supported by: Solace PubSub+ and higher
  • Type: Boolean
  • Format: [true|false]
  • Default: true

This property applies to both the JNDI and data connections.

SSL Certificate Validation Property
Property Source (in descending priority) Example

Initial Context

env.put(SupportedProperty.SOLACE_JMS_SSL_VALIDATE_CERTIFICATE, true);

JNDI Properties File

Solace_JMS_SSL_ValidateCertificate=false

SSL Certificate Date Validation

Indicates whether the Session connection should fail when an expired certificate or a certificate not yet in use is received. No date validation is performed (overriding this property) if SSL Certificate Validation is set to false.

  • Supported by: Solace PubSub+ 6.0 and higher
  • Type: Boolean
  • Format: [true|false]
  • Default: true

This property applies to both the JNDI and data connections.

SSL Certificate Date Validation Property
Property Source (in descending priority) Example

Initial Context

env.put(SupportedProperty.SOLACE_JMS_SSL_VALIDATE_CERTIFICATE_DATE, true);

JNDI Properties File

Solace_JMS_SSL_ValidateCertificateDate=true

SSL Certificate Host Validation

Indicates if the session connection verifies if the subject alternative name in the server's X.509 certificate matches the host specified the URL property. If the X.509 certificate does not contain a subject alternative name section, the Common Name in the Subject field is checked instead. This setting is set to True by default (the recommended setting). It's important to note that the SSL Certificate Validation property overrides this property, therefore, if SSL Certificate Validation is set to false, no SSL certificate host validation is performed.

  • Supported by: Solace PubSub+ 9.7 and higher
  • Type: Boolean
  • Format: [true|false]
  • Default: true

This property applies to both the JNDI and data connections.

As per RFC 2818 and RFC 5280, Solace does not recommend that you set this property to false. Setting the property to false means that Server Certificate Validation Using Subject-Alternative Name is not performed.

SSL Certificate Host Validation Property

Property Source (in descending priority) Example

Initial Context

env.put(SupportedProperty.SOLACE_JMS_SSL_VALIDATE_CERTIFICATE_HOST, true);

JNDI Properties File

Solace_JMS_SSL_ValidateCertificateHost=true

SSL Cipher Suite

The TLS/ SSL cipher suites to use to negotiate a secure connection with the event broker.

A cipher suite is a combination of cryptographic parameters that define the security algorithms and key sizes used for authentication, key agreement, encryption, and integrity protection. Cipher suites can be specified using their JSSE name or OpenSSL name.

The Solace JMS API supports the following cipher suites (showing the JSSE name with the OpenSSL name in brackets):

  • TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 (ECDHE-RSA-AES256-SHA384)

    This cipher suite requires Java 7 or higher and the installation of the JCE Unlimited Strength Jurisdiction Policy Files.

  • TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (ECDHE-RSA-AES256-SHA)

    This cipher suite requires Java 7 or higher and the installation of the JCE Unlimited Strength Jurisdiction Policy Files.

  • TLS_RSA_WITH_AES_256_CBC_SHA256 (AES256-SHA256)

    This cipher suite requires Java 7 or higher and the installation of the JCE Unlimited Strength Jurisdiction Policy Files.

  • TLS_RSA_WITH_AES_256_CBC_SHA (AES256-SHA)

    This cipher suite requires installation of the JCE Unlimited Strength Jurisdiction Policy Files.

  • TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA (ECDHE-RSA-DES-CBC3-SHA)

    This cipher suite requires Java 7 or higher.

  • SSL_RSA_WITH_3DES_EDE_CBC_SHA (DES-CBC3-SHA)
  • TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (ECDHE-RSA-AES128-SHA)

    This cipher suite requires Java 7 or higher.

  • TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 (ECDHE-RSA-AES128-SHA256)

    This cipher suite requires Java 7 or higher.

  • TLS_RSA_WITH_AES_128_CBC_SHA256 (AES128-SHA256)

    This cipher suite requires Java 7 or higher.

  • TLS_RSA_WITH_AES_128_CBC_SHA (AES128-SHA)

This property applies to both the JNDI and data connections.

  • Supported by: Solace PubSub+ 6.0 and higher
  • Type: String
  • Format: Comma-separated list of ciphers
  • Default: All supported ciphers

This property applies to both the JNDI and data connections.

SSL Cipher Suite Property
Property Source (in descending priority) Example

Initial Context

env.put(

SupportedProperty.SOLACE_JMS_SSL_CIPHER_SUITE, "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA ");

JNDI Properties File

Solace_JMS_SSL_CipherSuites=SSL_RSA_WITH_RC4_128_SHA

SSL Connection Downgrade To

Sets the transport protocol that TLS/SSL connections will be downgraded to after client authentication. This property applies to both the JNDI and data connections.

  • Supported by: Solace PubSub+ 7.2 and higher
  • Type: String

  • Allowed values: "PLAIN_TEXT"

This property applies to both the JNDI and data connections.

SSL Connection Downgrade To Property
Property Source (in descending priority) Example

Initial Context

env.put( SupportedProperty.SOLACE_JMS_SSL_CONNECTION_DOWNGRADE_TO, “PLAIN_TEXT”);

JNDI Properties File

Solace_JMS_SSL_ConnectionDowngradeTo=PLAIN_TEXT

SSL Excluded Protocols

A comma-separated list of encryption protocols that should not be used. SSL v3.0 (sslv3), TLS v1.0 (tlsv1), TLS v1.1 (tlsv1.1) and TLS v1.2 (tlsv1.2) are valid entries. When specifying multiple protocols, the order is not important.

  • Supported by: Solace PubSub+ and higher
  • Type: String
  • Format: Comma-separated list of protocol names
  • Default: ""

TLS v1.1 (tlsv1.1) and TLS v1.2 (tlsv1.2) require Java 7 or greater.

This property applies to both the JNDI and data connections.

SSL Excluded Protocols Property
Property Source (in descending priority) Example

Initial Context

env.put(

SupportedProperty.SOLACE_JMS_SSL_EXCLUDED_PROTOCOLS, "tlsv1");

JNDI Properties File

Solace_JMS_SSL_ExcludedProtocols=tlsv1

SSL Internal Normalized Key Store Format

This property specifies the format of the internal normalized key store. It allows you to override the type of the internal normalized keystore used for processing the keys from the SSL Key Store if there are issues with the default format.

This property applies to both the JNDI and data connections.

  • Supported by: Solace PubSub+ 7.2.1 and higher
  • Type: String
  • Format: Typically one of the standard built-in formats, like “jks” or “pkcs12”
  • Default: “”. If not specified then the type of SSL Key Store is used.

SSL Key Store Format
Property Source (in descending priority) Example

Initial Context

env.put(

SupportedProperty.SOLACE_JMS_SSL_KEY_STORE_NORMALIZED_FORMAT, “pkcs12”);

JNDI Properties File

Solace_JMS_SSL_KeyStoreNormalizedFormat =pkcs12

System

System Property -Djavax.net.ssl.keyStoreNormalizedType=PKCS12

SSL Key Store

This property specifies the keystore to use in the URL or path format. The keystore holds the client’s private key and certificate required to authenticate a client during the TLS/SSL handshake. This property is required if the authentication scheme is client certificate authentication.

This property applies to both the JNDI and data connections.

  • Supported by: Solace PubSub+ 6.1 and higher
  • Type: String
  • Format: URL or path of the keystore file
  • Default: ""

This property applies to both the JNDI and data connections.

SSL Key Store Property
Property Source (in descending priority) Example

Initial Context

env.put(

SupportedProperty.SOLACE_JMS_SSL_KEY_STORE, "mykeystore.jks");

JNDI Properties File

Solace_JMS_SSL_KeyStore=myKeyStore.jks

System

-Djavax.net.ssl.keyStore=myKeyStore.jks

SSL Key Store Format

This property specifies the format of the given keystore. It applies to both the JNDI and data connections.

  • Supported by: Solace PubSub+ 6.1 and higher
  • Type: String
  • Format: JKS or PKCS12
  • Default: "jks"

This property applies to both the JNDI and data connections.

SSL Key Store Format
Property Source (in descending priority) Example

Initial Context

env.put(

SupportedProperty.SOLACE_JMS_SSL_KEY_STORE_FORMAT, "pkcs12");

JNDI Properties File

Solace_JMS_SSL_KeyStoreFormat=pkcs12

System

-Djavax.net.ssl.keyStoreType=PKCS12

SSL Key Store Password

This property specifies the keystore password to use and allows JMS to verify the integrity of the keystore.

This property applies to both the JNDI and data connections.

  • Supported by: Solace PubSub+ and higher
  • Type: String
  • Format: String
  • Default: ""

This property applies to both the JNDI and data connections.

SSL Key Store Password
Property Source (in descending priority) Example

Initial Context

env.put(SupportedProperty.SOLACE_JMS_SSL_KEY_STORE_PASSWORD, "password");

JNDI Properties File

Solace_JMS_SSL_KeyStoreFormat=mypass

System

-Djavax.net.ssl.keyStorePassword=mypass

SSL Private Key Alias

This property specifies which private key in the keystore to use for authentication. This property is necessary when a keystore with multiple private key entries is used.

This property applies to both the JNDI and data connections.

  • Supported by: Solace PubSub+ and higher
  • Type: String
  • Format: String
  • Default: ""

This property applies to both the JNDI and data connections.

SSL Private Key Alias
Property Source (in descending priority) Example

Initial Context

env.put(SupportedProperty.SOLACE_JMS_SSL_PRIVATE_KEY_ALIAS, "alias");

JNDI Properties File

Solace_JMS_SSL_PrivateKeyAlias=alias

SSL Private Key Password

This property specifies which private key in the keystore to use for authentication. This property is necessary when a keystore with multiple private key entries is used.

This property applies to both the JNDI and data connections.

  • Supported by: Solace PubSub+ 6.1 and higher
  • Type: String
  • Format: String
  • Default: ""

This property applies to both the JNDI and data connections.

SSL Private Key Password Property
Property Source (in descending priority) Example

Initial Context

env.put(SupportedProperty.SOLACE_JMS_SSL_PRIVATE_KEY_PASSWORD, "password");

JNDI Properties File

Solace_JMS_SSL_PrivateKeyPassword=password

SSL Protocol

A comma-separated list of the encryption protocols to use. SSL v3.0 (sslv3), TLS v1.0 (tlsv1), TLS v1.1 (tlsv1.1) and TLS v1.2 (tlsv1.2) are supported. When specifying multiple protocols, the order is not important.

  • Supported by: Solace PubSub+ 6.0 and higher
  • Type: String
  • Format: Comma-separated list of protocol names
  • Default: "sslv3,tlsv1,tlsv1.1,tlsv1.2".
  • As of Solace PubSub+ 7.1, use of the “SSL Excluded Protocols” property is recommended instead. You may not use both “SSL Protocol” and “SSL Excluded Protocols”. Refer to SSL Excluded Protocols.
    • TLS v1.1 (tlsv1.1) and TLS v1.2 (tlsv1.2) require Java 7 or greater.

This property applies to both the JNDI and data connections.

SSL Protocol Property
Property Source (in descending priority) Example

Initial Context

env.put(SupportedProperty.SOLACE_JMS_SSL_PROTOCOL, "tlsv1");

JNDI Properties File

Solace_JMS_SSL_Protocol=tlsv1

SSL Trust Store

The trust store file to use. This property is mandatory if the SSL Certificate Validation property is set to true.

  • Supported by: Solace PubSub+ 6.0 and higher
  • Type: String
  • Format: URL or path of the trust store file
  • Default: ""

This property applies to both the JNDI and data connections.

SSL Trust Store Property
Property Source (in descending priority) Example

System

-Djavax.net.ssl.trustStore=myTrustStore.jks

JNDI Properties File

Solace_JMS_SSL_TrustStore=myTrustStore.jks

Initial Context

env.put(

SupportedProperty.SOLACE_JMS_SSL_TRUST_STORE, "mytruststore.jks");

SSL Trust Store Format

Indicates the format used by the trust store provided for the SSL Trust Store property.

  • Supported by: Solace PubSub+ 6.0 and higher
  • Type: String
  • Format: "jks" or "pkcs12"
  • Default: "jks"

This property applies to both the JNDI and data connections.

SSL Trust Store Format Property
Property Source (in descending priority) Example

Initial Context

env.put(SupportedProperty.SOLACE_JMS_SSL_TRUST_STORE_FORMAT, "pkcs12");

JNDI Properties File

Solace_JMS_SSL_TrustStoreFormat=pkcs12

System

-Djavax.net.ssl.keyStoreType=PKCS12

SSL Trust Store Password

The password for the trust store provided for the SSL Trust Store property. This property is mandatory if the SSL Certificate Validation property is set to true.

  • Supported by: Solace PubSub+ 6.0 and higher
  • Type: String
  • Format: String
  • Default: ""

This property applies to both the JNDI and data connections.

SSL Trust Store Password Property
Property Source (in descending priority) Example

Initial Context

env.put(SupportedProperty.SOLACE_JMS_SSL_TRUST_STORE_PASSWORD, "password");

JNDI Properties File

Solace_JMS_SSL_TrustStorePassword=mypass

System

-Djavax.net.ssl.trustStorePassword=mypass

SSL Trusted Common Name List

A list of up to 16 acceptable common names for matching in server certificates. If no common names are provided (the default), it means that there is no common name verification and all common names are acceptable.

No common name validation is performed if SSL Certificate Validation is set to false or the SSL Server Certificate Validation is set to true.

  • Supported by: Solace PubSub+ 6.0 and higher
  • Type: String
  • Format: Comma-separated list of common names

    Leading and trailing white spaces are considered to be part of the common names and are not ignored.

  • Default: ""

This property applies to both the JNDI and data connections.

SSL Trusted Common Name List
Property Source (in descending priority) Example

Initial Context

env.put(SupportedProperty.SOLACE_JMS_SSL_TRUSTED_COMMON_NAME_LIST, "acme.com,www.acme.com");

JNDI Properties File

Solace_JMS_SSL_TrustedCommonNameList= acme.com,www.acme.com

URL

This property specifies the IP address and port (optional) of the host (LDAP server or event broker) to connect to for a JNDI lookup. A host entry uses the following format:

<URI Scheme>://[username]:[password]@<IP address>[:port]

Where:

URI Scheme is the uniform resource identifier (URI) scheme used for the JNDI lookup. The valid values are:

  • smf—use plain-text over SMF for communications between the application and the host. SMF is the default.
  • smfs—use TLS/ SSL protocols over SMF for secure communications between the application and the host

username is the user name that is required to authenticate a client connecting to the host. A client username can be used by a single or by multiple JMS clients.

password is the username password for the connection when authentication is required.

IP address is the IP address (or hostname) of the host. To specify a prioritized list of hosts that a client can attempt to connect to, list each IP address, in order of importance, separated by a comma.

port is the port number to use to establish the connection. A value is only required when the client needs to use a port other than the automatically‑assigned default port number. The default port number for is 55555 when compression is not in use, or 55003 when compression is in use. The default port for TLS/SSL connections (with or without compression) is 55443.

  • Type: String
  • Format: smf://username:password@ipaddress:port
  • Default: None

The provided URL parameters are used for both a JNDI connection and a JMS data connection. This is useful when both the JNDI and JMS data connections are for an event broker that provides JNDI and JMS service. However, when the JNDI store to be used is hosted on an LDAP server, and the event broker is only used for the JMS broker, the specified URL parameters, which are used for the JNDI connection, can be overridden by parameters specified in the Connection Factory when creating a JMS connection.

URL Property
Property Source (in descending priority) Example

Initial Context

env.put(

InitialContext.PROVIDER_URL, “smf://user:pwd@192.168.1.1:55555”);

System

-Djava.naming.provider.url=smf://192.168.1.1

JNDI Properties File

java.naming.provider.url=smf://192.168.1.1,smf://192.168.2.1

Host=smf://192.168.1.1,smf://192.168.2.1

Note: This example shows a prioritized list of event brokers.

Username

This property specifies the username to connect to the event broker with. By default, this username property applies to both the JNDI connection and JMS data connections, but it can be overridden when creating a JMS connection.

  • Type: String
  • Format: The maximum length is 32 characters.
  • Default: None

Username Property
Property Source (in descending priority) Example

System

-Djava.naming.security.principal=user1

Initial Context

env.put(Context.SECURITY_PRINCIPAL, user1);

JNDI Properties File

java.naming.security.principal=user1

URL

smf://user1:pwd@192.168.1.1:55555

With host lists there is the capability to specify a username or password with every URL. In this case, the chosen username and password are the first ones found in the URL list.

VPN

This property specifies the Message VPN to use when connecting to the event broker. This property applies to both the JNDI and data connections. The default value is “” which means connect to the default Message VPN.

  • Type: String
  • Format: The maximum length is 32 bytes when encoded in UTF-8.
  • Default: “”

Message VPN Property
Property Source (in descending priority) Example

System

-DSolace_JMS_VPN=myVPN

Initial Context

env.put(SupportedProperty.SOLACE_JMS_VPN, “myVPN”);

JNDI Properties File

Solace_JMS_VPN=myVPN

Username

env.put(Context.SECURITY_PRINCIPAL, user1@myVPN);

  • Applies to both the JNDI and Data connections.
  • The Message VPN can be set as part of the username. This is useful in application servers that only understand the standard properties.