Setting Up a Security Server

The first step to implementing Advanced security is setting up a security server. In a non-clustered environment, the security server is the server hosting ColdFusion, where your ColdFusion programming resources, files, data sources, custom tags, Verity collections and so on, are stored. In a clustered environment, you can define a single security server in the cluster to handle all security authentication and authorization. In this case, the other servers in the cluster all point to the security server to authenticate and authorize users and groups.

You can only administer Advanced security from the security server. You can't administer it from a client or from another server in a cluster.

Note It's a good idea to take the ColdFusion server offline while you're configuring Advanced security.

Note To set up a security server:
  1. Open the ColdFusion Administrator.Click the Advanced Security link.

    You see the Advanced Server Security page.

  2. Select the Use Advanced Server Security check box. This enables you to set up a security context with policies, rules, and users.
  3. Enter the physical location of the security server and click Apply. By default, this is the localhost IP# 127.0.0.1. You can supply an IP address or a logical name that can be resolved to a physical address.
  4. Enter a Shared Secret, which is part of the encryption key that validates Advanced security transactions. Since the default is the same for all ColdFusion Server configurations, you should change the shared secret at least once.
  5. ColdFusion reserves the Authorization and Authentication ports to pass security information. Change the port number values only in the unlikely event that these ports are already in use by some other process on the server.
  6. Under Security Server Cache settings, click to enable the Security Server Policy Store Cache, Security Server Authorization Cache, or ColdFusion Server Cache if you want ColdFusion to cache security information and transactions on the security server.

    See "Caching Advanced Security Information" for a description of the Advanced security caches.

    You can also change the Refresh Interval setting for any of the caches. This determines how often a cache gets flushed.

    The Load Security Server Policy Store Cache at Startup option loads this cache every time you start ColdFusion services.

    The Maximum Cache Entries option sets the maximum number of entries for each cache buffer. If you exceed the number, a warning is written to the server.log file.