Transfer CFT partner template

When a flow using Transfer CFTs is deployed, Central Governance deploys on each Transfer CFT the definition of the partners defined in the flow.

There are three Transfer CFT partner objects involved: CFTPART, CFTTCP, and and CFTSSL (when using mutual authentication). When flows use mutual authentication, two Transfer CFT PKI objects are created on each Transfer CFT: PKICER and PKIENTITY. (A PKI entity is created for each new CFTSSL, where the entity includes the root certificate aliases used in flows. The entity alias is included in the ROOTCID field in the CFTSSL object.)

• For each CFTPART, Central Governance sets values for the fields ID, NRPART, NRPASSW, NSPART, NSPASSW, PROT, SAP, and SSL (SSL if mutual authentication is used). The NSPASSW/NRPASSW is either generated or configured in the Transfer CFT static configuration.
• For each CFTTCP, Central Governance sets values for the fields ID, CLASS, HOST, CNXIN, CNXOUT, CNXINOUT.
• For each CFTSSL, Central Governance sets values for the fields ID, DIRECT, VERSION, KEYTEXT, CIPHLIST, USERCID, VERIFY, ROOTCID (includes alias of PKI certificate or/and PKI entity) and ORIGIN.

All other CFTTCP, CFTPART, and CFTSSL fields use the default values.

You can overwrite the following fields by editing the com.axway.cmp.cgcft-default.cfg file at <install directory\runtime\com.axway.nodes.ume_<UUID>\conf. Changing this file does not require restarting Central Governance. Changes apply only to flows defined after the file is edited.

You can overwrite the following fields with values from the partner template configuration file.

Note

After creating a partner template, values from it are pushed only to flows created between new partners that did not previously exist.

Note

If you accidentally remove a template value (for example, cft.partner.cnxin= ) leaving it empty, this breaks the partner template and you must restart Central Governance to recover the functionality.

Transfer CFT field	Corresponding property in Central Governance configuration file	Central Governance value	Default Central Governance value if not set
CFTPART - ID	Name of the Transfer CFT partner.	%HOSTNAME% (product host as it appears in the product list) Note Flows with relays that have store and forward enabled and acknowledgments disabled are not supported when using the cft.partner.id=%HOSTNAME% in a partner template.	STRING max_length=32
CFTTCP – CNXIN, CNXOUT, CNXINOUT	cft.partner.cnxin cft.partner.cnxout cft.partner.cnxinout	0..1000
CFTTCP – RETRYW, RETRYM, RETRYN	cft.partner.retryw cft.partner.retryn cft.partner.retrym	0..32767	RETRYW = '1', RETRYM ='30', RETRYN ='20'
CFTPART - COMMENT	cft.partner.comment	STRING or {%application.<comment1>%} Where application.<comment1> refers to an application custom attribute. See Note. If multiple applications are defined for the same Transfer CFT, the application custom attribute from the application used in the most recently deployed flow is used.	STRING max_length=80
CFTPART - GROUP	cft.partner.group	STRING or {%application.<group1>%} Where application.<group1> refers to an application custom attribute. See Note. If multiple applications are defined for the same Transfer CFT, the application custom attribute from the application used in the most recently deployed flow is used.	STRING max_length=32
CFTSSH - HMAC	cft.ssh.hmac	List of accepted HMAC (keyed-hash message authentication code). Possible values are: HMAC-SHA2-512,HMAC-SHA2-256,HMAC-SHA1, NONE	None

The default Central Governance value is used if any property or value is missing.

*A PKI entity is created for each new CFTSSL, where the entity includes the root certificate aliases used in flows. The entity alias is included in the ROOTCID field in the CFTSSL object.

Note

For more information, see Application custom attributes and Use custom attributes.