The key information for the default consumer is used to specify
the key for the signing or the encryption information configurations if these
bindings are not defined at the application level.
About this task
newfeat Best practice: The WebSphere® Application Server Version 6.1
Feature Pack for Web Services extends the capabilities of this product
to introduce support for the Java API for XML-Based Web Services (JAX-WS) 2.0 programming model.
JAX-WS is the next generation Web services programming model complimenting
the foundation provided by the Java API for XML-based RPC (JAX-RPC) programming model. Using the strategic
JAX-WS programming model, development of Web services and clients
is simplified through support of a standards-based annotations model.
Although the JAX-RPC programming model and applications are still
supported, take advantage of the easy-to-implement JAX-WS programming
model to develop new Web services applications and clients. bprac
The
signing and encryption information configurations can share the same key information,
which is why they are both defined on the same level. WebSphere Application
Server provides default values for these bindings. However, an administrator
must modify these values for a production environment.
You
can configure the key information for the consumer binding on the server level
and the cell level. In the following steps, use the first step to access the
server-level default bindings and use the second step to access the cell-level
bindings:
Procedure
- Access the default bindings for the server level.
- Click Servers > Application servers > server_name.
- Under Security, click Web services: Default bindings for
Web services security.
- Click Security > Web services to
access the default bindings on the cell level.
- Under Default consumer bindings, click Key information.
- Click New to create a key information configuration, click Delete to
delete an existing configuration, or click the name of an existing key information
configuration to edit the settings. If you are creating a new configuration,
enter a unique name for the key configuration in the Key information name
field. For example, you might specify con_signkeyinfo.
- Select a key information type from the Key information type field.
WebSphere Application Server supports the following types of key information:
- Key identifier
- This key information type is used when two parties agree on how to create
a key identifier. For example, a field of X.509 certificates can be used for
the key identifier according to the X.509 profile.
- Key name
- This key information type is used when the sender and receiver agree on
the name of the key.
- Security token reference
- This key information type is typically used when an X.509 certificate
is used for digital signature.
- Embedded token
- This key information type is used to embed a security token in an embedded
element.
- X509 issuer name and issuer serial
- This key information type specifies an X.509 certificate with its issuer
name and serial number.
Select
Security token reference if you are using
an X.509 certificate for the digital signature. In these steps, it is assumed
that
Security token reference is selected for this field.
Important: This
key information type must match the key information type that is specified
for the generator.
- Select a key locator reference from the Key locator reference menu.
In these steps, assume that the key locator reference is called sig_klocator.
You must configure a key locator before you can select it in this field. For
more information on configuring the key locator, see Configuring the key locator using JAX-RPC on the server or cell level.
- Select a token reference from the Token reference field.
The token reference refers to the name of a configured token consumer.
When a security token is required in the deployment descriptor, the token
reference attribute is required. If you select Security token reference in
the Key information type field, the token reference is required and you can
specify an X.509 token consumer. To specify an X.509 token consumer, you must
have an X.509 token consumer configured. To configure an X.509 token consumer,
see Configuring token consumers using JAX-RPC to protect message authenticity at the server or cell level.
- Click OK and Save to save the configuration.
Results
You have configured the key information for the consumer binding at
the server or cell level.
What to do next
You must specify a similar key information configuration for the
generator.