Key locator configuration settings

Use this page to specify the settings for a key locator configuration. The key locators retrieve keys from the keystore file for digital signature and encryption. This product enables you to plug in a custom key locator configuration.

To view the administrative console panel for the key locator collection on the cell level, complete the following steps:
  1. Click Security > Web services.
  2. Under Additional properties, click Key locators.
  3. Click New to create a new configuration or click the name of a configuration to modify its settings.
To view this administrative console page for the key locator collection on the server level, complete the following steps:
  1. Click Servers > Application servers > server_name .
  2. Under Security, click Web services: Default bindings for Web services security.
  3. Under Additional properties, click Key locators.
  4. Click New to create a new configuration or click the name of a configuration to modify its settings.
To use this administrative console page for the key locator collection on the application level, complete the following steps:
  1. Click Applications > Enterprise applications > application_name.
  2. Click Manage modules > URI_name.
  3. Under Web Services Security properties, you can access key locators for the following bindings:
    • For the Request generator, click Web services: Client security bindings. Under Request generator (sender) binding, click Edit custom > Key locators.
    • For the Request consumer, click Web services: Server security bindings. Under Request consumer (receiver) binding, click Edit custom > Key locators.
    • For the Response generator, click Web services: Server security bindings. Under Response generator (sender) binding, click Edit custom > Key locators.
    • For the Response consumer, click Web services: Client security bindings. Under Response consumer (receiver) binding, click Edit custom > Key locators.
  4. Click New to create a new configuration or click the name of a configuration to modify its settings.

Key locator name

[Version 5 and 6 only]

Specifies the name of the key locator.

Data type String

Key locator class name

[Version 6 only]

Specifies the name for the key locator class implementation.

The Java Authentication and Authorization Service (JAAS) Login Module implementation is used to create the security token on the generator side and to validate (authenticate) the security token on the consumer side. This product provides the following default key locator class implementations for Versions 6 and later applications:

com.ibm.wsspi.wssecurity.keyinfo.KeyStoreKeyLocator
This implementation locates and obtains the key from the specified keystore file.
com.ibm.wsspi.wssecurity.keyinfo.SignerCertKeyLocator
This implementation uses the public key from the certificate of the signer. This class implementation is used by the response generator.

This property is for the JAX-RPC programming model only. To implement signer certificate encryption for the JAX-WS programming model, set a custom property on the callback handler for the encryption token generator.

com.ibm.wsspi.wssecurity.keyinfo.X509TokenKeyLocator
This implementation uses the X.509 security token from the sender message for digital signature validation and encryption. This class implementation is used by the request consumer and the response consumer.
Data type String

Key store password

[Version 6 only]

Specifies the password that is used to access the keystore file.

Key store configuration name

[Version 6 only]

Specifies the name of the key store configuration that is defined in the keystore settings in secure communications.

Key store path

[Version 6 only]

Specifies the location of the keystore file.

Key store type

[Version 6 only]

Specifies the type of keystore file.

JKS
Use this option if you are not using Java Cryptography Extensions (JCE) and if your keystore file uses the Java Keystore (JKS) format.
JCEKS
Use this option if you are using Java Cryptography Extensions.
JCERACFKS [z/OS]
Use JCERACFKS if the certificates are stored in a SAF key ring (z/OS only).
PKCS11KS (PKCS11)
Use this format if your keystore file uses the PKCS#11 file format. Keystores files that use this format might contain Rivest Shamir Adleman (RSA) keys on cryptographic hardware or might encrypt keys that use cryptographic hardware to ensure protection.
PKCS12KS (PKCS12)
Use this option if your keystore file uses the PKCS#12 file format.
Default JKS
Range JKS, JCEKS, PKCS11KS (PKCS11), PKCS12KS (PKCS12)



Related tasks
Configuring the key locator using JAX-RPC for the generator binding on the application level
Related reference
Key locator collection
Key collection
Key configuration settings
Reference topic Reference topic    

Terms and conditions for information centers | Feedback

Last updatedLast updated: Aug 31, 2013 1:23:07 AM CDT
http://www14.software.ibm.com/webapp/wsbroker/redirect?version=pix&product=was-nd-dist&topic=uwbs_keyln
File name: uwbs_keyln.html