Configuring key information for the consumer binding

Prior to completing this task, complete the following steps:

  1. Configure the key locator that is referenced by the key information configuration. For more information, see Configuring the key locator for the consumer binding with an assembly tool.

  2. Configure the token consumer that is referenced by the key information configuration. For more information, see Configuring token consumers with an assembly tool

Complete the following steps to configure the key information for the server-side and client-side bindings using an assembly tool. The key information on the consumer side is used for specifying the information about the key that is used for validating the digital signature in the received message or for decrypting the encrypted parts of the message. The response consumer is configured for the client and the request consumer is configured for the server. In the following steps, configure either the client-side bindings in step 2 or the server-side bindings in step 3.

  1. Click Window > Open Perspective > J2EE.

  2. Optional:

    Locate the client-side bindings using the Project Explorer window. The Client Deployment Descriptor window is displayed. This Web service contains the extensions that you need to configure. Complete the following steps to locate the client-side bindings:

    1. Expand the Web Services > Client section and double-click the name of the Web service.

    2. Click the WS Binding tab and expand the Security Response Consumer Binding Configuration section.

  3. Optional:

    Locate the server-side bindings using the Project Explorer window. The Web Services Editor window is displayed. This Web service contains the bindings that you need to configure. Complete the following steps to locate the server-side bindings:

    1. Expand the Web Services > Services section and double-click the name of the Web service.

    2. Click the Binding Configurations tab and expand the Request Consumer Binding Configuration Details section.

  4. Expand the Key Information section and click Add to add a new entry or click Edit to edit a selected entry.

  5. Specify a name for this configuration in the Key information name field. This configuration name is referenced by the Key information element within the Signing Information and Encryption Information Dialog windows. For more information, see Configuring signing information for the consumer binding and Configuring encryption information for the consumer binding.

  6. Select a key information type from the Key information type field. The key information types specify different mechanisms for referencing security tokens. The assembly tools support the following key information types:

    STRREF

    This type is the security token reference. The security token is directly referenced using Universal Resource Identifiers (URIs). The following <KeyInfo> element is generated in the SOAP message for this key information type:

    <ds:KeyInfo>
                  <wsse:SecurityTokenReference>
                       <wsse:Reference URI="#mytoken" />
                  </wsse:SecurityTokenReference>
             </ds:KeyInfo> 

    EMB

    This type is the embedded token. The security token is directly embedded within the <SecurityTokenReference> element. The following <KeyInfo> element is generated in the SOAP message for this key information type:

    <ds:KeyInfo>
       <wsse:SecurityTokenReference>
          <wsse:Embedded wsu:Id="tok1" />
             …
          </wsse:Embedded>
       </wsse:SecurityTokenReference>
    </ds:KeyInfo>

    KEYID

    This type is a key identifier. The security token is referenced using an opaque value that uniquely identifies the token. The algorithm that is used for generating the key identifier value depends upon the token type. For example, a hash of the important elements of the security token is used for generating the KeyIdentifier value. The following <KeyInfo> element is generated in the SOAP message for this key information type:

    <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
       <wsse:SecurityTokenReference>
          <wsse:KeyIdentifier ValueType="wsse:X509v3">/62wXO...</wsse:KeyIdentifier>
       </wsse:SecurityTokenReference>
    </ds:KeyInfo>

    KEYNAME

    This type is the key name. The security token is referenced using a name that matches an asserted identity within the token.

    Note: Do not use this key type as it might result in multiple security tokens that match the specified name. The KEYNAME type does not require a token consumer reference. The following <KeyInfo> element is generated in the SOAP message for this key information type:

    <ds:KeyInfo>
       <ds:KeyName>CN=Group1</ds:KeyName>
    </ds:KeyInfo>

    X509ISSUER

    This type is the X.509 certificate issuer name and serial number. The security token is referenced by an issuer name and issuer serial number of an X.509 certificate. The following <KeyInfo> element is generated in the SOAP message for this key information type:

    <ds:KeyInfo>
       <wsse:SecurityTokenReference>
          <ds:X509Data>
             <ds:X509IssuerSerial>
                <ds:X509IssuerName>CN=Jones, O=IBM, C=US</ds:X509IssuerName>
                <ds:X509SerialNumber>1040152879</ds:X509SerialNumber>
             </ds:X509IssuerSerial>
          </ds:X509Data>
       </wsse:SecurityTokenReference>
    </ds:KeyInfo>

  7. Select the Use key locator option. Complete the following steps:

    1. Select the name of a key locator configuration from the Key locator field. The value of this field is a reference to a key locator that specifies how to find keys or certificates. For more information, see Configuring the key locator for the consumer binding with an assembly tool.

    2. Optional:

      Specify a key name in the Key name field. You do not need to specify the key name when you configure the key information for the consumer.

  8. Optional:

    Select the Use token option and a token consumer configuration in the Token field if a token consumer is required for the key information configuration. The token that you select specifies a reference to a token consumer that is used for processing the security token within the message. A token consumer is required for all key information types except the KEYNAME type. Before you specify a token reference, configure a token consumer. For more information on token consumer configurations, see Configuring token consumers with an assembly tool.

After completing this task, configure the signing information or encryption information that references the key information that is specified by this task. For more information, see Configuring signing information for the consumer binding or Configuring encryption information for the consumer binding.

 

Related tasks

Configuring the key locator for the consumer binding with an assembly tool

Configuring token consumers with an assembly tool

Configuring signing information for the consumer binding

Configuring encryption information for the consumer binding