+

Search Tips   |   Advanced Search

 

Configure key locators using the console

 

You can configure binding information and key locators using the WAS console.

 

Overview

There is an important distinction between V5.x and V6 and later applications. The information in this article supports V5.x applications only that are used with WebSphere Application Server V6.0.x and later. The information does not apply to V6.0.x and later applications.

This task provides instructions on how to configure key locators using the WAS administrative console. You can configure binding information in the console. You must use an assembly tool to configure extensions. The following steps are used to configure a key locator in the console for a specific application:

 

Procedure

  1. Open the console.

    Type http://localhost:port_number/ibm/console in your Web browser unless you have changed the port number.

  2. Click Applications > Enterprise Applications > application_name.

  3. Under Related Items, click either Web Modules or EJB Modules, depending on the type of module you are securing.

  4. Click the name of the module you are securing.

  5. Under Additional Properties, click either Web services: Client security bindings or Web services: Server security bindings, depending on whether you are adding the key locator to the client security bindings or to the server security bindings. If you do not see any entries, return to the assembly tool and configure the security extensions.

  6. Edit the Request Sender Binding, Response Receiver Binding, Request Receiver Binding, or Response Sender Binding.

  7. Click Key Locators.

  8. Click New to configure a new key locator, select the box next to a key locator name and click Delete to delete a key locator, or click the name of a key locator to edit its configuration. If you are configuring a new key locator or editing an existing one, complete the following steps:

    1. Specify a name for the key locator in the Key Locator Name field.

    2. Specify a name for the key locator class implementation in the Key Locator Classname field. WAS has the following default key locator class implementations:

      com.ibm.wsspi.wssecurity.config.WSldKeyStoreMapKeyLocator

      This class is used by the response sender to map an authenticated identity to a key. If encryption is used, this class is used to locate a key to encrypt the response message. The com.ibm.wsspi.wssecurity.config.WSldKeyStoreMapKeyLocator class has the capability to map an authenticated identity from the invocation credential of the current thread to a key that is used to encrypt the message. If an authenticated identity is present on the current thread, the class maps the ID to the mapped name. For example, user1 is mapped to mappedName_1. Otherwise, name="default". When a matching key is not found, the authenticated identity is mapped to the default key specified in the binding file.

      com.ibm.wsspi.wssecurity.config.KeyStoreKeyLocator

      This class is used by the response receiver, the request sender, and the request receiver to map a name to an alias. Encryption uses this class to obtain a key to encrypt a message and digital signature uses this class to obtain a key to sign a message. The com.ibm.wsspi.wssecurity.config.KeyStoreKeyLocator class maps a logical name to a key alias in the key store file. For example, key #105115176771 maps to CN=Alice, O=IBM, C=US.

    3. Specify the password used to access the key store password in the Key Store Password field. This field is optional because the key locator does not use a key store.

    4. Specify the path name used to access the key store in the Key Store Path field. This field is optional because the key locator does not use a key store. Use ${USER_INSTALL_ROOT} because this path expands to the WAS path on your machine.

    5. Select a keystore type from the Key Store Type field. This field is optional because the key locator does not use a key store. Use the JKS option if you are not using the Java Cryptography Extensions (JCE) policy and use JCEKS if you are using the JCE policy.


 

Related concepts


Key locator

 

Related tasks


Configure key locators using an assembly tool
Configure the client security bindings using an assembly tool
Configure the security bindings on a server acting as a client using the console
Configure the server security bindings using an assembly tool
Configure the server security bindings using the console
Securing Web services for V5.x applications using XML digital signature

 

Related information


keytool - Key and Certificate Management Tool