+

Search Tips   |   Advanced Search

Key locator configuration settings

Use this page to specify the settings for a key locator configuration. The key locators retrieve keys from the keystore file for digital signature and encryption. This product enables you to plug in a custom key locator configuration.

To view the console panel for the key locator collection on the cell level...

  1. Click Security > JAX-WS and JAX-RPC security runtime.

  2. Under Additional properties, click Key locators.

  3. Click New to create a new configuration or click the name of a configuration to modify its settings.
To view this console page for the key locator collection on the server level...

  1. Click Servers > Server Types > WebSphere application servers > server_name.

  2. Under Security, click JAX-WS and JAX-RPC security runtime.

    In a mixed node cell with a server using Websphere Application Server version 6.1 or earlier, click Web services: Default bindings for Web Services Security.

  3. Under Additional properties, click Key locators.

  4. Click New to create a new configuration or click the name of a configuration to modify its settings.

To use this console page for the key locator collection on the application level...

  1. Click Applications > Application Types > WebSphere enterprise applications > application_name.

  2. Click Manage modules > URI_name.

  3. Under Web Services Security properties, we can access key locators for the following bindings:

    • For the Request generator, click Web services: Client security bindings. Under Request generator (sender) binding, click Edit custom > Key locators.

    • For the Request consumer, click Web services: Server security bindings. Under Request consumer (receiver) binding, click Edit custom > Key locators.

    • For the Response generator, click Web services: Server security bindings. Under Response generator (sender) binding, click Edit custom > Key locators.

    • For the Response consumer, click Web services: Client security bindings. Under Response consumer (receiver) binding, click Edit custom > Key locators.

  4. Click New to create a new configuration or click the name of a configuration to modify its settings.


Key locator name

Name of the key locator.

Information Value
Data type String


Key locator class name

Name for the key locator class implementation.

Key locators associated with Versions 6 and later applications must implement the com.ibm.wsspi.wssecurity.keyinfo.KeyLocator interface. This product provides the following default key locator class implementations for Versions 6 and later applications:

com.ibm.wsspi.wssecurity.keyinfo.KeyStoreKeyLocator

This implementation locates and obtains the key from the specified keystore file.

com.ibm.wsspi.wssecurity.keyinfo.SignerCertKeyLocator

This implementation uses the public key from the certificate of the signer. This class implementation is used by the response generator.

This property is for JAX-RPC only. To implement signer certificate encryption for the JAX-WS programming model, set a custom property on the callback handler for the encryption token generator. For more information, read the topic Callback handler settings.

com.ibm.wsspi.wssecurity.keyinfo.X509TokenKeyLocator

This implementation uses the X.509 security token from the sender message for digital signature validation and encryption. This class implementation is used by the request consumer and the response consumer.

Information Value
Data type String


Keystore

Specifies information about the key store used by this key locator configuration.

None

Use this option if a key store is not required to be specified for this key locator configuration.

Predefined keystore

Specify a predefined keystore for this key locator configuration.

User-defined keystore

Specify a user-defined key store for this key locator configuration.


Keystore configuration name

Name of the key store configuration defined in the keystore settings in secure communications.

The keystore configuration name is located under the Predefined keystore field, which is located under the Keystore section of the page.

Information Value
Data type String


Keystore password

Password used to access the keystore file.

The keystore password is located under the User-defined keystore field, which is located under the Keystore section of the page.

Information Value
Data type String


Keystore path

Location of the keystore file.

The path is located under the User-defined keystore field, which is located under the Keystore section of the page.

Information Value
Data type String


Keystore type

Type of keystore file.

The type is located under the User-defined keystore field, which is located under the Keystore section of the page.

JKS

Use this option if you are not using Java Cryptography Extensions (JCE) and if the keystore file uses the Java Keystore (JKS) format.

JCEKS

Use this option if you are using Java Cryptography Extensions.

(zos) JCERACFKS

Use JCERACFKS if the certificates are stored in a SAF key ring (z/OS only).

PKCS11KS (PKCS11)

Use this format if the keystore file uses the PKCS#11 file format. Keystores files that use this format might contain RSA keys on cryptographic hardware or might encrypt keys that use cryptographic hardware to ensure protection.

PKCS12KS (PKCS12)

Use this option if the keystore file uses the PKCS#12 file format.

Information Value
Default JKS
Range JKS, JCEKS, PKCS11KS (PKCS11), PKCS12KS (PKCS12)


Related tasks

  • Configure the key locator using JAX-RPC for the generator binding on the application level

    Key locator collection

    Key collection

    Key configuration settings