Key information settings

WAS v8.5 > Reference > Sets
Key information settings page

Use this page to configure the key information for the selected policy set binding. Key information attributes define how cryptographic keys are generated or consumed.
We can configure the key information for the selected policy set binding when editing a default cell or server binding. We can also configure application specific bindings for tokens and message parts required by the policy set.
To view this dmgr console page when editing a default cell binding:

Click Services > Policy sets > General provider policy set bindings or General client policy set bindings.

Click on a binding name in the Name column.

Click the WS-Security policy in the Policies table.

Click the Keys and certificates link in the Main message security policy bindings section.

Click a key in the Name column of the Key information table.

To view this dmgr console page when we are configuring application specific bindings for tokens and message parts required by the policy set:

Click Applications > Application Types > WebSphere enterprise applications.
Select an application containing web services. The application must contain a service provider or a service client.

Click the Service provider policy sets and bindings link or the Service client policy sets and bindings in the Web Services Properties section.
Select a binding. You must have previously attached a policy set and assigned a application specific binding.

Click the WS-Security policy in the Policies table.

Click the Keys and certificates link in the Main message security policy bindings section.

Click a key in the Name column of the Key information table.

This dmgr console page applies only to JAX-WS applications.

Name

Unique name for the key information configuration.
The key information name field displays the unique name of the key that is being configured if you are editing a key. If we are creating one, enter a unique name.

Type

Lists the type of key reference.
This field appears only if you selected an encryption or signing key for the generator binding, such as gen_signkeyinfo, gen_signsctkeyinfo, gen_encsctkeyinfo, or gen_enckeyinfo.
We can select one of the following key types from this list:

Key identifier

The associated attribute in the binding file is KEYID.

Security token reference

The associated attribute in the binding file is STRREF.

Embedded token

The associated attribute in the binding file is EMB.

X.509 issuer name and issuer serial

The associated attribute in the binding file is X509ISSUER.

Thumbprint

The associated attribute in the binding file is THUMBPRINT.
The Thumbprint key information type requires a keystore with the public and private key pair instead of a shared key.

Information Value
Data type: Selection list

Token generator or consumer name

Name of the token generator or consumer. Unique name for the token configuration.
The token generator or consumer name field displays the name of the pre-configured tokens that can be used in the key information configuration if you are editing a key or creating a new key.
We can select a token generator or consumer name from this list. The list of names changes, depending on whether the key information selected is for inbound (consumer) keys or outbound (generator) keys. For keys with outbound direction, the list of defined token generators is displayed. For keys with inbound direction, the list of defined token consumers is displayed.

Information Value
Data type: String

Direction

Whether the direction of the key is inbound or outbound.
The direction of generator tokens are outbound whereas the direction for consumer tokens and decryption keys are inbound.

Information Value
Data type: String
Defaults: Inbound (for consumer bindings) or Outbound (for generator bindings)

Requires derived keys

Whether the key information requires derived keys.

Explicit derived keys

Requires that derived keys be explicitly specified with a WS-SecureConversation <DerivedKeyToken> element.

Implicit derived keys

Requires that derived keys be implicitly specified with a WS-SecureConversation Nonce attribute on the WS-Security <SecurityTokenReference> element.

Override Defaults

Specify derived key values overrides the derived key information the runtime generates by default.
Best practice: It is recommended that we do not override the following optional attributes. Web Services Security automatically provides default values for each attribute. Overriding the default values might be required if the service is running cross-vendors. The vendors can use different attribute values for derived key generation.

Key length

Derived key length. If an override value is not specified, the default value is provided based on the algorithm suite policy assertion. It is recommended that you leave this field empty so the default value can be used. Valid values for the key length range between 16 and 32.

Nonce length

Specifies the nonce length. A nonce is generated for each request, and included for derived key generation. This value is optional, and if an override value is not specified, a default value is used to generate the nonce. A valid value for the nonce length is any integer between 16 and 128.

Client label

Client label. The label is used in the P_SHA-1 function to generate the derived key. If unspecified, the default value used is WS-SecureConversation.

Service label

Service label. The label is used in the P_SHA-1 function to generate the derived key. If unspecified, the default value used is WS-SecureConversation.

Custom properties

Specifies additional configuration settings that token types might require.
Custom properties are arbitrary name-value pairs of data.
This table lists custom properties. Use custom properties to set internal system configuration properties. You are not required to define a custom property when we define a custom token.

Select

Specifies custom properties that we can add, edit, or delete from policy set bindings.
Click New to add and define a new custom property.
For existing custom properties, select the check box for the name of the custom property, and click one of the following actions:

Action Description
New Creates a new custom property entry. To add a custom property, enter the name and value.
Edit Specifies that we can edit the selected custom property. Click this option to provide input fields and create the list of cell values to edit. At least one custom property must exist before the Edit option is displayed.
Delete Removes the selected custom property.

Information Value
Data type: Check box (unchecked)

Name

Name of the custom property that we can use with default policy set bindings.
Custom properties are arbitrary name-value pairs of data. Custom properties are not initially displayed in this column until at least one custom property has been added.

Information Value
Data type: String

Value

Custom property value.
This column displays the value for the custom property (for example, true). The value can be a string or the value can be a true or false Boolean value.

Information Value
Data type: String or Boolean

Related

Define and managing policy set bindings
Manage policy sets

Reference:

Keys and certificates
Application policy sets page
Application policy set settings
Search attached applications page
Policy set bindings settings
Token generator page
Token generator configuration settings
Token consumer page
Token consumer configuration settings

+
Search Tips | Advanced Search

Information	Value
Data type:	String
Defaults:	Inbound (for consumer bindings) or Outbound (for generator bindings)

Action	Description
New	Creates a new custom property entry. To add a custom property, enter the name and value.
Edit	Specifies that we can edit the selected custom property. Click this option to provide input fields and create the list of cell values to edit. At least one custom property must exist before the Edit option is displayed.
Delete	Removes the selected custom property.