Configure the key information for the consumer binding using JAX-RPC on the server or cell level
The key information for the default consumer specifies the key for the signing or the encryption information configurations if these bindings are not defined at the application level.
The signing and encryption information configurations can share the same key information, which is why they are both defined on the same level. WebSphere Application Server provides default values for these bindings. However, an administrator must modify these values for a production environment.
We can configure the key information for the consumer binding on the server level and the cell level. In the following steps, use the first step to access the server-level default bindings and use the second step to access the cell-level bindings:
Tasks
- Access the default bindings for the server level.
- Click Servers > Server Types > WebSphere application servers > server.
- Under Security, click JAX-WS and JAX-RPC security runtime.
Mixed-version environment: In a mixed node cell with a server using WebSphere Application Server version 6.1 or earlier, click Web services: Default bindings for Web Services Security.mixv
- Click Security > Web services to access the default bindings on the cell level.
- Under Default consumer bindings, click Key information.
- Click New to create a key information configuration, click Delete to delete an existing configuration, or click the name of an existing key information configuration to edit the settings. For a new configuration, enter a unique name for the key configuration in the Key information name field. For example, we might specify con_signkeyinfo.
- Select a key information type from the Key information type field. WAS supports the following types of key information:
- Key identifier
- This key information type is used when two parties agree on how to create a key identifier. For example, a field of X.509 certificates can be used for the key identifier according to the X.509 profile.
- Key name
- This key information type is used when the sender and receiver agree on the name of the key.
- Security token reference
- This key information type is typically used when an X.509 certificate is used for digital signature.
- Embedded token
- This key information type is used to embed a security token in an embedded element.
- X509 issuer name and issuer serial
- This key information type specifies an X.509 certificate with its issuer name and serial number.
Select Security token reference if we are using an X.509 certificate for the digital signature. In these steps, it is assumed that Security token reference is selected for this field.
Important: This key information type must match the key information type specified for the generator.
- Select a key locator reference from the Key locator reference menu. In these steps, assume that the key locator reference is called sig_klocator. Configure a key locator before we can select it in this field. For more information on configuring the key locator, see Configure the key locator using JAX-RPC on the server or cell level.
- Select a token reference from the Token reference field. The token reference refers to the name of a configured token consumer. When a security token is required in the deployment descriptor, the token reference attribute is required. If we select Security token reference in the Key information type field, the token reference is required and we can specify an X.509 token consumer. To specify an X.509 token consumer, we must have an X.509 token consumer configured. To configure an X.509 token consumer, see Configure token consumers using JAX-RPC to protect message authenticity at the server or cell level.
- Click OK and Save to save the configuration.
We have configured the key information for the consumer binding at the server or cell level.
What to do next
You must specify a similar key information configuration for the generator.
Configure the key information for the generator binding using JAX-RPC on the server or cell level Configure the key locator using JAX-RPC on the server or cell level Configure token consumers using JAX-RPC to protect message authenticity at the server or cell level