+

Search Tips   |   Advanced Search

Key information references

Key configuration for XML digital signature or XML encryption.

We can access the signing information for the following bindings:

Before clicking Properties under Additional properties, enter a value in the Key information name field and select an option for the Key information type and Key locator reference options.


Key information name

Name for the key information configuration.


Key information type

Type of key information. The key information type specifies how to reference security tokens.

This product supports the following types of key information. Each type of key information is described in Web Services Security: SOAP Message Security 1.0 (WS-Security 2004)

Type Description
Key identifier The security token is referenced using an opaque value that uniquely identifies the token.
Key name The security token is referenced using a name that matches an identity assertion within the token.
Security token reference With this type, the security token is directly referenced.
Embedded token With this type, the security token reference is embedded.
X509 issuer name and issuer serial With this type, the security token is referenced by an issuer and serial number of an X.509 certificate

The X.509 issuer name and issuer serial is described in Web Services Security: X.509 Certificate Token Profile Version 1.0. The other types are described in Web Services Security: SOAP Message Security 1.0 (WS-Security 2004).

If we select Key identifier for the key information type, we can specify values in the following fields on this panel:


Key locator reference

Reference used to retrieve the key for digital signature and encryption.

Before specifying a key locator reference, configure a key locator. We can specify a signing key configuration for the following bindings:

Binding name Level Path
Default generator binding Cell Security > security runtime > Additional properties > Key locators
Default consumer binding Cell Security > security runtime > Additional properties > Key locators
Default generator binding Server Servers > Server Types > WebSphere application servers > server > Security > security runtime
Default consumer binding Server Servers > Server Types > WebSphere application servers > server > Security > security runtime > Additional properties > Key locators
Request sender binding Application Applications > Application Types > WebSphere enterprise applications > application_name > Modules > Manage modules > URI_name > Web services: Client security bindings > Request sender binding > Edit > Additional properties > Key locators
Response receiver binding Application Applications > Application Types > WebSphere enterprise applications > application_name > Modules > Manage modules > URI_name > Web services: Client security bindings > Response receiver binding > Edit > Additional properties > Key locators
Request receiver binding Application Applications > Application Types > WebSphere enterprise applications > application_name > Modules > Manage modules > URI_name > Web services: Server security bindings > Request receiver binding > Edit > Additional properties > Key locators
Response sender binding Application Applications > Application Types > WebSphere enterprise applications > application_name > Modules > Manage modules > URI_name > Web services: Server security bindings > Response sender binding > Edit > Additional properties > Key locators
Request generator (sender) binding Application Applications > Application Types > WebSphere enterprise applications > application_name > Modules > Manage modules > URI_name > Web services: Client security bindings > Request generator (sender) binding > Edit > Additional properties > Key locators > New to create a new key locator or click the name of a configured key locator to modify its configuration.
Response consumer (receiver) binding Application Applications > Application Types > WebSphere enterprise applications > application_name > Modules > Manage modules > URI_name > Web services: Client security bindings > Response consumer (receiver) binding > Edit custom > Additional properties > Key locators
Request consumer (receiver) binding Application Applications > Application Types > WebSphere enterprise applications > application_name > Modules > Manage modules > URI_name > Web services: Server security bindings Request consumer (receiver) binding > Edit custom > Additional properties > Key locators
Response generator (sender) binding Application Applications > Application Types > WebSphere enterprise applications > application_name > Modules > Manage modules > URI_name > Web services: Server security bindings > Response generator (sender) binding > Edit custom > Additional properties > Key locators


Key name reference

Name of the key used for generating digital signature and encryption.

This field is displayed for the default generator and is also displayed for the request generator and response generator for v6.x applications.

This field is displayed for the default generator and is also displayed for the request generator and response generator.

Binding name Level Path
Default generator binding Cell Security > security runtime > Additional properties > Key locators
Default generator binding Server Servers > Server Types > WebSphere application servers > server > Security > security runtime > Additional properties > Key locators
Request generator (sender) binding Application Applications > Application Types > WebSphere enterprise applications > application_name > Modules > Manage modules > URI_name > Click Web services: Client security bindings > Request generator (sender) binding > Edit > Additional properties > Key locators
Response generator (sender) binding Application Applications > Application Types > WebSphere enterprise applications > application_name > Modules > Manage modules > URI_name > Web services: Server security bindings > Response generator (sender) binding > Edit custom > Additional properties > Key locators


Token reference

Name of a token generator or token consumer used for processing a security token.

The security token reference field is displayed only for authentication tokens in application-specific bindings. This field is not available for default bindings.

The application server requires this field only when we specify Security token reference or Embedded token in the Key information type field. The Token reference field is also required when we specify a key identifier type for the consumer. Before specifying a token reference, configure a token generator or token consumer. We can specify a token configuration for the following bindings on the following levels:

Binding name Level Path
Default generator binding Cell Security > security runtime > JAX-RPC Default Generator Bindings > Token generators
Default consumer binding Cell Security > security runtime > JAX-RPC Default Consumer Bindings > Token consumers
Default generator binding Server Servers > Server Types > WebSphere application servers > server > Security > security runtime > JAX-RPC Default Generator Bindings > Token generator.
Default consumer binding Server Servers > Server Types > WebSphere application servers > server > Security > security runtime > JAX-RPC Default Consumer Bindings > Token consumer
Request generator (sender) binding Application Applications > Application Types > WebSphere enterprise applications > application_name > Modules > Manage modules > URI_name > Web services: Client security bindings > Request generator (sender) binding > Edit custom > Additional properties > Token generators
Response consumer (receiver) binding Application Applications > Application Types > WebSphere enterprise applications > application_name > Modules Manage modules > URI_name > Web services: Client security bindings > Response consumer (receiver) binding > Edit custom > Required properties > Token consumers.
Request consumer (receiver) binding Application Applications > Application Types > WebSphere enterprise applications > application_name > Modules > Manage modules > URI_name > Web services: Server security bindings > Request consumer (receiver) binding > Edit custom > Required properties > Token consumers
Response generator (sender) binding Application Applications > Application Types > WebSphere enterprise applications > application_name > Modules > Manage modules > URI_name > Web services: Server security bindings > Response generator (sender) binding > Edit custom > Additional properties > Token generators


Encoding method

Encoding method that indicates the encoding format for the key identifier.

This field is valid when we specify Key identifier in the Key information type field. This product supports the following encoding methods:

This field is available for the default generator binding only.


Calculation method

This field is valid when we specify Key identifier in the Key information type field. This product supports the following calculation methods:

This field is available for the generator binding only.


Value type namespace URI

Namespace Uniform Resource Identifier (URI) of the value type for a security token referenced by the key identifier.

This field is valid when we specify Key identifier in the Key information type field. When we specify the X.509 certificate token, we do not need to specify this option. To specify another token, specify the URI of QName for value type.

WAS v9 provides the following predefined value type URIs for the LTPA token:

This field is available for the generator binding only.


Value type local name

Local name of the value type for a security token referenced by the key identifier.

When this local name is used with the corresponding namespace URI, the information is called the value type qualified name or QName.

This field is valid when we specify Key identifier in the Key information type field. When we specify the X.509 certificate token, IBM recommends that we use the predefined local names. When we specify the predefined local names, we do not need to specify the URI of the value type. WAS v9 provides the following predefined local names:

For LTPA, the value type local name is LTPA. If we enter LTPA for the local name, we must specify the http://www.ibm.com/websphere/appserver/tokentype/5.0.2 URI value in the Value type URI field as well. For LTPA token propagation, the value type local name is LTPA_PROPAGATION. If we enter LTPA_PROPAGATION for the local name, specify the http://www.ibm.com/websphere/appserver/tokentype URI value in the Value type URI field as well. For the other predefined value types (User name token, X509 certificate token, X509 certificates in a PKIPath, and a list of X509 certificates and CRLs in a PKCS#7), the value for the Value type local name field begins with http://. For example, if we are specifying the user name token for the value type, enter http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#UsernameToken in the Value type local name field and then we do not need to enter a value in the value type URI field.

When we specify a custom value type for custom tokens, we can specify the local name and the URI of the quality name (QName) of the value type. For example, we might specify Custom for the local name and http://www.ibm.com/custom for the URI.

This field is also available for the generator binding only.

  • Configure the key information using JAX-RPC for the generator binding on the application level
  • Token generator collection
  • Token consumer collection
  • Key information collection