Key locator configuration settings
Specify the settings for a key locator configuration. The key locators retrieve keys from the keystore file for digital signature and encryption. This product enables us to plug in a custom key locator configuration.
To view the administrative console panel for the key locator collection on the cell level:
Security > security runtime > Additional properties > Key locators.
To view this administrative console page for the key locator collection on the server level:
Servers > Server Types > WebSphere application servers > server > Security > security runtime > Additional properties > Key locators
To use this administrative console page for the key locator collection on the application level:
- Click Applications > Application Types > WebSphere enterprise applications > application_name > Manage modules > URI_name > Web Services Security properties
We can access key locators for the following bindings:
- Request generator:
Web services: Client security bindings > Request generator (sender) binding > Edit custom > Key locators
- For the Request consumer:
Web services: Server security bindings > Request consumer (receiver) binding > Edit custom > Key locators
- For the Response generator:
Web services: Server security bindings > Response generator (sender) binding > custom > Key locators
- For the Response consumer:
Web services: Client security bindings > Response consumer (receiver) binding > Edit custom > Key locators
- Click New to create a new configuration or click the name of a configuration to modify its settings.
Key locator name
Name of the key locator.
Information Value Data type String
Key locator class name
Name for the key locator class implementation.
Key locators associated with Versions 6 and later applications must implement the com.ibm.wsspi.wssecurity.keyinfo.KeyLocator interface. WAS v9 provides the following default key locator class implementations for Versions 6 and later applications:
- com.ibm.wsspi.wssecurity.keyinfo.KeyStoreKeyLocator
- This implementation locates and obtains the key from the specified keystore file.
- com.ibm.wsspi.wssecurity.keyinfo.SignerCertKeyLocator
- This implementation uses the public key from the certificate of the signer. This class implementation is used by the response generator.
This property is for JAX-RPC only. To implement signer certificate encryption for JAX-WS, set a custom property on the callback handler for the encryption token generator. For more information, read the topic Callback handler settings.
- com.ibm.wsspi.wssecurity.keyinfo.X509TokenKeyLocator
- This implementation uses the X.509 security token from the sender message for digital signature validation and encryption. This class implementation is used by the request consumer and the response consumer.
Information Value Data type String
Keystore
Specifies information about the key store used by this key locator configuration.
- None
- Use this option if a key store is not required to be specified for this key locator configuration.
- Predefined keystore
- Specify a predefined keystore for this key locator configuration.
- User-defined keystore
- Specify a user-defined key store for this key locator configuration.
Keystore configuration name
Name of the key store configuration defined in the keystore settings in secure communications.
The keystore configuration name is located under the Predefined keystore field, which is located under the Keystore section of the page.
Information Value Data type String
Keystore password
Password used to access the keystore file.
The keystore password is located under the User-defined keystore field, which is located under the Keystore section of the page.
Information Value Data type String
Keystore path
Location of the keystore file.
The path is located under the User-defined keystore field, which is located under the Keystore section of the page.
Information Value Data type String
Keystore type
Type of keystore file.
The type is located under the User-defined keystore field, which is located under the Keystore section of the page.
- JKS
- Use this option if we are not using Java Cryptography Extensions (JCE) and if your keystore file uses the Java Keystore (JKS) format.
- JCEKS
- Use this option if we are using Java Cryptography Extensions.
- (ZOS) JCERACFKS
- (ZOS) Use JCERACFKS if the certificates are stored in a SAF key ring (z/OS only).
- PKCS11KS (PKCS11)
- Use this format if your keystore file uses the PKCS#11 file format. Keystores files that use this format might contain Rivest Shamir Adleman (RSA) keys on cryptographic hardware or might encrypt keys that use cryptographic hardware to ensure protection.
- PKCS12KS (PKCS12)
- Use this option if your keystore file uses the PKCS#12 file format.
Information Value Default JKS Range JKS, JCEKS, PKCS11KS (PKCS11), PKCS12KS (PKCS12)
Configure the key locator using JAX-RPC for the generator binding on the application level Key locator collection Key collection Key configuration settings