Use this page to specify the related configuration need to specify the key for XML digital signature or XML encryption. To view this administrative console page on the cell level for the key information references, complete the following steps:
Before clicking Properties under Additional properties, enter a value in the Key information name field and select an option for the Key information type and Key locator reference options.
Specifies a name for the key information configuration.
The type of key information. The key information type specifies how to reference security tokens. WebSphere Application Server supports the following types of key information. Each type of key information is described in the Web Services Security: SOAP Message Security 1.0 (WS-Security 2004) OASIS standard, which is located at: http://www.oasis-open.org/home/index.php under Web services security.
Type | Description |
---|---|
Key identifier | The security token is referenced using an opaque value that uniquely identifies the token. |
Key name | The security token is referenced using a name that matches an identity assertion within the token. |
Security token reference | With this type, the security token is directly referenced. |
Embedded token | With this type, the security token reference is embedded. |
X509 issuer name and issuer serial | With this type, the security token is referenced by an issuer and serial number of an X.509 certificate |
The reference that is used to retrieve the key for digital signature and encryption. Before specifying a key locator reference, configure a key locator. You can specify a signing key configuration for the following bindings:
Binding name | Cell level, server level, or application level | Path |
---|---|---|
Default generator binding | Cell level |
|
Default consumer binding | Cell level |
|
Default generator binding | Server level |
|
Default consumer binding | Server level |
|
Request sender binding | Application level |
|
Response receiver binding | Application level |
|
Request receiver binding | Application level |
|
Response sender binding | Application level |
|
Request generator (sender) binding | Application level |
|
Response consumer (receiver) binding | Application level |
|
Request consumer (receiver) binding | Application level |
|
Response generator (sender) binding | Application level |
|
The name of the key that is used for generating digital signature and encryption.
This field is displayed for the default generator and is also displayed for the request generator and response generator for Version 6.x applications.
Binding name | Cell level, server level, or application level | Path |
---|---|---|
Default generator binding | Cell level |
|
Default generator binding | Server level |
|
Request generator (sender) binding | Application level |
|
Response generator (sender) binding | Application level |
|
The name of a token generator or token consumer that is used for processing a security token.
WebSphere Application Server requires this field only when you specify
Security token reference or Embedded token in the Key information type field.
The Token reference field is also required when you specify a key identifier type for the consumer. Before specifying a token reference, configure a token generator or token consumer. You can specify a token configuration for the following bindings on the following levels:
Binding name | Cell level, server level, or application level | Path |
---|---|---|
Default generator binding | Cell level |
|
Default consumer binding | Cell level |
|
Default generator binding | Server level |
|
Default consumer binding | Server level |
|
Request generator (sender) binding | Application level |
|
Response consumer (receiver) binding | Application level |
|
Request consumer (receiver) binding | Application level |
|
Response generator (sender) binding | Application level |
|
The encoding method that indicates the encoding format for the key identifier. This field is valid when you specify Key identifier in the Key information type field. WebSphere Application Server supports the following encoding methods:
This field is available for the default generator binding only.
This field is valid when you specify Key identifier in the Key information type field. WebSphere Application Server supports the following calculation methods:
This field is available for the generator binding only.
The namespace Uniform Resource Identifier (URI) of the value type for a security token that is referenced by the key identifier.
This field is valid when you specify Key identifier in the Key information type field. When you specify the X.509 certificate token, you do not need to specify this option. If you want to specify another token, specify the URI of QName for value type.
WebSphere Application Server provides the following predefined value type URI for the Lightweight Third Party Authentication (LTPA) token: http://www.ibm.com/websphere/appserver/tokentype/5.0.2
This field is available for the generator binding only.
The local name of the value type for a security token that is referenced by the key identifier.
When this local name is used with the corresponding namespace URI, the information is called the value type qualified name or QName. This field is valid when you specify Key identifier in the Key information type field. When you specify the X.509 certificate token, it is recommended that you use the predefined local names. When you specify the predefined local names, you do not need to specify the URI of the value type. WebSphere Application Server provides the following predefined local names:
Attention: For LTPA, the value type local name is LTPA. If you enter LTPA for the local name, specify the http://www.ibm.com/websphere/appserver/tokentype/5.0.2 URI value in the Value type URI field as well. For the other predefined value types (User name token, X509 certificate token, X509 certificates in a PKIPath, and a list of X509 certificates and CRLs in a PKCS#7), the value for the local name field begins with http://. For example, if you are specifying the user name token for the value type, enter http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#UsernameToken in the value type local name field and then you do not need to enter a value in the value type URI field. When you specify a custom value type for custom tokens, you can specify the local name and the URI of the quality name (QName) of the value type. For example, you might specify Custom for the local name and http://www.ibm.com/custom for the URI.
This field is also available for the generator binding only.
Related reference
Token generator collection
Token consumer collection
Key information collection