Configure key information for the generator binding with an assembly tool

 

Before you begin

Prior to completing this task, complete the following steps:

  1. Import your application into an assembly tool. For information on how to import your application, see Import enterprise applications.

  2. Configure the key locator that is referenced by the key information configuration. For more information, see Configuring key locators for the generator binding with an assembly tool.

  3. Configure the token generator that is referenced by the key information configuration. For more information, see Configuring token generators with an assembly tool

 

Overview

Complete the following steps to configure the key information for the server-side and client-side bindings using an assembly tool. This key information is used to specify the configuration that is needed to generate the key for digital signature and encryption. The signing information and encryption information configurations can share the key information. The key information on the consumer side is used for specifying the information about the key that is used for validating the digital signature in the received message or for decrypting the encrypted parts of the message. The request generator is configured for the client and the response generation is configured for the server. In the following steps, configure either the client-side bindings in step 2 or the server-side bindings in step 3.

 

Procedure

  1. Start the assembly tool and click Window > Open Perspective > J2EE.

  2. Optional: Locate the client-side bindings using the Project Explorer window. The Client Deployment Descriptor window is displayed. This Web service contains the bindings that we need to configure.

    1. Expand the Web Services > Client section and double-click the name of the Web service.

    2. Click the WS Binding tab and expand the Security Request Generator Binding Configuration section.

  3. Optional: Locate the server-side bindings using the Project Explorer window. The Web Services Editor window is displayed. This Web service contains the bindings that we need to configure.

    1. Expand the Web Services > Services section and double-click the name of the Web service.

    2. Click the Binding Configurations tab and expand the Response Generator Binding Configuration Details section.

  4. Expand the Key Information section and click Add to add a new entry or click Edit to edit a selected entry.

  5. Specify a unique name for this configuration in the Key information name field. For example, you might specify gen_signkeyinfo. This configuration name is referenced by the Key information element within the Signing Information and Encryption Information dialog windows. For more information, see Configuring signing information for the generator binding with an assembly tool and Configuring encryption information for the generator binding with an assembly tool.

  6. Select a key information type from the Key information type field. The key information types specify different mechanisms for referencing security tokens. The assembly tools support the following key information types:

    STRREF

    This type is the security token reference. The security token is directly referenced using Universal Resource Identifiers (URIs). The following <KeyInfo> element is generated in the SOAP message for this key information type

    <ds:KeyInfo>
       <wsse:SecurityTokenReference>
          <wsse:Reference URI="#mytoken" />
       </wsse:SecurityTokenReference>
    </ds:KeyInfo> 
    
    

    EMB

    This type is the embedded token. The security token is directly embedded within the <SecurityTokenReference> element. The following <KeyInfo> element is generated in the SOAP message for this key information type

    <ds:KeyInfo>
       <wsse:SecurityTokenReference>
          <wsse:Embedded wsu:Id="tok1" />
             …
          </wsse:Embedded>
       </wsse:SecurityTokenReference>
    </ds:KeyInfo>
    
    

    KEYID

    This type is a key identifier. The security token is referenced using an opaque value that uniquely identifies the token. The algorithm that is used for generating the key identifier value depends upon the token type. The following <KeyInfo> element is generated in the Simple Object Access Protocol (SOAP) message for this key information type

    <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
       <wsse:SecurityTokenReference>
          <wsse:KeyIdentifier ValueType="wsse:X509v3">/62wXO...</wsse:KeyIdentifier>
       </wsse:SecurityTokenReference>
    </ds:KeyInfo>
    
    

    KEYNAME

    This type is the key name. The security token is referenced using a name that matches an asserted identity within the token. The following <KeyInfo> element is generated in the SOAP message for this key information type

    <ds:KeyInfo>
       <ds:KeyName>CN=Group1</ds:KeyName>
    </ds:KeyInfo>
    
    

    X509ISSUER

    This type is the X.509 certificate issuer name and serial number. The security token is referenced by an issuer name and issuer serial number of an X.509 certificate. The following <KeyInfo> element is generated in the SOAP message for this key information type

    <ds:KeyInfo>
       <wsse:SecurityTokenReference>
          <ds:X509Data>
             <ds:X509IssuerSerial>
                <ds:X509IssuerName>CN=Jones, O=IBM, C=US</ds:X509IssuerName>
                <ds:X509SerialNumber>1040152879</ds:X509SerialNumber>
             </ds:X509IssuerSerial>
          </ds:X509Data>
       </wsse:SecurityTokenReference>
    </ds:KeyInfo>
    
    

  7. Select the Use key locator option.

    1. Select the name of a key locator configuration from the Key locator field. The value of this field is a reference to a key locator that specifies how to find keys or certificates. For more information, see Configuring key locators for the generator binding with an assembly tool.

    2. Specify a key name in the Key name field. The value is the name of a key that is used for generating the digital signature and for encryption. The list of key names come from the key locator that you specified previously.

  8. Optional: Select the Use token option and a token generator configuration in the Token field if a token generator is required for the key information configuration. The token that you select specifies a reference to a token generator that is used for processing the security token within the message. Before you specify a token reference, you must configure a token generator. For more information on token generator configurations, see Configuring token generators with an assembly tool.

 

Result

After completing this task, configure the signing information or encryption information that references the key information that is specified by this task. For more information, see Configuring signing information for the generator binding with an assembly tool or Configuring encryption information for the generator binding with an assembly tool.


 

Related Tasks


Configuring key locators for the generator binding with an assembly tool
Configuring token generators with an assembly tool
Configuring signing information for the generator binding with an assembly tool
Configuring encryption information for the generator binding with an assembly tool