+

Search Tips   |   Advanced Search

Configure key locators using an assembly tool

The following information provides instructions on how to configure key locators using an assembly tool.

We can configure key locators in various locations within the assembly tool. The following procedure provides instructions on how to configure key locators at any of these locations because the concept is the same.

  1. Start an assembly tool. For more information, see the related information on Assembly Tools.

  2. Switch to the Java EE perspective. Click Window > Open Perspective > J2EE.

  3. Click Application Client projects > application_name > appClientModule > META-INF.

  4. Right-click the application-client.xml file, select Open with > Deployment Descriptor Editor, and click the WS Binding tab. The Client Deployment Descriptor is displayed.

  5. Click the WS Binding tab in deployment descriptor editor within the assembly tool or the Binding configurations tab in the Web services editor within the assembly tool.

  6. Expand one of the Binding configuration sections.

  7. Expand the Key locators section.

  8. Click Add to create a new key locator, click Edit to edit an existing key locator, or click Remove to delete an existing key locator.

  9. Enter a key locator name. The name entered for the Key locator name is used to refer to the key locator from the Encryption information and Signing Information sections.

  10. Enter a key locator class. The key locator class is the implementation of the KeyLocator interface. When using default implementations, select a class from the menu.

  11. Determine whether to click Use key store. Select this option when using the default implementations as they use key stores. If we click Use key store...

    1. Enter a value in the key store storepass field. The key store storepass is the password used to access the key store.

    2. Enter a path name in the key store path field. The key store path is the location on the file system where the key store resides. Make sure the location can be found wherever you deploy the application.

    3. Enter a type value in the key store type field. The valid types to enter are JKS and JCEKS. JKS is used when we are not using the Java Cryptography Extensions (JCE) policy. JCEKS is used when we are using JCE. Although the JCEKS type is more secure, it might decrease performance.

    4. Click Add to create an entry for a key in the key store.

      1. Enter a value in the Alias field.

        The key alias is a reference to this particular key from the Signing Information section.

      2. Enter a value in the Key pass field.

        (dist)(zos) The key pass is the password associated with the certificate which is created using the Java SE Development Kit 6 keytool.exe file.

        (iseries) The key pass is the password associated with the certificate which is created using the keytool utility. The keytool utility is available using the QShell Interpreter.

      3. Enter a value in the Key name field.

        The key name refers to the alias of the certificate as found in the key store.

  12. Click Add to create a custom property. The property can be used by custom key locator implementations. For example, we can use properties with the WSIdKeyStoreMapKeyLocator default implementation. The key locator implementation has the following property names:

    • id_, which maps to a credential user ID.

    • mappedName_ , which maps to the key alias to use for this user name.

    • default, which maps to a key alias to use when a credential does not have an associated id_ entry.

    A typical set of properties for this key locator might be: id_1=user1, mappedName_1=key1, id_2=user2, mappedName_2=key2, default=key3. If user1 or user2 authenticates, then the associated key1 or key2 is used, respectively. However, if none of the user properties authenticate or the user is not user1 or user2, then key3 is used.

    1. Enter a name in the Name field. The name entered is the property name.

    2. Enter a value in the Value field. This value entered is the property value.


Related concepts

  • Key locator
  • Development and assembly tools


    Related tasks

  • Configure key locators using the administrative console

    (zos) Configure server and cell level key locators using the administrative console


    Related information:

  • keytool - Key and Certificate Management Tool