[Version 5.0.2 and later]Key locator configuration settings

Use this page to specify the settings for key locators.

To view this administrative console page, complete the following steps:

  1. Click Servers > Application Servers > server_name.
  2. Under Additional Properties, click Web Services: Default bindings for Web Services Security > Key Locators > New.

Key Locator Name
Specifies the name of the key locator.
Data type String
Key Locator Classname
Specifies the name for the key locator class implementation.

WebSphere Application Server has the following default key locator class implementations:

com.ibm.wsspi.wssecurity.config.WSldKeyStoreMapKeyLocator
Maps an authenticated identity to a key. This class is used by the response sender. If encryption is used, this class is used to locate a key to encrypt the response message. The com.ibm.wsspi.wssecurity.config.WSldKeyStoreMapKeyLocator class has the capability to map an authenticated identity from the invocation credential of the current thread to a key that is used to encrypt the message. If an authenticated identity is present on the current thread, the class maps the ID to the mapped name. For example, user1 is mapped to mappedName_1. Otherwise, name="default". When a matching key is not found, the authenticated identity is mapped to the default key specified in the binding file.
com.ibm.wsspi.wssecurity.config.KeyStoreKeyLocator
Maps a name to an alias. This class is used by the response receiver, request sender, and request receiver. The encryption process uses this class to obtain a key to encrypt a message, and the digital signature process uses this class to obtain a key to sign a message. The com.ibm.wsspi.wssecurity.config.KeyStoreKeyLocator class maps a logical name to a key alias in the keystore file. For example, key #105115176771 is mapped to CN=Alice, O=IBM, c=US.

Data type String
Defaults com.ibm.wsspi.wssecurity.config.KeyStoreKeyLocator

com.ibm.wsspi.wssecurity.config.WSldKeyStoreMapKeyLocator

Key Store Password
Specifies the password used to access the keystore file.
Key Store Path
Specifies the location of the keystore file.

Use ${USER_INSTALL_ROOT} as this path expands to the WebSphere Application Server path on your machine.

Key Store Type
Specifies the type of keystore file.

The value for this field is either JKS, JCEKS, PKCS11, PKCS12, JCERACFKS (z/OS only), or JCE4758RACFKS (z/OS only) :

JKS
Use this option if you are not using Java Cryptography Extensions (JCE).
JCEKS
Use this option if you are using Java Cryptography Extensions.
JCERACFKS
Use JCERACFKS if the certificates are stored in a SAF key ring (z/OS only)
JCE4758RACFKS
Use JCE4758RACFKS if private keys are stored in ICSF (z/OS only)
PKCS11KS (PKCS11)
Use this format if your keystore file uses the PKCS#11 file format. Keystore files that use this format might contain Rivest Shamir Adelman (RSA) keys on cryptographic hardware or might encrypt keys that use cryptographic hardware to ensure protection.
PKCS12KS (PKCS12)
Use this option if your keystore file uses the PKCS#12 file format.

Default JKS
Range JKS, JCEKS, PKCS11, PKCS12, JCERACFKS (z/OS only) and JCE4758RACFKS (z/OS only)

Related concepts
Key locator
Related reference
Key locator collection
Key collection
Key configuration settings



Searchable topic ID:   uwbs_keyln
Last updated: Jun 21, 2007 4:55:42 PM CDT    WebSphere Application Server Network Deployment, Version 5.0.2
http://publib.boulder.ibm.com/infocenter/wasinfo/index.jsp?topic=/com.ibm.websphere.nd.doc/info/ae/ae/uwbs_keyln.html

Library | Support | Terms of Use | Feedback