Use this page to specify the settings for a key locator
configuration. The key locators retrieve keys from the keystore file
for digital signature and encryption. This product enables you to
plug in a custom key locator configuration.
To
view the administrative console panel for the key locator collection
on the cell level, complete the following steps:
- Click Security > Web services.
- Under Additional properties, click Key locators.
- Click New to create a new configuration or click the name
of a configuration to modify its settings.
To view this administrative console page for the key locator collection
on the server level, complete the following steps:
- Click Servers > Application servers > server_name .
- Under Security, click Web services: Default bindings for Web
services security.
- Under Additional properties, click Key locators.
- Click New to create a new configuration or click the name
of a configuration to modify its settings.
To use this administrative console page for the key locator collection
on the application level, complete the following steps:
- Click Applications > Enterprise applications > application_name.
- Click Manage modules > URI_name.
- Under Web Services Security properties, you can
access key locators for the following bindings:
- For the Request generator, click Web services: Client security
bindings. Under Request generator (sender) binding, click Edit
custom > Key locators.
- For the Request consumer, click Web services: Server security
bindings. Under Request consumer (receiver) binding, click Edit
custom > Key locators.
- For the Response generator, click Web services: Server security
bindings. Under Response generator (sender) binding, click Edit
custom > Key locators.
- For the Response consumer, click Web services: Client security
bindings. Under Response consumer (receiver) binding, click Edit
custom > Key locators.
- Click New to create a new configuration or click the name
of a configuration to modify its settings.
Specifies the name for the key locator class implementation.
The Java Authentication and Authorization Service (JAAS) Login
Module implementation is used to create the security token on the
generator side and to validate (authenticate) the security token on
the consumer side. This product provides the following default key
locator class implementations for Versions 6 and later applications:
- com.ibm.wsspi.wssecurity.keyinfo.KeyStoreKeyLocator
- This implementation locates and obtains the key from the specified
keystore file.
- com.ibm.wsspi.wssecurity.keyinfo.SignerCertKeyLocator
- This implementation uses the public key from the certificate of
the signer. This class implementation is used by the response generator.
This
property is for the JAX-RPC programming model only. To implement signer
certificate encryption for the JAX-WS programming model, set a custom
property on the callback handler for the encryption token generator.
- com.ibm.wsspi.wssecurity.keyinfo.X509TokenKeyLocator
- This implementation uses the X.509 security token from the sender
message for digital signature validation and encryption. This class
implementation is used by the request consumer and the response consumer.