The key information for the default consumer is used to specify
the key for the signing or the encryption information configurations if these
bindings are not defined at the application level.
About this task
The signing and encryption information configurations can share the
same key information, which is why they are both defined on the same level. WebSphere
® Application
Server provides default values for these bindings. However, an administrator
must modify these values for a production environment.
Complete the following steps
to configure the key information for the consumer binding on the server level:
Procedure
- Access the default bindings for the server level.
- Click Servers > Server Types > WebSphere application servers > server_name.
- Under Security, click JAX-WS and JAX-RPC security
runtime.
Mixed-version environment: In a mixed node cell
with a server using Websphere Application Server version 6.1 or earlier, click
Web
services: Default bindings for Web services security.
mixv
- Under Default consumer bindings, click Key information.
- Click New to create a key information configuration, click Delete to
delete an existing configuration, or click the name of an existing key information
configuration to edit the settings. If you are creating a new configuration,
enter a unique name for the key configuration in the Key information name
field. For example, you might specify con_signkeyinfo.
- Select a key information type from the Key information type field.
WebSphere Application
Server supports the following types of key information:
- Key identifier
- This key information type is used when two parties agree on how to create
a key identifier. For example, a field of X.509 certificates can be used for
the key identifier according to the X.509 profile.
- Key name
- This key information type is used when the sender and receiver agree on
the name of the key.
- Security token reference
- This key information type is typically used when an X.509 certificate
is used for digital signature.
- Embedded token
- This key information type is used to embed a security token in an embedded
element.
- X509 issuer name and issuer serial
- This key information type specifies an X.509 certificate with its issuer
name and serial number.
Select
Security token reference if you are using
an X.509 certificate for the digital signature. In these steps, it is assumed
that
Security token reference is selected for this field.
Important: This
key information type must match the key information type that is specified
for the generator.
- Select a key locator reference from the Key locator reference menu.
In these steps, assume that the key locator reference is called sig_klocator.
You must configure a key locator before you can select it in this field. For
more information on configuring the key locator, see Configuring the key locator using JAX-RPC on the server level.
- Select a token reference from the Token reference field.
The token reference refers to the name of a configured token consumer.
When a security token is required in the deployment descriptor, the token
reference attribute is required. If you select Security token reference in
the Key information type field, the token reference is required and you can
specify an X.509 token consumer. To specify an X.509 token consumer, you must
have an X.509 token consumer configured. To configure an X.509 token consumer,
see Configuring token consumers using JAX-RPC to protect message authenticity at the server level.
- Click OK and Save to save the configuration.
Results
You have configured the key information for the consumer binding at
the server level.
What to do next
You must specify a similar key information configuration for the
generator.