The key information for the default consumer is used to
specify the key for the signing or the encryption information configurations
if these bindings are not defined at the application level.
About this task
The signing and encryption information
configurations can
share the same key information, which is why they are both defined
on the same level. WebSphere
® Application Server
provides default values for these bindings. However, an administrator
must modify these values for a production environment.
Complete the following steps to configure
the key information for the consumer binding on the server level:
Procedure
- Access the default bindings for the server level.
- Click .
- Under Security, click JAX-WS
and JAX-RPC
security runtime.
Mixed-version environment: In
a mixed node cell with a server using Websphere Application Server
version 6.1 or earlier, click
Web services: Default bindings
for Web Services Security.
mixv
- Under Default consumer
bindings, click Key information.
- Click New to create a key information configuration,
click Delete to delete an existing configuration, or click
the name of an existing key information configuration to edit the
settings. If you are creating a new configuration, enter
a unique name for the key configuration in the Key information name
field. For example, you might specify con_signkeyinfo.
- Select a key information type from the Key information
type field. WebSphere Application Server
supports the following types of key information:
- Key
identifier
- This key information type is used when two parties
agree on how
to create a key identifier. For example, a field of X.509 certificates
can be used for the key identifier according to the X.509 profile.
- Key name
- This key information type
is used when the sender and receiver
agree on the name of the key.
- Security
token reference
- This key information type is typically used
when an X.509 certificate
is used for digital signature.
- Embedded
token
- This key information type is used to embed a security
token in
an embedded element.
- X509 issuer name and
issuer serial
- This key information type specifies an X.509
certificate with
its issuer name and serial number.
Select
Security
token reference if you are
using an X.509 certificate for the digital signature. In these steps,
it is assumed that
Security token reference is
selected for this field.
Important: This key information
type must match the key information type that is specified for the
generator.
- Select a key locator
reference from the Key locator reference
menu. In these steps, assume that the key locator reference
is called sig_klocator. You must configure a key
locator before you can select it in this field. For more information
on configuring the key locator, see Configuring the key locator using JAX-RPC on the server level.
- Select a token reference from the Token reference field.
The token reference refers to the name of a configured token
consumer. When a security token is required in the deployment descriptor,
the token reference attribute is required. If you select Security
token reference in the Key information type field, the
token reference is required and you can specify an X.509 token consumer.
To specify an X.509 token consumer, you must have an X.509 token consumer
configured. To configure an X.509 token consumer, see Configuring token consumers using JAX-RPC to protect message authenticity at the server level.
- Click OK and Save to
save the configuration.
Results
You have configured
the key information for the consumer binding
at the server level.
What to do next
You
must specify a similar key information configuration
for the generator.