File name: uwbs_signinfon.html
Signing information configuration settings
Use this page to configure new signing parameters.
The specifications that are listed on this page for the signature
method, digest method, and canonicalization method are located in
the World Wide Web Consortium (W3C) document entitled, XML Signature
Syntax and Specification: W3C Recommendation 12 Feb 2002.
To view this administrative console page on the server level for
signing information, complete the following steps:
- Click .
- Under Security, click JAX-WS and JAX-RPC security runtime.
Mixed-version environment: In a mixed node cell with a server using
WebSphere® Application Server version 6.1 or
earlier, click
Web services: Default bindings for Web Services
Security.
mixv
- Under JAX-RPC Default Generator Bindings or JAX-RPC Default Consumer
Bindings, click Signing information.
- Click New to create a signing parameter
or click the name of an existing configuration to modify its settings.
To view this administrative console page on the application level
for signing information, complete the following steps:
- Click .
- Click .
- Under Web Services Security Properties, you can access the signing
information for the following bindings:
- For the Request generator (sender) binding, click Web
services: Client security bindings. Under Request generator
(sender) binding, click Edit custom.
- For Response consumer (receiver) binding, click Web
services: Client security bindings. Under Response consumer
(receiver) binding, click Edit custom.
- For the Request consumer (receiver) binding, click Web
services: Server security bindings. Under Request consumer
(receiver) binding, click Edit custom.
- For the Response generator (sender) binding, click Web
services: Server security bindings. Under Response generator
(sender) binding, click Edit custom.
- Under Required properties, click Signing
information.
- Under Additional properties, you can access the
signing information for the following bindings:
- For the Request receiver binding, click Web services:
Server security bindings. Under Request receiver binding,
click Edit.
- For the Response receiver binding, click Web services:
Client security bindings. Under Response receiver binding,
click Edit.
- Under Additional properties, click Signing
information.
- Click New to create a signing parameter
or click the name of an existing configuration to modify its settings.
Signing information name
Specifies the name that is assigned to the signing configuration.
Signature method
Specifies the algorithm Uniform Resource Identifiers (URI)
of the signature method.
The following pre-configured algorithms are supported:
For Version 6.0.
x applications,
you can specify additional signature methods on the Algorithm URI
panel. To access the Algorithm URI panel, complete the following steps:
- Click .
- Under Security, click JAX-WS and JAX-RPC security runtime.
Mixed-version environment: In a mixed node cell with a server using
WebSphere Application Server version 6.1 or
earlier, click
Web services: Default bindings for Web Services
Security.
mixv
- Under Additional properties, click .
When you specify the Algorithm URI, you also must specify an algorithm
type. To have the algorithm display as a selection in the Signature
method field on the Signing information panel, you must select Signature as
the algorithm type.
This field is available for
Version 6.x and later applications.
Digest method
Canonicalization method
Specifies the algorithm URI of the canonicalization method.
The following pre-configured algorithms are supported:
This field is for Version 6.x and
later applications.
Key information signature type
Specifies how to sign a KeyInfo element if dsigkey or enckey is
specified for the signing part in the deployment descriptor.
This product supports the following keywords:
- keyinfo (default)
- Specifies that the entire KeyInfo element is signed.
- keyinfochildelements
- Specifies that the child elements of the KeyInfo element is signed.
If you do not specify a keyword, the application server
uses the KeyInfo value, by default.
The Key information signature type field is available for the token
consumer binding.
For Version 6.0.x applications,
this field is also available for the default consumer, request consumer,
and response consumer bindings.
Signing key information
Specifies a reference to the key information that the application
server uses to generate the digital signature.
You can specify one signing key only
for the default generator binding on the server level. However, you
can specify multiple signing keys for the default consumer bindings.
The signing keys for the default consumer bindings are specified using
the Key Information references link under Additional properties on
the Signing information panel.
On the application level, you can specify only one signing key
for the request generator and the response generator. You can specify
multiple signing keys for the request consumer and response generator.
The signing keys for the request consumer and the response consumer
are specified using the Key information references link under Additional
properties.
You can specify a signing key configuration for the following bindings
on the following levels:
Table 1. Signing
key binding information. The key is used for digital signature
of messages.
Binding name |
Server level or application level |
Path |
Default generator binding |
Server level |
- Click .
- Under Security, click JAX-WS and JAX-RPC security runtime.
Mixed-version environment: In a mixed node cell with a server using WebSphere Application Server version 6.1 or
earlier, click Web services: Default bindings for Web Services
Security. mixv
- Under JAX-RPC Default Generator Bindings, click Key
information.
|
Default consumer binding |
Server level |
- Click .
- Under Security, click JAX-WS and JAX-RPC security runtime.
Mixed-version environment: In a mixed node cell with a server using WebSphere Application Server version 6.1 or
earlier, click Web services: Default bindings for Web Services
Security. mixv
- Under JAX-RPC Default Consumer Bindings, click Key
information.
|
Certificate path
Specifies the settings for the certificate path validation.
When you select Trust any, this validation
is skipped and all incoming certificates are trusted.
The certificate path options are available in token consumer attributes.
Trust anchor
The application server searches
for trust anchor configurations on the application and server levels
and lists the configurations in this menu.
You can specify trust anchors
as an additional property for the response receiver binding and the
request receiver binding.
You can specify a trust anchor configuration
for the following bindings on the following levels:
Table 2. Trust anchor binding information. The
trust anchor is used for signing messages.
Binding name |
Server level or application level |
Path |
Default generator binding |
Server level |
- Click .
- Under Security, click JAX-WS and JAX-RPC security runtime.
Mixed-version environment: In a mixed node cell with a server using WebSphere Application Server version 6.1 or
earlier, click Web services: Default bindings for Web Services
Security. mixv
- Under Additional properties, click Trust anchors > New.
|
Default consumer binding |
Server level |
- Click .
- Under Security, click JAX-WS and JAX-RPC security runtime.
Mixed-version environment: In a mixed node cell with a server using WebSphere Application Server version 6.1 or
earlier, click Web services: Default bindings for Web Services
Security. mixv
- Under Additional properties, click .
|
Response receiver |
Application level |
- Click .
- Under Modules, click .
- Click Web services: Client security bindings.
- Under the Response receiver binding, click Edit.
- Under Additional properties, click .
|
Request receiver |
Application level |
- Click .
- Click .
- Click Web services: Server security bindings.
- Under the Request receiver binding, click Edit.
- Under Additional properties, click .
|
For an explanation of the fields on the trust anchor
panel, see the help topic Trust anchor configuration settings.
Certificate store
The application server
searches for certificate store configurations on the application and
server levels and lists the configurations in this menu.
You can specify a certificate store configuration
for the following bindings on the following levels:
Table 3. Certificate configurations for bindings. The
certificate store is used for signing messages.
Binding name |
Server level or application level |
Path |
Default generator binding |
Server level |
- Click .
- Under Security, click JAX-WS and JAX-RPC security runtime.
Mixed-version environment: In a mixed node cell with a server using WebSphere Application Server version 6.1 or
earlier, click Web services: Default bindings for Web Services
Security. mixv
- Under Additional properties, click .
|
Default consumer binding |
Server level |
- Click .
- Under Security, click JAX-WS and JAX-RPC security runtime.
Mixed-version environment: In a mixed node cell with a server using WebSphere Application Server version 6.1 or
earlier, click Web services: Default bindings for Web Services
Security. mixv
- Under Additional properties, click .
|
Response receiver |
Application level |
- Click .
- Under Modules, click .
- Click Web services: Client security bindings.
- Under the Response receiver binding, click Edit.
- Under Additional properties, click .
|
Request receiver |
Application level |
- Click .
- Under Modules, click .
- Click Web services: Server security bindings.
- Under the Request receiver binding, click Edit.
- Under Additional properties, click .
|
For an explanation of the fields on the collection
certificate store panel, see the help topic Collection certificate
store configuration settings.
|
