File name: uwbs_keyln.htmlKey
locator configuration settings
Use this page to
specify the settings for a key locator
configuration. The key locators retrieve keys from the keystore file
for digital signature and encryption. This product enables you to
plug in a custom key locator configuration.
To view the administrative
console panel for the
key locator collection on the cell level, complete the following steps:
- Click .
- Under
Additional properties, click Key locators.
- Click New to create a new configuration
or click the name of a configuration to modify its settings.
To view this administrative console page for the key locator collection
on the server level, complete the following steps:
- Click .
- Under Security, click JAX-WS and JAX-RPC security runtime.
Mixed-version environment: In a mixed node cell with a server using Websphere
Application Server version 6.1 or earlier, click
Web services:
Default bindings for Web Services Security.
mixv
- Under
Additional properties, click Key locators.
- Click New to create a new configuration or click the name
of a configuration to modify its settings.
To use
this administrative console page for the key locator collection
on the application level, complete the following steps:
- Click .
- Click .
- Under Web Services Security properties, you
can access key locators
for the following bindings:
- For the Request generator, click Web
services: Client
security bindings. Under Request generator (sender) binding,
click .
- For the Request consumer,
click Web services: Server
security bindings. Under Request consumer (receiver) binding,
click .
- For the Response generator,
click Web services: Server
security bindings. Under Response generator (sender) binding,
click .
- For the Response consumer,
click Web services: Client
security bindings. Under Response consumer (receiver)
binding, click .
- Click New to create a new configuration
or click the name of a configuration to modify its settings.
Key
locator name
Specifies the name of the key locator.
Key locator class name
Specifies the name for the key locator class implementation.
Key locators that are associated with Versions 6 and later applications
must implement the
com.ibm.wsspi.wssecurity.keyinfo.KeyLocator interface.
This product provides the following default key locator class implementations
for Versions 6 and later applications:
- com.ibm.wsspi.wssecurity.keyinfo.KeyStoreKeyLocator
- This implementation locates and obtains the key from the specified
keystore file.
- com.ibm.wsspi.wssecurity.keyinfo.SignerCertKeyLocator
- This implementation uses the public key from the certificate of
the signer. This class implementation is used by the response generator.
This
property is for the JAX-RPC programming model only. To implement signer
certificate encryption for the JAX-WS programming model, set a custom
property on the callback handler for the encryption token generator.
For more information, read the topic Callback handler settings.
- com.ibm.wsspi.wssecurity.keyinfo.X509TokenKeyLocator
- This implementation uses the X.509 security token from the sender
message for digital signature validation and encryption. This class
implementation is used by the request consumer and the response consumer.
Keystore
Specifies information about the key store that is used by
this
key locator configuration.
- None
- Use this
option if a key store is not required to be specified
for this key locator configuration.
- Predefined
keystore
- Use this option if you want to specify a predefined
keystore for
this key locator configuration.
- User-defined
keystore
- Use this option if you want to specify a user-defined
key store
for this key locator configuration.
Keystore
configuration name
Specifies the name of the key
store configuration that
is defined in the keystore settings in secure communications.
The keystore configuration name is located under the Predefined
keystore field, which is located under the Keystore section
of the page.
Keystore password
Specifies the password that is used to access the keystore
file.
The keystore password is located under the User-defined
keystore field, which is located under the Keystore section
of the page.
Keystore path
Specifies the location of the keystore file.
The path is located under the User-defined keystore field,
which is located under the Keystore section
of the page.
Keystore type
Specifies the type of keystore file.
The
type is located under the User-defined keystore field,
which is located under the Keystore section
of the page.
- JKS
- Use this option if you are not using Java Cryptography
Extensions (JCE) and if your keystore file uses the Java Keystore
(JKS) format.
- JCEKS
- Use this option
if you are using Java Cryptography
Extensions.
- JCERACFKS
- Use
JCERACFKS if the certificates are stored in a SAF key ring
(z/OS® only).
- PKCS11KS
(PKCS11)
- Use this format if your keystore file uses the PKCS#11
file format.
Keystores files that use this format might contain Rivest Shamir Adleman
(RSA) keys on cryptographic hardware or might encrypt keys that use
cryptographic hardware to ensure protection.
- PKCS12KS
(PKCS12)
- Use this option if your keystore file uses the PKCS#12
file format.
Default |
JKS |
Range |
JKS, JCEKS, PKCS11KS
(PKCS11), PKCS12KS (PKCS12) |
|
