Signing information configuration settings
Use this page to configure new signing parameters.
The specifications that are listed on this page for the signature method, digest method, and canonicalization method are located in the World Wide Web Consortium (W3C) document entitled, XML Signature Syntax and Specification: W3C Recommendation 12 Feb 2002.
- Click .
- Under JAX-RPC Default Generator Bindings or JAX-RPC Default Consumer Bindings, click Signing information.
- Click New to create a signing parameter or click the name of an existing configuration to modify its settings.
- Click .
- Under Security, click JAX-WS and JAX-RPC security runtime.
混合版本環境: In a mixed node cell with a server using WebSphere® Application Server version 6.1 or earlier, click Web services: Default bindings for Web Services Security.mixv
- Under JAX-RPC Default Generator Bindings or JAX-RPC Default Consumer Bindings, click Signing information.
- Click New to create a signing parameter or click the name of an existing configuration to modify its settings.
- Click .
- Click .
- Under Web Services Security Properties, you can access the signing
information for the following bindings:
- For the Request generator (sender) binding, click Web services: Client security bindings. Under Request generator (sender) binding, click Edit custom.
- For Response consumer (receiver) binding, click Web services: Client security bindings. Under Response consumer (receiver) binding, click Edit custom.
- For the Request consumer (receiver) binding, click Web services: Server security bindings. Under Request consumer (receiver) binding, click Edit custom.
- For the Response generator (sender) binding, click Web services: Server security bindings. Under Response generator (sender) binding, click Edit custom.
- Under Required properties, click Signing information.
- Under Additional properties, you can access the
signing information for the following bindings:
- For the Request receiver binding, click Web services: Server security bindings. Under Request receiver binding, click Edit.
- For the Response receiver binding, click Web services: Client security bindings. Under Response receiver binding, click Edit.
- Under Additional properties, click Signing information.
- Click New to create a signing parameter or click the name of an existing configuration to modify its settings.
Signing information name
Specifies the name that is assigned to the signing configuration.
Signature method
Specifies the algorithm Uniform Resource Identifiers (URI) of the signature method.
- http://www.w3.org/2000/09/xmldsig#rsa-sha1
- http://www.w3.org/2000/09/xmldsig#dsa-sha1
Do not use this algorithm if you want the configured application to be compliant with the Basic Security Profile (BSP). Any ds:SignatureMethod/@Algorithm element in a signature based on a symmetric key must have a value of http://www.w3.org/2000/09/xmldsig#rsa-sha1 or http://www.w3.org/2000/09/xmldsig#hmac-sha1.
- http://www.w3.org/2000/09/xmldsig#hmac-sha1
- Click .
- Under Security, click JAX-WS and JAX-RPC security runtime.
混合版本環境: In a mixed node cell with a server using WebSphere Application Server version 6.1 or earlier, click Web services: Default bindings for Web Services Security.mixv
- Under Additional properties, click .
When you specify the Algorithm URI, you also must specify an algorithm type. To have the algorithm display as a selection in the Signature method field on the Signing information panel, you must select Signature as the algorithm type.
This field is available for Version 6.x and later applications.
Digest method
Specifies the algorithm URI of the digest method.
The http://www.w3.org/2000/09/xmldsig#sha1 algorithm is supported.
Canonicalization method
Specifies the algorithm URI of the canonicalization method.
This field is for Version 6.x and later applications.
Key information signature type
Specifies how to sign a KeyInfo element if dsigkey or enckey is specified for the signing part in the deployment descriptor.
- keyinfo (default)
- Specifies that the entire KeyInfo element is signed.
- keyinfochildelements
- Specifies that the child elements of the KeyInfo element is signed.
The Key information signature type field is available for the token consumer binding.
For Version 6.0.x applications, this field is also available for the default consumer, request consumer, and response consumer bindings.
Signing key information
Specifies a reference to the key information that the application server uses to generate the digital signature.
You can specify only one signing key for the default generator, request generator, and response generator bindings on the cell level and the server level. However, you can specify multiple signing keys for the default consumer, request consumer, and response consumer bindings. The signing keys for the default consumer, request consumer, and response consumer bindings are specified using the Key Information references link under Additional properties on the Signing information panel.
On the application level, you can specify only one signing key for the request generator and the response generator. You can specify multiple signing keys for the request consumer and response generator. The signing keys for the request consumer and the response consumer are specified using the Key information references link under Additional properties.
Binding name | Server level, cell level, or application level | Path |
---|---|---|
Default generator binding | Cell level |
|
Default consumer binding | Cell level |
|
Default generator binding | Server level |
|
Default consumer binding | Server level |
|
Certificate path
Specifies the settings for the certificate path validation. When you select Trust any, this validation is skipped and all incoming certificates are trusted.
The certificate path options are available in token consumer attributes.
Trust anchor
The application server searches for trust anchor configurations on the application and server levels and lists the configurations in this menu.
In a WebSphere Application Server, Network Deployment environment, the application server also searches the cell level for trust anchor configurations.
You can specify trust anchors as an additional property for the response receiver binding and the request receiver binding.
Binding name | Server level, cell level, or application level | Path |
---|---|---|
Default generator binding | Cell level |
|
Default consumer binding | Cell level |
|
Default generator binding | Server level |
|
Default consumer binding | Server level |
|
Response receiver | Application level |
|
Request receiver | Application level |
|
For an explanation of the fields on the trust anchor panel, see the help topic Trust anchor configuration settings.
Certificate store
The application server searches for certificate store configurations on the application and server levels and lists the configurations in this menu.
In a WebSphere Application Server, Network Deployment environment, the application server also searches the cell level for certificate store configurations.
Binding name | Server level, cell level, or application level | Path |
---|---|---|
Default generator binding | Cell level |
|
Default consumer binding | Cell level |
|
Default generator binding | Server level |
|
Default consumer binding | Server level |
|
Response receiver | Application level |
|
Request receiver | Application level |
|
For an explanation of the fields on the collection certificate store panel, see the help topic Collection certificate store configuration settings.