Key information configuration settings
Use this page to specify the related configuration need to specify the key for XML digital signature or XML encryption.
- Click .
- Under JAX-RPC Default Generator Bindings or the JAX-RPC Default Consumer Bindings, click Key information.
- Click .
- Under Security, click JAX-WS and JAX-RPC security runtime.
混合版本環境: In a mixed node cell with a server using Websphere Application Server version 6.1 or earlier, click Web services: Default bindings for Web Services Security.mixv
- Under JAX-RPC Default Generator Bindings or the JAX-RPC Default Consumer Bindings, click Key information.
- Click New to create a new configuration or click the configuration name to modify its contents.
- Click .
- Under Modules, click .
- Under Additional properties, you can access the signing information
for the following bindings:
- For the Request generator (sender) binding, click Web services: Client security bindings. Under Request generator (sender) binding, click Edit custom.
- For the Request consumer (receiver) binding, click Web services: Server security bindings. Under Request consumer (receiver) binding, click Edit custom.
- For the Response generator (sender) binding, click Web services: Server security bindings. Under Response generator (sender) binding, click Edit custom.
- For the Response consumer (receiver) binding, click Web services: Client security bindings. Under Response consumer (receiver) binding, click Edit custom.
- Under Required properties, click Key information.
- Click New to create a new configuration or click the configuration name to modify its contents.
Before clicking Properties under Additional properties, you must enter a value in the Key information name field and select an option for the Key information type and Key locator reference options.
Key information name
Specifies a name for the key information configuration.
Key information type
Specifies the type of key information. The key information type specifies how to reference security tokens.
Type | Description |
---|---|
Key identifier | The security token is referenced using an opaque value that uniquely identifies the token. |
Key name | The security token is referenced using a name that matches an identity assertion within the token. |
Security token reference | With this type, the security token is directly referenced. |
Embedded token | With this type, the security token reference is embedded. |
X509 issuer name and issuer serial | With this type, the security token is referenced by an issuer and serial number of an X.509 certificate |
- Encoding method
- Calculation method
- Value type namespace URI
- Value type local name
Key locator reference
Specifies the reference that is used to retrieve the key for digital signature and encryption.
Binding name | Server level, cell level, or application level | Path |
---|---|---|
Default generator binding | Cell level |
|
Default consumer binding | Cell level |
|
Default generator binding | Server level |
|
Default consumer binding | Server level |
|
Request sender binding | Application level |
|
Response receiver binding | Application level |
|
Request receiver binding | Application level |
|
Response sender binding | Application level |
|
Request generator (sender) binding | Application level |
|
Response consumer (receiver) binding | Application level |
|
Request consumer (receiver) binding | Application level |
|
Response generator (sender) binding | Application level |
|
Key name reference
Specifies the name of the key that is used for generating digital signature and encryption.
This field is displayed for the default generator and is also displayed for the request generator and response generator for Version 6.x applications.
This field is displayed for the default generator and is also displayed for the request generator and response generator.
Binding name | Server level, cell level, or application level | Path |
---|---|---|
Default generator binding | Cell level |
|
Default generator binding | Server level |
|
Request generator (sender) binding | Application level |
|
Response generator (sender) binding | Application level |
|
Token reference
Specifies the name of a token generator or token consumer that is used for processing a security token.
Binding name | Server level, cell level, or application level | Path |
---|---|---|
Default generator binding | Cell level |
|
Default consumer binding | Cell level |
|
Default generator binding | Server level |
|
Default consumer binding | Server level |
|
Request generator (sender) binding | Application level |
|
Response consumer (receiver) binding | Application level |
|
Request consumer (receiver) binding | Application level |
|
Response generator (sender) binding | Application level |
|
Encoding method
Specifies the encoding method that indicates the encoding format for the key identifier.
- http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary
- http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#HexBinary
This field is available for the default generator binding only.
Calculation method
- http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#ITSHA1
- http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#IT60SHA1
This field is available for the generator binding only.
Value type namespace URI
Specifies the namespace Uniform Resource Identifier (URI) of the value type for a security token that is referenced by the key identifier.
This field is valid when you specify Key identifier in the Key information type field. When you specify the X.509 certificate token, you do not need to specify this option. If you want to specify another token, specify the URI of QName for value type.
- http://www.ibm.com/websphere/appserver/tokentype
- http://www.ibm.com/websphere/appserver/tokentype/5.0.2
This field is available for the generator binding only.
Value type local name
Specifies the local name of the value type for a security token that is referenced by the key identifier.
When this local name is used with the corresponding namespace URI, the information is called the value type qualified name or QName.
- X.509 certificate token
- http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3
- X.509 certificates in a PKIPath
- http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509PKIPathv1
- A list of X509 certificates and CRLs in a PKCS#7
- http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#PKCS7
- Lightweight Third Party Authentication (LTPA)
- LTPA_PROPAGATION
When you specify a custom value type for custom tokens, you can specify the local name and the URI of the quality name (QName) of the value type. For example, you might specify Custom for the local name and http://www.ibm.com/custom for the URI.
This field is also available for the generator binding only.