Configuring the key information in JAX-WS WS-Security bindings
In the WS-Security bindings, you can modify the key information that the JAX-WS WS-Security run time uses when emitting X.509 keys or certificates in the <ds:KeyInfo> element in the Security header of a SOAP message. The default key information for outbound digital signature is Security token reference and the default key information for outbound encryption is Key identifier. It is not necessary to change these values. You would want to go through this procedure if, for instance, the Security header in your outbound message currently contains a <wsse:KeyIdentifier> in the <ds:KeyInfo> element and the receiver of your messages is requiring a <ds:X509IssuerSerial>.
Before you begin
About this task
- Security token reference
- Key identifier
- X509 issuer name and issuer serial
- Embedded token
- Thumbprint
For more information about the <ds:KeyInfo> element, see Key Information.
Here is the general procedure for editing your bindings to change the key information types.
Procedure
Results
Example
Here is a sample procedure that uses the "Client sample" general bindings.
- In the administrative console, open your bindings and browse to Authentication and
protection.
- Click .
- Click .
- Find the name of the key information associated with the sign part.
- For Request message signature and encryption protection, open the asymmetric sign part (asymmetric-signingInfoRequest).
- Note the name of the Signing key information (gen_signkeyinfo).
- Click Cancel.
- Find the name of the key information that is associated with the encrypt part.
- For Request message signature and encryption protection, open the asymmetric encrypt part (asymmetric-encryptionInfoRequest).
- Note the name of the Encryption key information (gen_enckeyinfo).
- Click Cancel.
- Browse to Keys and certificates.
- Click WS-Security.
- Click Keys and certificates.
- Set the outbound signing key information.
- Select the name of the signing key information that you noted (gen_signkeyinfo).
- For Type, select the key information type that you want to use for digital signature.
- In the Type drop-down, you will see the
following:
Key identifier Security token reference Embedded token X509 issuer name and issuer serial Thumbprint
- Click OK.
- Set the outbound encryption key information.
- Select the name of the encryption key information that you noted (gen_enckeyinfo).
- For Type, select the key information type that you want to use for encryption.
- In the Type drop-down, you will see the
following:
Key identifier Security token reference Embedded token X509 issuer name and issuer serial Thumbprint
- Click OK.
- Click Save to save your configuration changes.