Key locator configuration settings
Use this page to specify the settings for a key locator configuration. The key locators retrieve keys from the keystore file for digital signature and encryption. This product enables you to plug in a custom key locator configuration.
- Click .
- Under Additional properties, click Key locators.
- Click New to create a new configuration or click the name of a configuration to modify its settings.
- Click .
- Under Security, click JAX-WS and JAX-RPC security runtime.
Mixed-version environment: In a mixed node cell with a server using Websphere Application Server version 6.1 or earlier, click Web services: Default bindings for Web Services Security.mixv
- Under Additional properties, click Key locators.
- Click New to create a new configuration or click the name of a configuration to modify its settings.
- Click .
- Click .
- Under Web Services Security properties, you can access key locators
for the following bindings:
- For the Request generator, click Web services: Client security bindings. Under Request generator (sender) binding, click .
- For the Request consumer, click Web services: Server security bindings. Under Request consumer (receiver) binding, click .
- For the Response generator, click Web services: Server security bindings. Under Response generator (sender) binding, click .
- For the Response consumer, click Web services: Client security bindings. Under Response consumer (receiver) binding, click .
- Click New to create a new configuration or click the name of a configuration to modify its settings.
Key locator name
Specifies the name of the key locator.
Information | Value |
---|---|
Data type | String |
Key locator class name
Specifies the name for the key locator class implementation.
- com.ibm.wsspi.wssecurity.keyinfo.KeyStoreKeyLocator
- This implementation locates and obtains the key from the specified keystore file.
- com.ibm.wsspi.wssecurity.keyinfo.SignerCertKeyLocator
- This implementation uses the public key from the certificate of
the signer. This class implementation is used by the response generator.
This property is for the JAX-RPC programming model only. To implement signer certificate encryption for the JAX-WS programming model, set a custom property on the callback handler for the encryption token generator. For more information, read the topic Callback handler settings.
- com.ibm.wsspi.wssecurity.keyinfo.X509TokenKeyLocator
- This implementation uses the X.509 security token from the sender message for digital signature validation and encryption. This class implementation is used by the request consumer and the response consumer.
Information | Value |
---|---|
Data type | String |
Keystore
Specifies information about the key store that is used by this key locator configuration.
- None
- Use this option if a key store is not required to be specified for this key locator configuration.
- Predefined keystore
- Use this option if you want to specify a predefined keystore for this key locator configuration.
- User-defined keystore
- Use this option if you want to specify a user-defined key store for this key locator configuration.
Keystore configuration name
Specifies the name of the key store configuration that is defined in the keystore settings in secure communications.
The keystore configuration name is located under the Predefined keystore field, which is located under the Keystore section of the page.
Information | Value |
---|---|
Data type | String |
Keystore password
Specifies the password that is used to access the keystore file.
The keystore password is located under the User-defined keystore field, which is located under the Keystore section of the page.
Information | Value |
---|---|
Data type | String |
Keystore path
Specifies the location of the keystore file.
The path is located under the User-defined keystore field, which is located under the Keystore section of the page.
Information | Value |
---|---|
Data type | String |
Keystore type
Specifies the type of keystore file.
The type is located under the User-defined keystore field, which is located under the Keystore section of the page.
- JKS
- Use this option if you are not using Java™ Cryptography Extensions (JCE) and if your keystore file uses the Java Keystore (JKS) format.
- JCEKS
- Use this option if you are using Java Cryptography Extensions.
JCERACFKS
Use JCERACFKS if the certificates are stored in a SAF key ring (z/OS® only).
- PKCS11KS (PKCS11)
- Use this format if your keystore file uses the PKCS#11 file format. Keystores files that use this format might contain Rivest Shamir Adleman (RSA) keys on cryptographic hardware or might encrypt keys that use cryptographic hardware to ensure protection.
- PKCS12KS (PKCS12)
- Use this option if your keystore file uses the PKCS#12 file format.
Information | Value |
---|---|
Default | JKS |
Range | JKS, JCEKS, PKCS11KS (PKCS11), PKCS12KS (PKCS12) |