Configuring XML digital signature for Version 5.x web services with the administrative console
XML digital signature provides both message integrity and authentication capabilities when it is used with SOAP messages. XML digital signature is one of the methods WebSphere® Application Server provides to secure web services. You can use the WebSphere® Application Server administrative console to configure XML digital signature.
Subtopics
Login mappings collection
Use this page to view a list of configurations for validating security tokens within incoming messages. Login mappings map an authentication method to a Java™ Authentication and Authorization Service (JAAS) login configuration to validate the security token. Four authentication methods are predefined in the WebSphere® Application Server: BasicAuth, Signature, IDAssertion, and Lightweight Third Party Authentication (LTPA).Login mapping configuration settings
Use this page to specify the Java Authentication and Authorization Service (JAAS) login configuration settings that are used to validate security tokens within incoming messages.Configuring nonce using Web Services Security tokens
Nonce is a randomly generated, cryptographic token that is used to thwart the highjacking of user name tokens, which are used with SOAP messages. Use nonce in conjunction with the BasicAuth authentication method.Configuring trust anchors using the administrative console
Use the WebSphere Application Server administrative console to configure trust anchors that specify keystores which contain trusted root certificates to validate the signer certificate.Configuring the client-side collection certificate store using the administrative console
You can configure the client-side collection certificate store by using the administrative console.Configuring the server-side collection certificate store using the administrative console
You can configure the collection certificate either by using an assembly tool or the WebSphere Application Server administrative console.Configuring default collection certificate stores at the server level in the WebSphere Application Server administrative console
You can define a single collection certificate store for all of the applications that need to use the same certificates. Use the WebSphere Application Server administrative console to configure the default collection certificate store at the server level.Configuring default collection certificate stores at the cell level in the WebSphere Application Server administrative console
A collection certificate store is a collection of non-root certificate authority (CA) certificates and certificate revocation lists (CRLs). Use this collection of CA certificates and CRLs to check the signature of a digitally signed SOAP message. A certificate store typically refers to a certificate store that is located in the file system.Configuring key locators using the administrative console
You can configure binding information and key locators using the WebSphere Application Server administrative console.Configuring server and cell level key locators using the administrative console
A key locator typically locates a key store in the file system. You can configure server and cell-level key locators for a specific application by using the WebSphere Application Server administrative console. You can configure binding information in the administrative console; however, for extensions, you must use an assembly tool.Configuring the security bindings on a server acting as a client using the administrative console
Use the web services client editor within an assembly tool to include the binding information, that describes how to run the security specifications found in the extensions, in the client enterprise archive (EAR) file.Configuring the server security bindings using the administrative console
Use the WebSphere Application Server administrative console to edit bindings for a web service after these bindings are deployed on a server.


File name: container_wssec_admin_xml_digsign_v5.html