The following information provides instructions on how
to configure key locators using an assembly tool.
About this task
Important: There is an important distinction
between Version 5.x and Version 6 and later applications. The
information supports Version 5.x applications only that are
used with WebSphere® Application Server Version 6.0.x and
later. The information does not apply to Version 6.0.x and
later applications.
You can configure key locators in various
locations within the assembly tool. The following procedure provides
instructions on how to configure key locators at any of these locations
because the concept is the same.
Procedure
- Start an assembly tool.
For more information,
see the related information on Assembly Tools.
- Switch to the Java™ Platform,
Enterprise Edition (Java EE)
perspective. Click .
- Click .
- Right-click the application-client.xml file,
select , and click the WS
Binding tab.
The Client Deployment Descriptor
is displayed.
- Click the WS Binding tab in deployment descriptor
editor within the assembly tool or the Binding configurations tab
in the Web services editor within the assembly tool.
- Expand one of the Binding configuration sections.
- Expand the Key locators section.
- Click Add to create a new key locator,
click Edit to edit an existing key locator,
or click Remove to delete an existing key locator.
- Enter a key locator name.
The name entered for
the Key locator name is used to refer to the
key locator from the Encryption information and Signing Information
sections.
- Enter a key locator class.
The key locator class
is the implementation of the KeyLocator
interface.
When using default implementations, select a class from the menu.
- Determine whether to click Use key store.
Select this option when you use the default implementations
as they use key stores. If you click Use key store,
complete the following steps:
- Enter a value in the key store storepass field.
The key store storepass is the password
used to access the key store.
- Enter a path name in the key store path field.
The
key store path is the location on the file system where the key store
resides. Make sure that the location can be found wherever you deploy
the application.
- Enter a type value in the key store type field.
The valid types to enter are JKS and JCEKS. JKS is used when
you are not using the Java Cryptography
Extensions (JCE) policy. JCEKS is used when you are using JCE. Although
the JCEKS type is more secure, it might decrease performance.
- Click Add to create an entry
for a key in the key store.
- Enter a value in the Alias field.
The key alias is a reference
to this particular key from the Signing Information section.
- Enter a value in the Key pass field.
The
key pass is the password associated with the certificate which is
created using the Java SE Development Kit 6 keytool.exe file.
The key pass is the password associated with the
certificate which is created using the keytool utility. The keytool
utility is available using the QShell Interpreter.
- Enter a value in the Key name field.
The key name refers to
the alias of the certificate as found in the key store.
- Click Add to create a custom property.
The property can be used by custom key locator implementations.
For example, you can use properties with the
WSIdKeyStoreMapKeyLocator
default
implementation. The key locator implementation has the following property
names:
- id_, which maps to a credential
user ID.
- mappedName_ , which maps to
the key alias to use for this user name.
- default, which maps to a key
alias to use when a credential does not have an associated id_ entry.
A typical set of properties for this key locator might be:
id_1=user1
, mappedName_1=key1
, id_2=user2
, mappedName_2=key2
, default=key3
. If user1
or user2
authenticates, then the associated key1
or key2
is
used, respectively. However, if none of the user properties authenticate
or the user is not user1
or user2
, then key3
is
used.
- Enter a name in the Name field.
The name
entered is the property name.
- Enter a value in the Value field.
This value
entered is the property value.