Key locator configuration settings
Use this page to specify the settings for key locators.
To view this administrative console page, complete the following steps:
- Click Servers > Application Servers > server_name.
- Under Additional Properties, click Web Services: Default bindings for
Web Services Security > Key Locators > New.
-
Key Locator Name
- Specifies the name of the key locator.
-
Key Locator Classname
- Specifies the name for the key locator class implementation.
WebSphere Application Server has the following default key locator class
implementations:
-
com.ibm.wsspi.wssecurity.config.WSldKeyStoreMapKeyLocator
- Maps an authenticated identity to a key. This class is used by the response
sender. If encryption is used, this class is used to locate a key to encrypt
the response message. The com.ibm.wsspi.wssecurity.config.WSldKeyStoreMapKeyLocator
class has the capability to map an authenticated identity from the invocation
credential of the current thread to a key that is used to encrypt the message.
If an authenticated identity is present on the current thread, the class maps
the ID to the mapped name. For example, user1 is mapped to mappedName_1. Otherwise, name="default".
When a matching key is not found, the authenticated identity is mapped to
the default key specified in the binding file.
-
com.ibm.wsspi.wssecurity.config.KeyStoreKeyLocator
- Maps a name to an alias. This class is used by the response receiver,
request sender, and request receiver. The encryption process uses this class
to obtain a key to encrypt a message, and the digital signature process uses
this class to obtain a key to sign a message. The com.ibm.wsspi.wssecurity.config.KeyStoreKeyLocator
class maps a logical name to a key alias in the keystore file. For example,
key #105115176771 is mapped to CN=Alice, O=IBM, c=US.
| Data type |
String |
| Defaults |
com.ibm.wsspi.wssecurity.config.KeyStoreKeyLocator com.ibm.wsspi.wssecurity.config.WSldKeyStoreMapKeyLocator
|
-
Key Store Password
- Specifies the password used to access the keystore file.
-
Key Store Path
- Specifies the location of the keystore file.
Use ${USER_INSTALL_ROOT} as this path expands to the WebSphere
Application Server path on your machine.
-
Key Store Type
- Specifies the type of keystore file.
The value for this field is either JKS or JCEKS:
-
JKS
- Use this option if you are not using Java Cryptography Extensions (JCE).
-
JCEKS
- Use this option if you are using Java Cryptography Extensions.
| Default |
JKS |
| Range |
JKS, JCEKS |