Configuring the key information in JAX-WS WS-Security bindings
In the WS-Security bindings, you can modify the key information that the JAX-WS
WS-Security run time uses when emitting X.509
keys or certificates in the
<ds:KeyInfo>
element in the Security header of a SOAP message. The default
key information for outbound digital signature is Security token reference and the default key
information for outbound encryption is Key identifier. It is not necessary to change these values.
You would want to go through this procedure if, for instance, the Security header in your outbound
message currently contains a <wsse:KeyIdentifier>
in the
<ds:KeyInfo>
element and the receiver of your messages is requiring a
<ds:X509IssuerSerial>
.
Before you begin
About this task
<ds:KeyInfo>
element that you need. You are selecting the
key information type that you want to use for outbound digital signature, encryption or both. The
JAX-WS run time in the WebSphere® Application Server
supports the following key information types:- Security token reference
- Key identifier
X509
issuer name and issuer serial- Embedded token
- Thumbprint
For more information about the <ds:KeyInfo>
element, see Key Information.
Here is the general procedure for editing your bindings to change the key information types.
Procedure
Results
Example
Here is a sample procedure that uses the Client sample
general bindings.
- In the administrative console, open your bindings and browse to Authentication and
protection.
- Click .
- Click .
- Find the name of the key information associated with the sign part.
- For Request message signature and encryption protection, open the
asymmetric sign part (
asymmetric-signingInfoRequest
). - Note the name of the Signing key information (
gen_signkeyinfo
). - Click Cancel.
- For Request message signature and encryption protection, open the
asymmetric sign part (
- Find the name of the key information that is associated with the encrypt part.
- For Request message signature and encryption protection, open the
asymmetric encrypt part
(
asymmetric-encryptionInfoRequest
). - Note the name of the Encryption key information (
gen_enckeyinfo
). - Click Cancel.
- For Request message signature and encryption protection, open the
asymmetric encrypt part
(
- Browse to Keys and certificates.
- Click WS-Security.
- Click Keys and certificates.
- Set the outbound signing key information.
- Select the name of the signing key information that you noted
(
gen_signkeyinfo
). - For Type, select the key information type that you want to use for digital signature.
- In the Type drop-down, you will see the
following:
Key identifier Security token reference Embedded token X509 issuer name and issuer serial Thumbprint
- Click OK.
- Select the name of the signing key information that you noted
(
- Set the outbound encryption key information.
- Select the name of the encryption key information that you noted
(
gen_enckeyinfo
). - For Type, select the key information type that you want to use for encryption.
- In the Type drop-down, you will see the
following:
Key identifier Security token reference Embedded token X509 issuer name and issuer serial Thumbprint
- Click OK.
- Select the name of the encryption key information that you noted
(
- Click Save to save your configuration changes.