Web Service Attributes Editor: Keystore Configuration

See Also 

The Keystore Configuration section of the Web Service Attributes editor is part of the security features provided by the Web Services Interoperability Technology (WSIT).

When you expand the Keystore Configuration section, you find the following subsections:

• Keystore Configuration.
  You must use a keystore file that contains the public or private keys that will be used for authentication by the client or the Web service. The Sun Java System Application Server provides a default server keystore called the keystore.jks file. This file is located in the AppServer_HOME/domains/domain1/config directory.
  You use the following fields in the Keystore Configuration portion of the page to specify the keystore configuration:
  • Location. Specifies the location of the keystore that stores the keys used by the client or the Web service. The default is AppServer_HOME/domains/domain1/config/keystore.jks.
  • Alias. Specifies the key in the specified keystore to be used for authentication.
• Truststore Configuration.
  A keystore is required to house the Certificate Authority (CA) certificates. This keystore is called the cacerts.jks file. This file must contain the public key certificates of the CA or the client's public key certificate at the time the server is authenticating the client. The Sun Java Application Server provides a default cacerts.jks file. This file is located in the AppServer_HOME/domains/domain1/config directory.
  You use the following fields in the Truststore Configuration portion of the page to specify the truststore configuration:
  • Location. Specifies the location and name of the keystore that stores the keys used by the Web service. The default is AppServer_HOME/domains/domain1/config/cacerts.jks.
  • Peer Alias. Specifies which certificate in the truststore is to be used when the client authenticates itself to the Web service.
  • STS Alias. Specifies which certificate in the truststore is to be used when the client or Web service authenticates itself to the Secure Token Service (STS).
  • Service Alias. Specifies which certificate in the truststore is to be used when the Web service authenticates itself to the client.
• Validators.
  If you want to use a callbackHandler to verify that tokens are valid, you must configure the Validator Configuration options. These options specify the classes that are to be used by the default callbackHandler to validate tokens.
  Use the following fields to specify the validators:
  • Username Validator. Specifies the validator class to be used to validate username and password. This option is only used by Web service clients.
  • Timestamp Validator. Specifies the validator class to be used to check the token timestamp to determine whether the expiration time has elapse rending the token invalid.
  • Certificate Validator. Specifies the validator class to be used to validate the certificate supplied by the client or the Web service.
  • SAML Validator. Specifies the validator class to be used to validate the SAML token supplied by the client or the Web service.