Saturday, August 20, 2011

OSB PKI credential mapper provider

There is no PKI credential mapper provider configured in your security realm. Service key provider management will be disabled. Configure a PKI credential mapper provider if you need service provider support. This is typically the case if you have Oracle Service Bus proxy services with web service security enabled or outbound 2-way SSL connections. Security in OSB.

"If a proxy service uses public key infrastructure (PKI) technology for digital signatures, encryption, or SSL authentication, create a service key provider to provide private keys paired with certificates." Service Key Providers. how to create a PKI credential mapper in WLS

see this nice post

First, use keytool to generate a JKS store. keytool.exe is in your JAVA_HOME/bin directory (example: C:\Oracle2\Middleware\jdk160_21\bin)

keytool -genkey -keystore keystorename -storepass keystorepassword
(enter all information, it will generate a keystorename file)
(default keystore type is "jks")

In WL console, go to your myrealm security realm, tab "Providers", "Credential Mappings",

there is a "DefaultCredentialMapper" "WebLogic Credential Mapping Provider".
Create a new one, of type "PKICredentialMapper", edit and go to "Provider Specific"
enter the name of the file you created with keytool (it should have been moved to the DOMAIN_HOME directory), and the password you assigned with keytool


Now in OSB you can create a new Service Key Provider, and enter the 3 keys
Encryption Key , Digital Signature Key, SSL Client Authentication Key
providing the relative password.

No comments: