Securing Services Using the AquaLogic Service Bus
Pages: 1, 2, 3, 4

Server Keystore Configuration

Once the keys and keystores have been created, you must configure the server to use these keystores.

1. Start the ALSB/WLS server from the domain directory (for example, run

2. From a browser, run the WebLogic Admin Console (for example, http://localhost:7001/console) and configure WebLogic Server to use the new certificate trust keystore rather than the default demo trust keystore, by selecting the Keystores tab for the server and entering the keystore settings. Note: WebLogic Server doesn't allow the demo identity store to still be used by the server, therefore, the new identity store is also specified in this example even though it will not be used directly by the service bus or application server for Web service message-level security. The screenshots in Figure 2 show example settings (passphrase is "weblogic"):

Figure 2
Figure 2. WebLogic keystore configuration (click the image for a full-size screen shot)

3. Using the WebLogic Admin Console, for the default security realm (myrealm), choose to add a new Provider and then choose to add a new Credential Provider by selecting the New button shown in Figure 3:

Figure 3
Figure 3. Credential mapping provider list (click the image for a full-size screen shot)

Set the name to be WSPKICredentialMapper, for example, and ensure the type is set to PKICredentialMapper, as Figure 4 shows:

Figure 4
Figure 4. New credential mapping provider creation (click the image for a full-size screen shot)

Once saved, choose to edit the provider-specific settings to specify the custom identity keystore as the keystore for this credential mapper, as Figure 5 shows. Note: In this example, the passphrase is "weblogic."

Figure 5
Figure 5. Provider configuration (click the image for a full-size screen shot)

4. Once the changes are saved and activated, restart the WebLogic Server to enable the new keystore settings to be used.

Note: Strictly speaking, a PKI credential mapper does not need to be specified if ALSB/WebLogic Server does not have to sign or encrypt Web service responses (as in this example). However, these additional steps are included to enable Web service response signing/encryption capabilities to be easily accommodated at a later date.

Pages: 1, 2, 3, 4

Next Page ยป