Administration Console Online Help

Previous Next Open TOC in new window
Content starts here

Create PKI Credential Mappings

Before you begin

Configure the infrastructure for using key pair or certificate credential mappings:

  1. Configure a PKI Credential Mapping provider. A PKI Credential Mapping provider is not already configured in the default security realm (myrealm). See Configure Credential Mapping Providers.
  2. Configure keystores with appropriate keys and distribute the keystores on all machines in a WebLogic Server cluster. For information about setting up keystores, see the help for the Java keytool utility at http://java.sun.com/j2se/1.4.2/docs/tooldocs/solaris/keytool.html . See also Configuring Identity and Trust for information about keystores and keys in WebLogic Server.

To create a key pair or certificate based credential mapping for the WebLogic Credential Mapping provider:

  1. In the left pane, select Security Realms and click the name of the realm you are configuring (for example, myrealm).
  2. Select Credential Mappings > PKI.

    The PKI Credential Mappings table lists the PKI Credential Mappings configured in this security realm.

  3. Click New.

    The Create a New Security Credential Mapping page appears.

  4. Enter information about the remote resource to be accessed using this credential mapping. This information is used to identify the remote resource and can include one or more of the following:
    1. Protocol—The protocol to use to reach the remote resource.
    2. Remote Host—The host name of the remote resource.
    3. Remote Port—The port number of the remote resource.
    4. Path—If the remote resource is identified by a path, rather than a hostname and port.
    5. Method—The method on the remote resource this credential is used with.

    Click Next.

  5. On the Create a New Security Credential Map Entry page, select Key Pair or Certificate to indicate the type of credential you are mapping to.
  6. Enter the name of the principal that you are mapping from. This is the WebLogic username that will be the initiator when you want to access the remote resource using this credential mapping.
  7. Indicate whether the principal that you are mapping from is a user or a group.
  8. Optionally, specify a credential action. See Credential Actions.
  9. Enter the alias used in the keystore to identify the credential.
  10. If this is a Key Pair credential, enter the password used to retrieve the credential from the keystore.
  11. Click Finish.

Back to Top