Skip Headers
Oracle® Fusion Middleware Administrator's Guide for Oracle Service Bus
11g Release 1 (11.1.1.7)

Part Number E15867-07
Go to Documentation Home
Home
Go to Book List
Book List
Go to Table of Contents
Contents
Go to Master Index
Master Index
Go to Feedback page
Contact Us

Go to previous page
Previous
Go to next page
Next
PDF · Mobi · ePub

18 Service Key Providers

This chapter describes Service Key Providers and provides steps on how to create, locate, edit, and delete Service Key Provider resources using the Oracle Service Bus Administration Console.

A service key provider contains Public Key Infrastructure (PKI) credentials that proxy services use for decrypting inbound SOAP messages and for outbound authentication and digital signatures. A PKI credential is a private key paired with a certificate that can be used for digital signatures and encryption (for Web Service Security) and for outbound SSL authentication. The certificate contains the public key that corresponds to the private key.

Note:

To use a service key provider, you must configure a PKI credential mapping provider. See "Configuring the WebLogic Security Framework: Main Steps" in the Oracle Fusion Middleware Developer's Guide for Oracle Service Bus.

A single service key provider can contain all of the following PKI credentials:

You can use the same service key provider for multiple proxy services.

18.1 Locating Service Key Providers

To locate Service Key Providers:

  1. Do either of the following:

    • Select Project Explorer to display the Projects View page or the Project/Folder View page. Then navigate through projects and folders to find the service key provider.

    • Select Resource Browser > Service Key Providers. The Summary of Service Key Providers displays the information shown in Table 18-1.

  2. To search for a service key provider, enter part or all of the provider name in the Name field. You can also enter part or all of the provider project name and folder in the Path fields. Click Search.

    Click View All to remove the search filters and display all service key providers.

Table 18-1 Service Key Provider Information

Property Description

Name

A unique name for the service key provider. Click the name to see the View Service Key Provider Details page. See Section 18.3, "Editing Service Key Providers."

Path

The project name and the name of the folder in which the service key provider resides. Click the name to see the project or folder that contains this resource. See Section 4.1.1, "Qualifying Resource Names Using Projects and Folders."


18.2 Adding Service Key Providers

To add a Service Key Provider:

  1. If you have not already done so, click Create to create a new session or click Edit to enter an existing session. See Section 3.1, "Using the Change Center."

  2. Select Project Explorer, then select a project or folder in which to add the service key provider. The Project/Folder View page is displayed.

  3. From the Create Resource list, select Service Key Provider to display the Create a New Service Key Provider page.

  4. In the Service Key Provider Name field, enter a unique name for this service key provider.

    Follow the Section 2.3, "Resource Naming Restrictions" for naming guidance.

  5. In the Description field, enter a description for the service key provider.

  6. Do any of the following steps, shown in Table 18-2.

    Table 18-2 Authentication Options

    To Add a Key-Pair for... Complete These Steps...

    Digital encryption

    1. Next to Encryption Key, click Browse.

      The Select an alias for Encryption Key window displays the key aliases from the key store that your realm's PKI credential mapper is using.

    2. In the Select an alias for Encryption Key window, enter the password that you use to secure access to the key store. (You set the password when you create the keystore.)

    3. Select a key alias that maps to an X.509 certificate and that supports encryption.

    4. Click Submit.

    When you associate this service key provider with a proxy service, Oracle Service Bus embeds the X.509 certificate into the proxy service's WSDL. The proxy service then uses this certificate to encrypt the messages that it sends to its endpoint. The proxy service uses the private key in the PKI credential to decrypt the messages that the endpoint returns.

    Digital signatures

    1. Next to Digital Signature Key, click Browse.

      The Select an alias for Digital Signature Key window displays the key aliases from the key store that your realm's PKI credential mapper is using.

    2. In the Select an alias for Digital Signature Key window, enter the password that you use to secure access to the key store. (You set the password when you create the keystore.)

    3. Select a key alias.

    4. Click Submit.

    SSL client authentication (two-way SSL)

    1. Next to SSL Client Authentication Key, click Browse.

      The Select an alias for SSL Client Authentication Key window displays the key aliases from the key store that your realm's PKI credential mapper is using.

    2. In the Select an alias for SSL Client Authentication Key window, enter the password that you use to secure access to the key store. (You set the password when you create the keystore.)

    3. Select a key alias.

    4. Click Submit.


  7. Click Save. The service key provider is saved in the current session.

  8. To end the session and deploy the configuration to the runtime, click Activate under Change Center.

18.3 Editing Service Key Providers

Use the View Service Key Provider Details page to view and change details of a specific service key provider.

  1. If you have not already done so, click Create to create a new session or click Edit to enter an existing session. See Section 3.1, "Using the Change Center."

  2. Locate the service key provider, as described in Section 18.1, "Locating Service Key Providers."

  3. Click the service key provider name. The View Service Key Provider Details page displays the information shown in Table 18-3.

    Table 18-3 Service Key Provider Details

    Property Description

    Service Key Provider Name

    The name of this service key provider.

    Last Modified By

    The user who created this service key provider or imported it into the configuration.

    Last Modified On

    The date and time that the user created this service key provider or imported it into the configuration. Click the date and time link to view the change history of this resource. See Section 4.23, "View Change History Page."

    References

    The number of objects that this service key provider references. If such references exist, click the numeric link to view a list of the objects. See Section 4.22, "Viewing References to Resources."

    Referenced by

    The number of objects that reference this service key provider. If such references exist, click the numeric link to view a list of the objects. For example, if you selected this service key provider as the service provider for a specific proxy service, the proxy service is listed as a reference when you click the link. See Section 4.22, "Viewing References to Resources."

    Description

    A description of this service key provider, if one exists.


  4. To make a change to the fields, click Edit. See Section 18.2, "Adding Service Key Providers" for descriptions of the fields.

  5. Click Save to commit the updates in the current session.

  6. To end the session and deploy the configuration to the runtime, click Activate under Change Center.

18.4 Deleting Service Key Providers

When you delete a service key provider, Oracle Service Bus also deletes the associated alias to key-pair bindings from PKI credential mapping provider. Oracle Service Bus does not delete the associated key-certificate pair from the key store.

  1. If you have not already done so, click Create to create a new session or click Edit to enter an existing session. See Section 3.1, "Using the Change Center."

  2. If any proxy service is configured to use the service key provider, remove the service key provider from the proxy service. See Section 20.5, "Editing Proxy Service Configurations."

  3. Select Resource Browser > Service Key Providers to display the Summary of Service Key Providers page.

  4. Click the Delete icon in the Options field of the service key provider you want to delete. The service key provider is deleted in the current session. If a business service or proxy service has been configured to use a service account, a Deletion Warning icon indicates that you can delete the service key provider with a warning confirmation. This might result in conflicts due to unresolved references from the service to the deleted service key provider.

  5. To end the session and deploy the configuration to the runtime, click Activate under Change Center.