A service key provider contains Public Key Infrastructure (PKI) credentials that proxy services use for decrypting inbound SOAP messages and for outbound authentication and digital signatures. A PKI credential is a private key paired with a certificate that can be used for digital signatures and encryption (for Web Service Security) and for outbound SSL authentication. The certificate contains the public key that corresponds to the private key.
Note:
To use a service key provider, you must configure a PKI credential mapping provider. See "Configuring the WebLogic Security Framework: Main Steps" in the Oracle Fusion Middleware Developer's Guide for Oracle Service Bus.A single service key provider can contain all of the following PKI credentials:
A key-pair for digital encryption
Proxy services use this key-pair to decrypt inbound SOAP messages that have been encrypted to conform with a Web Services Policy statement. If you want the service key provider to support digital encryption, the key store that is associated with the PKI credential mapper must contain at least one X.509 certificate that supports encryption.
A key-pair for digital signatures
Proxy services use this key-pair when its endpoint is a Web Service and the Web Service requires clients to sign one or more parts of a SOAP envelope.
A key-pair for SSL client authentication (two-way SSL)
Proxy services use this key-pair to authenticate when acting as a client during an outbound TLS/SSL (Secure Sockets Layer) connection; that is, when routing a message to an HTTPS business service or proxy service that requires client-certificate authentication.
You can use the same service key provider for multiple proxy services.
To locate Service Key Providers:
Do either of the following:
Select Project Explorer to display the Projects View page or the Project/Folder View page. Then navigate through projects and folders to find the service key provider.
Select Resource Browser > Service Key Providers. The Summary of Service Key Providers displays the information shown in Table 17-1.
To search for a service key provider, enter part or all of the provider name in the Name field. You can also enter part or all of the provider project name and folder in the Path fields. Click Search.
Click View All to remove the search filters and display all service key providers.
Table 17-1 Service Key Provider Information
| Property | Description |
|---|---|
|
Name |
A unique name for the service key provider. Click on the name to see the View Service Key Provider Details page. See Section 17.3, "Editing Service Key Providers." |
|
Path |
The project name and the name of the folder in which the service key provider resides. Click on the name to see the project or folder that contains this resource. See Section 3.1.1, "Qualifying Resource Names Using Projects and Folders." |
To add a Service Key Provider:
If you have not already done so, click Create to create a new session or click Edit to enter an existing session. See Section 2.1, "Using the Change Center."
Select Project Explorer, then select a project or folder in which to add the service key provider. The Project/Folder View page is displayed.
From the Create Resource list, select Service Key Provider to display the Create a New Service Key Provider page.
In the Service Key Provider Name field, enter a unique name for this service key provider.
In the Description field, enter a description for the service key provider.
Do any of the following steps, shown in Table 17-2.
Table 17-2 Authentication Options
| To Add a Key-Pair for... | Complete These Steps... |
|---|---|
|
Digital encryption |
When you associate this service key provider with a proxy service, Oracle Service Bus embeds the X.509 certificate into the proxy service's WSDL. The proxy service then uses this certificate to encrypt the messages that it sends to its endpoint. The proxy service uses the private key in the PKI credential to decrypt the messages that the endpoint returns. |
|
Digital signatures |
|
|
SSL client authentication (two-way SSL) |
|
Click Save. The service key provider is saved in the current session.
To end the session and deploy the configuration to the run time, click Activate under Change Center.
Use the View Service Key Provider Details page to view and change details of a specific service key provider.
If you have not already done so, click Create to create a new session or click Edit to enter an existing session. See Section 2.1, "Using the Change Center."
Locate the service key provider, as described in Section 17.1, "Locating Service Key Providers."
Click the service key provider name. The View Service Key Provider Details page displays the information shown in Table 17-3.
Table 17-3 Service Key Provider Details
| Property | Description |
|---|---|
|
Service Key Provider Name |
The name of this service key provider. |
|
Last Modified By |
The user who created this service key provider or imported it into the configuration. |
|
Last Modified On |
The date and time that the user created this service key provider or imported it into the configuration. Click the date and time link to view the change history of this resource. See Section 3.23, "View Change History Page." |
|
References |
The number of objects that this service key provider references. If such references exist, click the numeric link to view a list of the objects. See Section 3.22, "Viewing References to Resources." |
|
Referenced by |
The number of objects that reference this service key provider. If such references exist, click the numeric link to view a list of the objects. For example, if you selected this service key provider as the service provider for a specific proxy service, the proxy service is listed as a reference when you click the link. See Section 3.22, "Viewing References to Resources." |
|
Description |
A description of this service key provider, if one exists. |
To make a change to the fields, click Edit. See Section 17.2, "Adding Service Key Providers" for descriptions of the fields.
Click Save to commit the updates in the current session.
To end the session and deploy the configuration to the run time, click Activate under Change Center.
When you delete a service key provider, Oracle Service Bus also deletes the associated alias to key-pair bindings from PKI credential mapping provider. Oracle Service Bus does not delete the associated key-certificate pair from the key store.
If you have not already done so, click Create to create a new session or click Edit to enter an existing session. See Section 2.1, "Using the Change Center."
If any proxy service is configured to use the service key provider, remove the service key provider from the proxy service. See Section 19.5, "Editing Proxy Service Configurations."
Select Resource Browser > Service Key Providers to display the Summary of Service Key Providers page.
Click the Delete icon in the Options field of the service key provider you want to delete. The service key provider is deleted in the current session. If a business service or proxy service has been configured to use a service account, a Deletion Warning icon indicates that you can delete the service key provider with a warning confirmation. This might result in conflicts due to unresolved references from the service to the deleted service key provider.
To end the session and deploy the configuration to the run time, click Activate under Change Center.