Database Reference
In-Depth Information
folder. The keystore configuration is available in jps-config.xml under the
serviceInstance element with an attribute titled keystore:
<!-- KeyStore Service Instance -->
<serviceInstance name="keystore" provider="keystore.provider" location= "./default-keystore.jks" >
<description>Default JPS Keystore Service</description>
<property name="keystore.type" value= "JKS" />
<property name="keystore.csf.map" value= "oracle.wsm.security" />
<property name="keystore.pass.csf.key" value= "keystore-csf- key" />
<property name="keystore.sig.csf.key" value= "sign-csf-key" />
<property name="keystore.enc.csf.key" value= "enc-csf-key" />
</serviceInstance>
The preceding configuration in property name value pairs indicates that
./default-keystore.jks is the keystore file of JKS (Java Keystore) type,
and it is in the current directory containing the certificate keys responsible for
message level security such as message signing and encryption. However, as
stated earlier, the credentials required to access a keystore as well as the ali-
ases defined within it are stored separately in a credential store. The credential
store is a file-based store materialized as an encrypted cwallet.sso file and
configured in jps-config.xml as shown:
<!-- JPS Credential Store Service Instance -->
<serviceInstance name="credstore" provider="credstoressp" location="./">
<description>File Based Credential Store Service Instance </description>
</serviceInstance>
The following diagram shows a logical depiction of the relationship between a
keystore and a credential store. For the ease of explanation, the diagram depicts
a single alias storekey that is used for all the keys in the credential store. The
credential store is split into maps containing a set of keys that points to the actual
credential. The aliases created in the keystore must have a corresponding cre-
dential in the credential store. The predefined credential map used in OWSM is
oracle.wsm.security . For example, if you name an alias as storekey in
the keystore, there must be a credential defined as storekey in the credential
Search WWH ::




Custom Search