Using the Oracle Service Bus Console

     Previous  Next    Open TOC in new window    View as PDF - New Window  Get Adobe Reader - New Window
Content starts here

Service Key Providers

A service key provider contains Public Key Infrastructure (PKI) credentials that proxy services use for decrypting inbound SOAP messages and for outbound authentication and digital signatures. A PKI credential is a private key paired with a certificate that can be used for digital signatures and encryption (for Web Service Security) and for outbound SSL authentication. The certificate contains the public key that corresponds to the private key.

Note: To use a service key provider, you must configure a PKI credential mapping provider. See “Configuring the WebLogic Security Framework: Main Steps” under Understanding Oracle Service Bus Security in Oracle Service Bus Security Guide.

A single service key provider can contain all of the following PKI credentials:

You can use the same service key provider for multiple proxy services.

Locating Service Key Providers

  1. Do either of the following:
    • Select Project Explorer to display the Projects View page or the Project/Folder View page. Then navigate through projects and folders to find the service key provider.
    • Select Resource Browser > Service Key Providers. The Summary of Service Key Providers displays the information shown in Table 15-1.
  2. To search for a service key provider, enter part or all of the provider name in the Name field. You can also enter part or all of the provider project name and folder in the Path fields. Click Search.

    3. Click View All to remove the search filters and display all service key providers.

    Table 15-1 Service Key Provider Information 
    Property
    Description
    Name
    A unique name for the service key provider. Click on the name to see the View Service Key Provider Details page. See Editing Service Key Providers.
    Path
    The project name and the name of the folder in which the service key provider resides. Click on the name to see the project or folder that contains this resource. See Qualifying Resource Names Using Projects and Folders.

Adding Service Key Providers

  1. If you have not already done so, click Create to create a new session or click Edit to enter an existing session. See Using the Change Center.
  2. Select Project Explorer, then select a project or folder in which to add the service key provider. The Project/Folder View page is displayed.
  3. From the Create Resource drop-down list, select Service Key Provider to display the Create a New Service Key Provider page.
  4. In the Service Key Provider Name field, enter a unique name for this service key provider.
  5. In the Description field, enter a description for the service key provider.
  6. Do any of the following steps, shown in Table 15-2.

    7. Table 15-2 Authentication Options 
    To Add a Key-Pair for...
    Complete These Steps...
    Digital encryption
    1. Next to Encryption Key, click Browse.

      2. The Select an alias for Encryption Key window displays the key aliases from the key store that your realm’s PKI credential mapper is using.

    2. In the Select an alias for Encryption Key window, enter the password that you use to secure access to the key store. (You set the password when you create the keystore.)
    3. Select a key alias that maps to an X.509 certificate and that supports encryption.
    4. Click Submit.
    When you associate this service key provider with a proxy service, Oracle Service Bus embeds the X.509 certificate into the proxy service’s WSDL. The proxy service then uses this certificate to encrypt the messages that it sends to its endpoint. The proxy service uses the private key in the PKI credential to decrypt the messages that the endpoint returns.
    Digital signatures
    1. Next to Digital Signature Key, click Browse.

      2. The Select an alias for Digital Signature Key window displays the key aliases from the key store that your realm’s PKI credential mapper is using.

    2. In the Select an alias for Digital Signature Key window, enter the password that you use to secure access to the key store. (You set the password when you create the keystore.)
    3. Select a key alias.
    4. Click Submit.
    SSL client authentication (two-way SSL)
    1. Next to SSL Client Authentication Key, click Browse.

      2. The Select an alias for SSL Client Authentication Key window displays the key aliases from the key store that your realm’s PKI credential mapper is using.

    2. In the Select an alias for SSL Client Authentication Key window, enter the password that you use to secure access to the key store. (You set the password when you create the keystore.)
    3. Select a key alias.
    4. Click Submit.

  7. Click Save. The service key provider is saved in the current session.
  8. To end the session and deploy the configuration to the run time, click Activate under Change Center.

Editing Service Key Providers

Use the View Service Key Provider Details page to view and change details of a specific service key provider.

  1. If you have not already done so, click Create to create a new session or click Edit to enter an existing session. See Using the Change Center.
  2. Locate the service key provider, as described in Locating Service Key Providers.
  3. Click the service key provider name. The View Service Key Provider Details page displays the information shown in Table 15-3.

    4. Table 15-3 Service Key Provider Details 
    Property
    Description
    Service Key Provider Name
    The name of this service key provider.
    Last Modified By
    The user who created this service key provider or imported it into the configuration.
    Last Modified On
    The date and time that the user created this service key provider or imported it into the configuration. Click the date and time link to view the change history of this resource. See View Change History page.
    References
    The number of objects that this service key provider references. If such references exist, click the numeric link to view a list of the objects. See Viewing References to Resources.
    Referenced by
    The number of objects that reference this service key provider. If such references exist, click the numeric link to view a list of the objects. For example, if you selected this service key provider as the service provider for a specific proxy service, the proxy service is listed as a reference when you click the link. See Viewing References to Resources.
    Description
    A description of this service key provider, if one exists.

  4. To make a change to the fields, click Edit. See Adding Service Key Providers for descriptions of the fields.
  5. Click Save to commit the updates in the current session.
  6. To end the session and deploy the configuration to the run time, click Activate under Change Center.

Deleting Service Key Providers

When you delete a service key provider, Oracle Service Bus also deletes the associated alias to key-pair bindings from PKI credential mapping provider. Oracle Service Bus does not delete the associated key-certificate pair from the key store.

  1. If you have not already done so, click Create to create a new session or click Edit to enter an existing session. See Using the Change Center.
  2. If any proxy service is configured to use the service key provider, remove the service key provider from the proxy service. See Editing Proxy Service Configurations.
  3. Select Resource Browser > Service Key Providers to display the Summary of Service Key Providers page.
  4. Click the Delete icon in the Options field of the service key provider you want to delete. The service key provider is deleted in the current session. If a business service or proxy service has been configured to use a service account, a Deletion Warning icon indicates that you can delete the service key provider with a warning confirmation. This might result in conflicts due to unresolved references from the service to the deleted service key provider.
  5. To end the session and deploy the configuration to the run time, click Activate under Change Center.

  Back to Top       Previous  Next