A service key provider contains Public Key Infrastructure (PKI) credentials that proxy services use for decrypting inbound SOAP messages and for outbound authentication and digital signatures. A PKI credential is a private key paired with a certificate that can be used for digital signatures and encryption (for Web Service Security) and for outbound SSL authentication. The certificate contains the public key that corresponds to the private key.
Note: | To use a service key provider, you must configure a PKI credential mapping provider. See "Configuring the WebLogic Security Framework: Main Steps" under Understanding AquaLogic Service Bus Security in AquaLogic Service Bus Security Guide. |
A single service key provider can contain all of the following PKI credentials:
Proxy services use this key-pair to decrypt inbound SOAP messages that have been encrypted to conform with a Web Services Policy statement. If you want the service key provider to support digital encryption, the key store that is associated with the PKI credential mapper must contain at least one X.509 certificate that supports encryption.
Proxy services use this key-pair when its endpoint is a Web Service and the Web Service requires clients to sign one or more parts of a SOAP envelope.
Proxy services use this key-pair to authenticate when acting as a client during an outbound TLS/SSL (Secure Sockets Layer) connection; that is, when routing a message to an HTTPS business service or proxy service that requires client-certificate authentication.
You can use the same service key provider for multiple proxy services.