The PKI (Public Key Infrastructure) Credential Mapping provider included in WebLogic Server maps (a) a WebLogic Server subject (the initiator) and target resource (and an optional credential action) to (b) a key pair or public certificate that can be used by applications when accessing the targeted resource. The PKI Credential Mapping provider uses the subject and resource name to retrieve the corresponding credential from the keystore.
Configure the infrastructure for using key pair or certificate credential mappings:
- Configure a PKI Credential Mapping provider. A PKI Credential Mapping provider is not already configured in the default security realm (myrealm).
- Configure keystores with appropriate keys and distribute the keystores on all machines in a WebLogic Server cluster. For information about setting up keystores, see the help for the Java keytool utility at http://java.sun.com/j2se/1.4.2/docs/tooldocs/solaris/keytool.html .
To create a key pair or certificate based credential mapping for the WebLogic Credential Mapping provider:
- In the left pane, select Security Realms and click the name of the realm you are configuring (for example, myrealm)
- Select Credential Mappings > PKI. The PKI Credential Mappings table lists the PKI Credential Mappings configured in this security realm.
- Click New. The Create a New Security Credential Mapping page appears.
- Enter information about the remote resource to be accessed using this credential mapping. This information is used to identify the remote resource and can include one or more of the following:
- Protocol—The protocol to use to reach the remote resource.
- Remote Host—The host name of the remote resource.
- Remote Port—The port number of the remote resource.
- Path—If the remote resource is identified by a path, rather than a hostname and port.
- Method—The method on the remote resource this credential is used with.
- On the Create a New Security Credential Map Entry page, select Key Pair or Certificate to indicate the type of credential you are mapping to.
- Enter the name of the principal that you are mapping from. This is the WebLogic username that will be the initiator when you want to access the remote resource using this credential mapping.
- Indicate whether the principal that you are mapping from is a user or a group.
- Optionally, specify a credential action.
- Enter the alias used in the keystore to identify the credential.
- If this is a Key Pair credential, enter the password used to retrieve the credential from the keystore.
- Click Finish.