...
Property | Sample Value | Description |
---|---|---|
ldapServerConfig arguments |
| URL, baseDN and credentials of LDAP Server |
certObjectClass | inetOrgPerson | LDAP object class used to store certificates |
attrUID | uid | Attribute containing X509 subject DN |
attrIssuerID | manager | LDAP attribute containing X509 issuer DN |
attrSerialNumber | employeeNumber | LDAP attribute containing X509 serial number |
attrCrtBinary | userCertificate | LDAP attribute containing X509 certificate content |
constAttrNamesCSV | sn | Comma separated list of mandatory LDAP attributes |
constAttrValuesCSV | X509 certificate | Comma separated list of mandatory LDAP attributes values |
serviceCertRDNTemplate | cn=%s,ou=services | Relative distinguished name for service certificates |
serviceCertUIDTemplate | cn=%s | Template to transform service QName to DN for storing into attrUID |
trustedAuthorityFilter | (&(objectClass=inetOrgPerson)(ou:dn:=CAs)) | Filter to determine trusted CAs for trusted chain validation |
intermediateFilter | (objectClass=inetOrgPerson) | Filter to determine intermediate certificates for trusted chain validation |
Integration XKMS client into CXF
...
runtime.
XKMS client can be integrated into CXF and WSS4J using custom Crypto provider implementation. In this case XKMS service will be automatically invoked when WSS4J requires or validates certificate. Details are described in this blog. Sample XKMS based implementation of WSS4J Crypto interface is contributed into XKMS Client component.
Data Formats
Input and output data formats are specified in XML Key Management Service Specification Version 2.0 (see XKMS 2.0). Anyway XKMS service supports only subset of specified requests and responses.
Restrictions of formats for request and responses are described in following table:
...