How to authenticate to a WebService using a CSF Key

In order to do this you need to first set up a Java Keystore. Here are the steps to do this.

Step 1 : Creating the Java Keystore

Go to the domain_home/config/fmwconfig directory, where domain_home is the name and location of the domain for which the keystore is to be used.

Enter a keytool command such as the following to generate the key pair, and to create the keystore if it does not already exist:

You may need to add the jdk/bin directory to your PATH variable definition to invoke the keytool command.

In this command:

  • genkeypair creates a new public/private key pair that is stored in an entry specified by the alias parameter
  • keyalg specifies the algorithm to be used to generate the key pair, in this example RSA
  • alias specifies the alias name orakey to use when referring to the keypair
  • keypass specifies that the password welcome1 be used to protect the private key of the generated key pair
  • keystore creates a keystore named default-keystore.jks. If the keystore already exists, the key pair will be added to the keystore.
  • storepass specifies welcome1 as the password used to protect the integrity of the keystore.
  • validity indicates that the keypair is valid for 3600 days.

The keytool utility prompts for the name, organizational unit and organization, locality (city, state, country) to be used to create the key:

Now , log into Fusion Middleware Control (EM Console), click on your domain ->Security->Security Provider Configuration.


Go to the ‘Keystore’ section and click configure.


Provide the same values as you provided when you used the Keytool to create the keystore and save it.


Step 2 : Adding a Credential to the Credential Store Framework

I’m describing this here using Fusion Middleware Control ( EM Console). You can also do this using WLST. Navigate to your domain->Security-> Credentials


click on ‘Create Key’ in the map that should exist there.


Create a key called ‘basic.credentials’, select type as password, and set a username and password that would be used to authenticate to the WebService you intend to call.



Step 3 Java code that uses the key defined in the Credential Store Framework for authentication to the Webservice.

Refer to this post to see how to generate the Java Web Service Proxy.

Here’s the code you can use in your Webservice Java proxy to authenticate using the Credential Store Framework key we just set up.


Oracle Fusion Middleware Security and Administrator’s Guide for Webservices