How to authenticate to a WebService using a CSF Key

In order to do this you need to first set up a Java Keystore. Here are the steps to do this.

Step 1 : Creating the Java Keystore

Go to the domain_home/config/fmwconfig directory, where domain_home is the name and location of the domain for which the keystore is to be used.

Enter a keytool command such as the following to generate the key pair, and to create the keystore if it does not already exist:

You may need to add the jdk/bin directory to your PATH variable definition to invoke the keytool command.

In this command:

  • genkeypair creates a new public/private key pair that is stored in an entry specified by the alias parameter
  • keyalg specifies the algorithm to be used to generate the key pair, in this example RSA
  • alias specifies the alias name orakey to use when referring to the keypair
  • keypass specifies that the password welcome1 be used to protect the private key of the generated key pair
  • keystore creates a keystore named default-keystore.jks. If the keystore already exists, the key pair will be added to the keystore.
  • storepass specifies welcome1 as the password used to protect the integrity of the keystore.
  • validity indicates that the keypair is valid for 3600 days.

The keytool utility prompts for the name, organizational unit and organization, locality (city, state, country) to be used to create the key:

Now , log into Fusion Middleware Control (EM Console), click on your domain ->Security->Security Provider Configuration.


Go to the ‘Keystore’ section and click configure.


Provide the same values as you provided when you used the Keytool to create the keystore and save it.


Step 2 : Adding a Credential to the Credential Store Framework

I’m describing this here using Fusion Middleware Control ( EM Console). You can also do this using WLST. Navigate to your domain->Security-> Credentials


click on ‘Create Key’ in the map that should exist there.


Create a key called ‘basic.credentials’, select type as password, and set a username and password that would be used to authenticate to the WebService you intend to call.



Step 3 Java code that uses the key defined in the Credential Store Framework for authentication to the Webservice.

Refer to this post to see how to generate the Java Web Service Proxy.

Here’s the code you can use in your Webservice Java proxy to authenticate using the Credential Store Framework key we just set up.


Oracle Fusion Middleware Security and Administrator’s Guide for Webservices


Jaideep has more than 20 years of professional software development experience. He has delivered solutions for several domains including financial services, e-Government, criminal justice, and wireless application services. He is a Certified Scrum Master and has mentored several teams to use agile software development techniques. He has delivered several SOA/BPM solutions based on the BEA/Oracle SOA Suite over the last 6 years . His current focus is on helping customers build solutions using Oracle BPM, Webcenter, ADF and SOA Suite 11g and 12c. Jaideep also trains teams on using Oracle BPM and has developed several self paced online video training courses for Oracle BPM 11g and 12c.

Leave a Reply

Notify of