Changing keystore and key passwords - 8.0

Talend ESB STS User Guide

Version
8.0
Language
English (United States)
Product
Talend Data Fabric
Talend Data Services Platform
Talend ESB
Talend MDM Platform
Talend Open Studio for ESB
Talend Real-Time Big Data Platform
Module
Talend ESB
Talend Runtime
Content
Design and Development
Installation and Upgrade

To change the service keystore password, set the entry org.apache.wss4j.crypto.merlin.keystore.password in the etc/keystores/serviceKeystore.properties to the password of your servicestore.jks keystore.

To change the service key password, edit the following configurations where the service key is used for signature:
etc/org.talend.esb.auxiliary.storage.service.cfg:security.signature.properties = file:${tesb.home}/etc/keystores/serviceKeystore.properties
etc/org.talend.esb.job.service.cfg:security.signature.properties = file:${tesb.home}/etc/keystores/serviceKeystore.properties
etc/org.talend.esb.registry.service.admin.cfg:security.signature.properties = file:${tesb.home}/etc/keystores/serviceKeystore.properties
etc/org.talend.esb.registry.service.lookup.cfg:security.signature.properties = file:${tesb.home}/etc/keystores/serviceKeystore.properties
etc/org.talend.esb.sam.service.rest.cfg:security.signature.properties = file:${tesb.home}/etc/keystores/serviceKeystore.properties
etc/org.talend.esb.sam.service.soap.cfg:security.signature.properties = file:${tesb.home}/etc/keystores/serviceKeystore.properties

In addition to the keystore properties file reference, the following related properties are defined:

security.signature.username = myservicekey
security.signature.password = skpass

Where the service keystore is used, the key alias (the username property) and the key password (the password property) must match the corresponding parameters of the key.

To change the client keystore password, set the entry org.apache.wss4j.crypto.merlin.keystore.password the in etc/keystores/clientKeystore.properties to the password of your clientstore.jks keystore.

To change the client key password, edit the following configurations where the client key is used for signature or SAML token requests:
org.talend.esb.job.client.cfg:security.signature.properties = file:${tesb.home}/etc/keystores/clientKeystore.properties
org.talend.esb.sam.agent.cfg:security.signature.properties = file:${tesb.home}/etc/keystores/clientKeystore.properties

In addition to the keystore properties file reference, the following related properties are defined:

security.signature.username = myclientkey
security.signature.password = ckpass
Furthermore, some configurations use the client key as identity for token requests at STS:
org.talend.esb.auxiliary.storage.client.rest.cfg:security.sts.token.properties = clientKeystore.properties
org.talend.esb.job.client.sts.cfg:security.sts.token.properties = file:${tesb.home}/etc/keystores/clientKeystore.properties
org.talend.esb.registry.client.policy.cfg:security.sts.token.properties = clientKeystore.properties
org.talend.esb.registry.client.wsdl.cfg:security.sts.token.properties = clientKeystore.properties
org.talend.esb.sam.agent.cfg:security.sts.token.properties = file:${tesb.home}/etc/keystores/clientKeystore.properties

In addition to the keystore properties file reference, they define the following related properties:

security.sts.token.username = myclientkey

Where the client keystore is used, the key alias (the username property) and the key password (the password property) must match the corresponding parameters of the key.

To change the STS keystore password, set the entry org.apache.wss4j.crypto.merlin.keystore.password in the etc/keystores/stsKeystore.properties to the password of your sts.jks keystore.

For the STS key, the key alias mystskey and the key password stskpass cannot be changed because separate key passwords will disappear anyway in the future as they are specific to the proprietary Java keystore format.