Setting Up Your Environment for Policies 10-17 the csf-key property to App2.credentials. For more information, see Attaching Client Policies Permitting Overrides on page 8-21. Note that in both cases, the usernames and passwords must represent valid users in the OPSS identity store. A password credential can store a username and password. A generic credential can store any credential object. The CSF configuration is maintained in the jps-config.xml file in the domain-home configfmwconfig directory. When you configure the Oracle WSM keystore using Fusion Middleware Control, as described in Configuring the Oracle WSM Keystore on page 10-10, the aliases and passwords that you specify are securely stored in the credential store. If, however, you add other aliases to the keystore, or you need to add authentication credentials for a client, you need to ensure that they are configured and stored in the credential store also, as described in the following section. Adding Keys and User Credentials to the Credential Store You can use Fusion Middleware Control or WLST commands to add keys and user credentials to the credential store. Both methods are described in the following procedures. Using Fusion Middleware Control Follow these steps in Fusion Middleware Control to add keys and certificates to the credential store:

1. In the Navigator pane, expand WebLogic Domain to show the domain for which

you need to configure the keystore. Select the domain.

2. From the WebLogic Domain menu, select Security then Credentials.

Note: The example procedures in this section describe how to add user credentials for the basic.credentials key as described above, and the example ServiceA and ServiceB aliases described in Advanced Setup Considerations on page 10-8. In your own environment, you should use aliases and passwords that are appropriate for your configuration. Before adding key credentials to the credential store, ensure that the private keys and aliases exist in the keystore. You can create them using commands such as the following: keytool -genkeypair -keyalg RSA -alias ServiceA -keypass welcome1 -keystore default-keystore.jks -storepass welcome1 -validity 3600 keytool -genkeypair -keyalg RSA -alias ServiceB -keypass welcome3 -keystore default-keystore.jks -storepass welcome1 -validity 3600 For more information about the keystore, see Generating Private Keys and Creating the Java Keystore on page 10-9.