When do you need this
You need to configure at PKI provider if you want to use Service Key Providers in Oracle Service Bus. When trying to use a Service Key Provider in the OSB, yo might have run into the following error:
There is no PKI credential mapper provider configured in your security realm. Service key provider management will be disabled. Configure a PKI credential mapper provider if you need service provider support. This is typically the case if you have Oracle Service Bus proxy services with web service security enabled or outbound 2-way SSL connections.
Fortunately it is quite easy to create a PKI Provider using the WebLogic Console. But sometimes it's just easier to do it using WLST, especially if you have many environments to configure.
Creating a PKI Provider with WLST
Fortunately it is quite easy to create a PKI provider using WLST as well. The following WLST script should give you an idea of how to create a PKI Provider
#Fetch domain name from arguments
if len(sys.argv) == 4:
domain_name = sys.argv[1]
filepath = sys.argv[2]
password = sys.argv[3]
else:
print 'Usage: wlst.cmd change-ds-password.py <DOMAIN_NAME> <KEYSTORE FILEPATH> <KEYSTORE PASS>'
# Variables
domain_home=/<PATH TO DOMAINS FOLDER>/+domain_name
#Connect to Admin Server
connect('weblogic','<WLS PASSWORD>','t3://localhost:7001')
edit()
startEdit()
cd('/SecurityConfiguration/'+domain_name+'/Realms/myrealm')
cmo.createCredentialMapper('PKIProvider', 'weblogic.security.providers.credentials.PKICredentialMapper')
cd('/SecurityConfiguration/'+domain_name+'/Realms/myrealm/CredentialMappers/PKIProvider')
cmo.setKeyStoreFileName(filepath)
encrypted_password = encrypt(password, domain_home)
cmo.setKeyStorePassPhraseEncrypted(encrypted_password)
save()
activate()
disconnect()
Of course you would need to replace PATH TO DOMAINS FOLDER and WLS PASSWORD with proper values for you environment.