Credential Vault and Credential Service
Credential Service
The Credential Service contains objects that handle Basic Authentication, LTPA Token authentication, and simple form-based user ID/password login challenges. Credentials can take their input identity from the portlet configuration or from the Credential Vault Service. Portlet writers can use the Credential Vault Service to retrieve credentials from the Credential Vault. Credential Vault Service objects can also be used to pass Tivoli Access Manager or SiteMinder single signon tokens to the back-end application in the appropriate headers.
Credential Vault
The Credential Vault is a portal service that helps portlets and portal users manage multiple identities. The Credential Vault stores credentials that allow portlets to log in to applications outside the portal realm on behalf of the user. WebSphere Portal provides one simple database vault implementation for mappings to secrets for other enterprise applications.
By default, the Credential Vault contains an administrator-managed vault segment and a user-managed vault segment. Administrator-managed vaults allow users to update mappings; however, users cannot add new applications to this vault. The user-managed vault segment allows users to add application definitions, such as a POP 3 mail account, under the user vault and store a mapping there.
By default, the vault uses an encryption plug-in that encodes the passwords in Base 64.
You can plug in additional administrator-managed vaults by writing a custom vault adapter. Plugged-in vaults can be managed only by an administrator.
- Edit...
<wp_root>/shared/app/config/services/VaultService.properties...to specify Vault Adapter Implementations.
- Restart WebSphere Portal.
- Use the Credential Vault portlet to add a Vault Segment to the vault. See the Credential Vault portlet help for more information.
WebSphere Portal also supports the storage and retrieval of credentials from other vault services, such as Tivoli Access Manager. WebSphere Portal ships a Credential Vault adapter for Tivoli Access Manager. This plug-in works on AIX, Solaris, and Windows.
See also
- Configure vault adapter for Tivoli Access Manager
- Portlet authentication
- Developing portlets
- Single signon
- Credential Vault and Credential Service
- Configure Credential Vault adapter for Tivoli Access Manager
- Portlet Credential Section.
- Change passwords
- Reference: Portal administration portlets
- Configuration task reference
- Configure Tivoli Access Manager for authentication, authorization, and the Credential Vault
- Notes and Domino V5.1
- Security
- Troubleshooting LDAP and security
- Performing multitask migration
- Common Mail
- Deploying your portal overview
- Verifying the migration tasks
- XML configuration interface: reference
- Portal service configuration
- Removing Tivoli Access Manager from the WebSphere Portal environment
- Specifying authentication options
- Performing multitask migration
- htmltoc.html
- Reference: Sample XML configuration files
- Configuration properties reference
- Single signon
- Set up your environment for ReleaseBuilder
- Rendering Portlet Best Practice.
- IBM Portlet Builder
- IBM Microsoft Exchange Portlet Application
- IBM Microsoft Exchange Portlet Application
WebSphere is a trademark of the IBM Corporation in the United States, other countries, or both.
IBM is a trademark of the IBM Corporation in the United States, other countries, or both.
Tivoli is a trademark of the IBM Corporation in the United States, other countries, or both.