Credential Vault and Credential Service

 

+
Search Tips   |   Advanced Search


 

Credential Service

The Credential Service contains objects that handle Basic Authentication, LTPA Token authentication, and simple form-based user ID/password login challenges. Credentials can take their input identity from the portlet configuration or from the Credential Vault Service. Portlet writers can use the Credential Vault Service to retrieve credentials from the Credential Vault. Credential Vault Service objects can also be used to pass Tivoli Access Manager or SiteMinder single signon tokens to the back-end application in the appropriate headers.

 

Credential Vault

The Credential Vault is a portal service that helps portlets and portal users manage multiple identities. The Credential Vault stores credentials that allow portlets to log in to applications outside the portal realm on behalf of the user. WebSphere Portal provides one simple database vault implementation for mappings to secrets for other enterprise applications.

By default, the Credential Vault contains an administrator-managed vault segment and a user-managed vault segment. Administrator-managed vaults allow users to update mappings; however, users cannot add new applications to this vault. The user-managed vault segment allows users to add application definitions, such as a POP 3 mail account, under the user vault and store a mapping there.

By default, the vault uses an encryption plug-in that encodes the passwords in Base 64.

You can plug in additional administrator-managed vaults by writing a custom vault adapter. Plugged-in vaults can be managed only by an administrator.

  1. Edit...

    <wp_root>/shared/app/config/services/VaultService.properties

    ...to specify Vault Adapter Implementations.

  2. Restart WebSphere Portal.

  3. Use the Credential Vault portlet to add a Vault Segment to the vault. See the Credential Vault portlet help for more information.

WebSphere Portal also supports the storage and retrieval of credentials from other vault services, such as Tivoli Access Manager. WebSphere Portal ships a Credential Vault adapter for Tivoli Access Manager. This plug-in works on AIX, Solaris, and Windows.

 

See also

 

WebSphere is a trademark of the IBM Corporation in the United States, other countries, or both.

 

IBM is a trademark of the IBM Corporation in the United States, other countries, or both.

 

Tivoli is a trademark of the IBM Corporation in the United States, other countries, or both.