WebSphere

 

Portal Express, Version 6.0
Operating systems: i5/OS, Linux, Windows

 

Credential Vault

The Credential Vault is a portlet service that helps portlets and users manage multiple identities. The Credential Vault stores credentials that allow portlets to log in to applications outside the realm on behalf of the user. There are two kinds of Credentials; Active and Passive. Active Credentials allow you to establish connections via Basic Authentication, Lightweight Third Party Authentication (LTPA) token authentication or simple form-based user ID/password login challenges. Passive Credentials allow the retrieval of stored secret data such as, but not limited to, user ID and password or certificates.

IBM® WebSphere® Portal Express provides one simple database vault implementation for mappings to secrets for other enterprise applications. By default, the Credential Vault contains an administrator-managed vault segment and a user-managed vault segment. Administrator-managed vaults allow users to update mappings; however, users cannot add new applications to this vault. The user-managed vault segment allows users to add application definitions, such as a POP3 mail account, under the user vault and store a mapping there. By default, the vault uses an encryption plugin that encodes the passwords in Base 64.

WebSphere Portal Express initially provides two vault adapter configurations that write to the database:

You can plug in additional administrator-managed vaults by writing a custom vault adapter. Only an administrator can manage plugged-in vaults.

  1. Add your Vault Adapter Implementations to the Credential Vault Service, as described in Setting configuration properties.

  2. Restart WebSphere Portal Express.

  3. Use the Credential Vault portlet or the XML Configuration to add a Vault Segment to the vault. See the Credential Vault portlet help for more information.

For information on supported credential types and developing secure portlets, see Portlet authentication.

 

Parent topic:

Single sign-on