Credential Vault and Credential Service
Credential Service
The Credential Service contains objects that handle Basic Authentication, LTPA Token authentication, and simple form-based user ID/password login challenges. Credentials can take their input identity from the portlet configuration or from the Credential Vault Service. Portlet writers can use the Credential Vault Service to retrieve credentials from the Credential Vault. Credential Vault Service objects can also be used to pass Tivoli Access Manager or SiteMinder single signon tokens to the back-end application in the appropriate headers.
Credential Vault
The Credential Vault stores credentials that allow portlets to log in to applications outside the portal realm. By default, the Credential Vault contains an administrator-managed vault segment and a user-managed vault segment.
- Administrator-managed vaults allow users to update mappings; however, users cannot add new applications to this vault.
- User-managed vaults allows users to add application definitions, such as a POP 3 mail account, under the user vault and store a mapping there. By default, the vault uses an encryption plug-in that encodes the passwords in Base 64.
Additional administrator-managed vaults
You can plug in additional administrator-managed vaults by writing a custom vault adapter. Plugged-in vaults can be managed only by an administrator.
- Edit...
$WP_ROOT/shared/app/config/services/VaultServices.properties...and specify the Vault Adapter Implementations.- Restart WebSphere Portal.
- Use the Credential Vault portlet to add a Vault Segment to the vault.
WebSphere Portal ships a Credential Vault adapter for Tivoli Access Manager thats works on AIX, Solaris, and Windows.
See also