Credential Vault
The Credential Vault service stores credentials that allow portlets to log in to applications outside the realm on behalf of the user.
Using Credential Vault, a portlet can retrieve a user's authentication identity and then pass the information to a backend application. The Credential Vault features the following two levels of sign-on:
- Active Credentials
- Establish connections through...
- Basic Authentication
- LTPA token authentication
- Form-based user ID and password challenges
The Credential Service encapsulates the single sign-on functionality for the portlet writer in an object.
- Passive Credentials
- Retrieve stored secret data such as user ID and password or certificates.
Requires portlet writers to manage their own connections and authentication to backend applications with User ID and password they retrieved from the Credential Vault.
Credential objects can also pass tokens for...
- IBM Tivoli Access Manager
- CA eTrust SiteMinder
Portal provides a database vault implementation for mappings to secrets for other enterprise applications. By default, the Credential Vault contains...
- Administrator-managed vault segment that allows users to update mappings; however, users cannot add new applications to this vault.
- User-managed vault segment that allows users to add application definitions, such as a POP3 mail account, under the user vault and store a mapping.
By default, the vault uses an encryption plug-in that encodes the passwords in Base 64.
WebSphere Portal initially provides two vault adapter configurations that write to the database:
- Default vault for administrator-managed vault segments that stores credentials in the release domain: default-release
- Default vault for user-managed vault segments that stores credentials in the customization domain: default-customization
Portal supports the storage and retrieval of credentials from other vault services, such as Tivoli Access Manager. WebSphere Portal ships a Credential Vault adapter for Tivoli Access Manager that works on the following operating systems:
- AIX
- Solaris
- Windows
Parent topic:
Security and authentication