Portal, Express Beta Version 6.1 Operating systems: i5/OS, Linux,Windows

Planning a Credential Vault

The Credential Vault is a service that stores credentials that allow portlets to log in to applications outside the realm on behalf of the user. It manages multiple identities for portlets and users.

Active Credentials

Active Credentials allow you to establish connections through Basic Authentication, Lightweight Third Party Authentication (LTPA) token authentication or simple form-based user ID and password challenges. The Service encapsulates the single sign-on functionality for the portlet writer in an object.

Passive Credentials

Passive Credentials retrieve stored secret data such as user ID and password or certificates. This option is more flexible but requires portlet writers to manage their own connections and authentication to backend applications with the credentials (User ID and password) they retrieved from the Credential Vault.

IBM WebSphere^® Portal Express provides one simple database vault implementation for mappings to secrets for other enterprise applications. By default, the Credential Vault contains an administrator-managed vault segment and a user-managed vault segment. Administrator-managed vaults allow users to update mappings; however, users cannot add new applications to this vault. The user-managed vault segment allows users to add application definitions, such as a POP3 mail account, under the user vault and store a mapping there. By default, the vault uses an encryption plugin that encodes the passwords in Base 64.

• A default vault for administrator-managed vault segments that stores credentials in the release domain: default-release
• And a default vault for user-managed vault segments that stores credentials in the customization domain: default-customization

• Windows