On the Credential Profile Details page, you can specify whether this profile is displayed for end users, and determine how you control and store encrypted secrets. You can store and access secrets locally, on remote eDirectory™ servers that are running Novell® SecretStore®, or on a user store that has been configured with a custom attribute for secrets.
For more information about storing encrypted secrets, see the following:
For information on how to configure Access Manager for secrets, see Section 8.1.4, Configuring a User Store for Secrets.
For general information about Novell SecretStore, see the Novell SecretStore Administration Guide.
For information about creating shared secrets for Form Fill and Identity Injection policies, see Section 30.4, Creating and Managing Shared Secrets.
To configure the Credential Profile:
In the Administration Console, click Edit > .
> > >Click
.On the Credential Profile Details page, fill in the following fields as necessary:
Display name: The name you want to display for the Web service.
Have Discovery Encrypt This Service’s Resource Ids: Specifies whether the Discovery Service encrypts resource IDs. A resource ID is an identifier used by Web services to identify a user. The Discovery Service returns a list of resource IDs when a trusted service provider queries for the services owned by a given user. The Discovery Service has the option of encrypting the resource ID or sending it unencrypted. Encrypting resource IDs is disabled by default.
Under
, enable the following option if necessary:Allow End Users to See Credential Profile: Specifies whether to display or hide the Credential Profile in the Access Manager User Portal. Profiles are viewed on the My Profile page, where the user can modify his or her profile.
Specify how you want to control and store secrets:
To locally control and store secrets, configure the following fields:
Encryption Password Hash Key: (Required) Specifies the password that you want to use as a seed to create the encryption algorithm. To increase the security of the secrets, we recommend that you change the default password to a unique alphanumeric value.
Preferred Encryption Method: Specify the preferred encryption method. Select the method that complies with your security model:
Password Based Encryption With MD5 and DES: MD5 is an algorithm that is used to verify data integrity. Data Encryption Standard (DES) is a widely used method of data encryption using a private key.
DES: Data Encryption Standard (DES) is a widely used method of data encryption using a private key. Like other private key cryptographic methods, both the sender and the receiver must know and use the same private key.
Triple DES: A variant of DES in which data is encrypted three times with standard DES using two different keys.
Specify where to store secret data. (For more information about setting up a user store for secret store, see Section 8.1.4, Configuring a User Store for Secrets.)
To have the secrets stored in the configuration database, do not configure the list in the Step 5.a.
section. You only need to configure the fields inTo store the secrets in your LDAP user store, click
in and configure the following fields:User Store: Select a user store where secret data is stored.
Attribute Name: Specify the LDAP attribute of the User object that can be used to store the secrets. When a user authenticates using the user store specified here, the secret data is stored in an XML document of the specified attribute of the user object. This attribute should be a single-valued case ignore string that you have defined and assigned to the user object in the schema
To use Novell SecretStore to remotely store secrets, click
underClick the user store that you have configured for SecretStore.
Secure LDAP must be enabled between the user store and the Identity Server in order to add this user store reference.
Click
.Click
.On the Identity Server page, update the Identity Server.