If you want to do minimal configuration, use the configuration datastore on Administration Console to store the secrets. You can use this option without changes, but is recommended only for use in small Access Manager environments. To increase the security of the secrets, NetIQ recommends that you change the default security options. When you use the configuration datastore of Administration Console as the secret store, the nidswsfss attribute of the nidsLibertyUserProfile object is used to store the secrets.
IMPORTANT:Using this option adds additional load on Administration Console and introduces login delays compared to other options. Therefore, it is recommended to use this option wisely.
Click Devices > Identity Servers > Edit > Liberty > Web Service Provider.
Click Credential Profile.
Scroll to the Local Storage of Secrets section and configure the following security options:
Encryption Password Hash Key: (Required) Specify the password that you want to use as a seed to create the encryption algorithm. To increase the security of the secrets, we recommend that you change the default password to a unique alphanumeric value.
IMPORTANT:Before using Access Manager to store and encrypt secrets, ensure that you choose your Preferred Encryption Method and change the default Encryption Password Hash Key value. If any of these options is changed after any secrets are stored, Access Manager will not be able to retrieve the secrets.
Preferred Encryption Method: Specify the preferred encryption method. Select the method that complies with your security model:
Password Based Encryption With MD5 and DES: MD5 is an algorithm that is used to verify data integrity. Data Encryption Standard (DES) is a widely used method of data encryption that uses a private key.
DES: Data Encryption Standard (DES) is a widely used method of data encryption that uses a private key. Like other private key cryptographic methods, both the sender and the receiver must know and use the same private key.
Triple DES: A variant of DES in which data is encrypted three times with standard DES, using two different keys.
Extended Schema User Store References: Do not specify a user store reference. When this option contains no values, the configuration datastore is used to store the secrets.
Click OK.
Update Identity Server.
To use the secret store to store policy secrets, see Creating and Managing Shared Secrets.