On the Credential Profile Details page, you can specify whether this profile is displayed for end users, and determine how you control and store encrypted secrets. You can store and access secrets locally, on remote eDirectory servers that are running Novell SecretStore, or on a user store that has been configured with a custom attribute for secrets.
For more information about storing encrypted secrets, see the following:
For information about configuring secrets, see Configuring a User Store for Secrets.
For information about Novell SecretStore, see the Novell SecretStore Administration Guide.
For information about creating shared secrets for Form Fill and Identity Injection policies, see Creating and Managing Shared Secrets.
To configure the Credential Profile:
Click Devices > Identity Servers > Edit > Liberty > Web Service Providers.
Click Credential Profile.
Specify the following details:
Display name: The name you want to display for the web service.
Have Discovery Encrypt This Service’s Resource Ids: Specify whether the Discovery Service encrypts the resource IDs. A resource ID is an identifier used by web services to identify a user. The Discovery Service returns a list of resource IDs when a trusted service provider queries for the services owned by a given user. The Discovery Service has the option of encrypting the resource ID or sending it unencrypted. Encrypting resource IDs is disabled by default.
Under Credential Profile Settings, select Allow End Users to See Credential Profile if necessary.
This enables to display the Credential Profile in the Access Manager User Portal. Profiles are viewed on the My Profile page, where users can modify their profiles.
Specify how you want to control and store secrets:
To locally control and store secrets, configure the following fields:
Encryption Password Hash Key: (Required) Specify the password that you want to use as a seed to create the encryption algorithm. To increase the security of the secrets, ensure that you change the default password to a unique alphanumeric value.
Preferred Encryption Method: Specify the preferred encryption method. Select the method that complies with your security model:
Password Based Encryption With MD5 and DES: MD5 is an algorithm that is used to verify data integrity. Data Encryption Standard (DES) is a widely used method of data encryption that uses a private key.
DES: Data Encryption Standard (DES) is a widely used method of data encryption that uses a private key. Like other private key cryptographic methods, both the sender and the receiver must know and use the same private key.
Triple DES: A variant of DES in which data is encrypted three times with standard DES by using two different keys.
Specify where to store secret data. (For information about setting up a user store for secret store, see Configuring a User Store for Secrets.)
To store secrets in the configuration database, do not configure the list in Extended Schema User Store References. You only need to configure the fields in Step 5.a.
To store the secrets in your LDAP user store, click New in Extended Schema User Store References and configure the following fields:
User Store: Select a user store where secret data is stored.
Attribute Name: Specify the LDAP attribute of the User object that can be used to store the secrets. When a user authenticates by using the user store specified here, the secret data is stored in an XML document of the specified attribute of the user object. This attribute must be a single-valued case ignore string that you have defined and assigned to the user object in the schema.
NOTE:Do not use this LDAP attribute in Policy configuration as shared secrets. Instead you create the shared secrets attributes. The Shared secret attributes are populated in the configured LDAP attribute, and are used by policy for mapping. For more information about how to create shared secret, see Form Fill Policies.
To use Novell SecretStore to remotely store secrets, click New under Novell Secret Store User Store References.
Click the user store that you have configured for SecretStore.
Secure LDAP must be enabled between the user store and Identity Server to add this user store reference.
Click OK > OK.
Update Identity Server.