Credential Store - Reflection for the Web
The credential store is a database of usernames and passwords that have been used to log on to a host. Reflection for the Web uses these credentials in conjunction with login macros to automatically log on to host sessions. The Credential Store requires Windows on the client machine.
Enable credential store
Check Enable credential store to save new credentials or to read existing ones.
Select form of identity
By default, users are represented in the credential store depending on how they authenticate, such as with a Windows domain and username.
Check Use LDAP distinguished name to represent users by their LDAP Distinguished Name. This option requires LDAP authorization to be enabled in Configure Authentication.
Regenerate encryption key
When you enable the credential store, you should back up the key used to encrypt usernames and passwords in the credential store.
To back up the key, copy [MSSData]/PropertyDS.xml
to a secure location. Make a new backup of PropertyDS.xml
whenever you change settings in the Administrative Console so that these settings will not be overwritten when you restore the file.
Note
You need administrator privileges to open or edit PropertyDS.xml.
When you click REGENERATE KEY:
A new key is generated to either replace an existing key or to add a key when the credential store is empty. When replacing an existing key, the data is decrypted using the old key and re-encrypted using the new key. Subsequent encryption uses the new key.
Note
Re-encrypting the credential store with a new key could take quite a bit of time. During the re-encryption, nothing can be written to or read from the credential store.
You cannot regenerate a key if the existing key is corrupted or maliciously altered. You must first recover the old key from a backup or delete all credentials before generating a new key.
Recovering an encryption key
To recover the old encryption key from the backup, edit PropertyDS.xml
(requires administrator privileges):
-
Open the current
PropertyDS.xml
file and the backup copy in an editor. -
Copy the values for the following properties from the backup to the current version of PropertyDS.xml:
CS.EncKey
CS.EncAlgorithm
CS.EncKeyLength
CS.EncIV
-
Save
PropertyDS.xml
. -
Restart the Management and Security Server.
Delete selected credentials
When the credential store is enabled, new credentials are added when users run sessions configured with single sign-on macros. As time goes by, you may wish to remove older credentials. Use this option to delete stored user credentials based on the last-used date.
Note
Once credentials are deleted, they cannot be recovered.
To delete credentials:
-
Select one or more USERS.
-
Sort by CREDENTIAL LAST USED.
-
Check the credentials you want to delete, and click DELETE.