How credentail Vaults works

The credential vault is a portlet service that allows users/portlets to store credentials, that portlet can retrieve for logging into back end application

There are two kinds of Credentials; Active and Passive. Active Credentials allow you to establish connections via Basic Authentication, Lightweight Third Party Authentication (LTPA) token authentication or simple form-based user ID/password login challenges. Passive Credentials allow the retrieval of stored secret data such as, but not limited to, user ID and password or certificates
Photobucket

WPS provides one simple database vault implementation. By default the Credential vault is divided into two parts

  1. Administrator managed vault segment: This information is stored in release database. The administer managed vault segment is divided into slots(Each slot holds one credential i.e. user name and password pair). Each slot allows each user to store different password. ONly administrators can create slot in this segment

  2. User-managed vault segment. This information is stored in customization database. This segment is also divided into slots with difference that only one user can store one credential per slot. Portlets(acting on behalf of a portal user) can create in user slot in this segment.


Irrespective of how the slot is managed portlets can retrieve credentials from it.

WebSphere Portal’s Credential Vault defines four types of credential slots:

  1. Vault Slots in administrator-managed vault segments:

    • A system slot stores system credentials where the actual secret is shared among all users and portlets. It is a shared slot that belongs to an administrative segment.

    • An administrative slot allows each user to store a secret for an administrator-defined resource (for example, Lotus Notes). It is an unshared slot that belongs to anadministrative segment.



  2. Vault Slots in user-managed vault segments:

    • A shared user slot stores user credentials that are shared among the user's portlets. It is a shared slot that belongs to the user segment.

    • A portlet private slot stores user credentials that are not shared among the user's portlets. It is an unshared slot that belongs to the user segment.



1 comment:

Josey said...

Excellent Explanation. One question, at the user level, will user needs to store userid/password manually or upon authentication, it does it automatically?