> AquaLogic User Interaction Development Guide > About Pagelets and Portlets > About ALI Portlet Development > About ALI Portlet Security > Using the ALI Credential Vault

AquaLogic User Interaction Development Guide

     Previous Next  Open TOC in new window   View as PDF - New Window  Get Adobe Reader - New Window
Content starts here

Using the ALI Credential Vault

The credential vault (ALI 6.0 and above) provides a central repository that securely stores and manages all credentials. Portlets that need login information to access a back-end application can securely retrieve the appropriate user credentials from a central location. Users enter their credentials once in their account settings and have seamless access to every application they interact with throughout the portal session.

Credentials are sent in portlet headers, using RSA public key/private key encryption. The IDK ICredentialProvider interface allows portlets to access user credentials stored in the central credential vault.

To use the credential vault, there must be a Lockbox in the portal associated with the authentication source. To create or configure a Lockbox, go to portal administration and click Choose Utility > Credential Vault Manager. For details, see the portal online help. To configure the credential vault for use with your portlet, three steps are required:

  1. In the Remote Server Editor associated with the portlet, enter the Public Encryption Key.
  2. In the Web Service Editor on the Authentication Settings page, choose the appropriate Lockbox and set the Basic Authentication Settings to User's Lockbox Credentials.
  3. Provide the private key for RSA encryption in one of two ways:
    • Enter the private key in the RSAPrivateKey parameter in the IDK web.xml/Web.config file on the remote server.
    • Set the private key programmatically using the ICredentialProvider.setPrivateKey method as shown in the example below.
    If you do not enter a key, the credential vault will use Base64 encryption.
The IDK ICredentialProvider interface lets you retrieve the user name and password from portlet headers with a few lines of code.
Note: If the private key for RSA encryption is set in the web.xml/Web.config file, the setPrivateKey method is not required. The values in the configuration file override any value set through the setPrivateKey method.
Java
// get an ICredentialProvider instance from IPortletContext
IPortletContext portletContext = PortletContextFactory.createPortletContext(req, resp);
ICredentialProvider cProvider = CredentialManager.getProviderInstance(req);

// set the private key used to decrypt the password 
cProvider.setPrivateKey(rsaPrivateKeyString);

// get the username and password
String username = cProvider.getUsername();
String password = cProvider.getPassword();
.NET
// get an ICredentialProvider instance from IPortletContext
IPortletContext portletContext = PortletContextFactory.CreatePortletContext(req, resp);
ICredentialProvider cProvider = portletContext.GetCredentialProvider();

// set the private key used to decrypt the password
cProvider.SetPrivateKey(rsaPrivateKeyString);

// get the username and password
String username = cProvider.GetUsername();
String password = cProvider.GetPassword();
You can also use ICredentialProvider to access settings encrypted in RC2, AES and Base64 that are stored in the ALI database. For details, see Using IDK Encryption.
Parent topic: About ALI Portlet Security

  Back to Top      Previous Next