Using Secret Attributes

Identity Manager displays attribute values in clear text on the Results pages, even when you have set the attribute for display with asterisks in an Edit form. To prevent attribute valued from being displayed in the cache, you can register the attribute as secret. Secret attribute values are not displayed in clear text in the browser cache, but these attributes are processed by Identity Manager just like any other attribute.

For example, a social security number is an attribute that administrators typically register as a secret attribute.

When rendering the results table, Identity Manager checks to determine whether any of the attributes are registered as secret, and displays the values of secret attributes with asterisks only.

To register a secret attribute, add that attribute to the System Configuration object as follows:

<Attribute name=’secretAttributes’>
   <List>
     <String>email</String>
     <String>myAttribute</String>
   </List>
</Attribute>