Table of Contents
Advertisement
Determining a Strategy for Unlocking the SecretStore
When an administrator resets a user's password, secrets written to the Novell SecretStore with an
enhanced security flag become locked. The Identity Server does not write the secrets that it creates
with this flag, but other applications might:
If Access Manager is not sharing secrets with other applications, the secrets it is using are never
locked, and you do not need to configure Access Manager to unlock secrets.
If Access Manager is sharing secrets with other applications and these application are using the
security flag that locks secrets when a user's password is reset, you need to configure Access
Manager so that users can unlock their secrets.
If you want users to receive a prompt for a passphrase when secrets are locked, complete the
following configuration steps:
1 Require all users to set up a passphrase (also called the Master Password).
Access Manager uses the SecretStore Master Password as the pass phrase to unlock the secrets.
If the user has not set a passphrase before the SecretStore is locked, this feature of Access
Manager cannot unlock the SecretStore. If it is necessary to unlock the SecretStore by using the
user's prior password, another tool must be used. See your SecretStore documentation.
2 Configure the Identity Server to perform the check:
2a In the Administration Console, click Devices > Identity Servers > Edit > Local > [User
Store Name].
2b Select the Enable Secret Store lock checking option.
2c Click OK twice, then update the Identity Server.
3 Make sure Web Services Framework is enabled:
3a In the Administration Console, click Devices > Identity Servers > Edit > Liberty > Web
Services Framework.
3b In the Framework General Settings section, make sure that Enable Framework is selected.
3c Click OK. If you made any changes, update the Identity Server.
4 Continue with
Policy Management
When the SecretStore is locked and the users log in, the users are first prompted for their login
credentials, then prompted for the passphrase that is used to unlock the SecretStore.
Troubleshooting the Storing of Secrets
"Secrets Aren't Stored in Novell SecretStore" on page 86
"Users Are Receiving Invalid Credential Messages" on page 88
"Secrets Aren't Stored in the LDAP Directory" on page 88
Secrets Aren't Stored in Novell SecretStore
When you use Novell SecretStore to store the secrets, the schema on the eDirectory server must be
extended, and specific SAML objects and certificates must be created.
To verify that the schema was extended and the objects were created on the eDirectory server:
1 Open an LDAP browser and connect to the eDirectory server.
86
Novell Access Manager 3.1 SP1 Identity Server Guide
"Creating and Managing Shared
Guide.
Secrets" in the
Novell Access Manager 3.1 SP1
Advertisement
Table of Contents
Troubleshooting
Related Manuals for Novell ACCESS MANAGER 3.1 SP1 - IDENTITY SERVER
Related Products for Novell ACCESS MANAGER 3.1 SP1 - IDENTITY SERVER
- NOVELL ACCESS MANAGER 3.1 SP2 - README 2010
- NOVELL ACCESS MANAGER 3.1 SP2 BETA 1 - SCENARIOS 2009
- NOVELL ACCESS MANAGER 3.1 SP1 - AGENT GUIDE
- NOVELL ACCESS MANAGER 3.1 SP2 - SSL VPN USER GUIDE 2010
- Novell Access Manager 3.1 SP 1
- Novell Access Manager 3.1 SP2 Beta 1
- Novell Access Manager 3.1 SP 2
- NOVELL CLIENT LOGIN EXTENSION 3.7 - ADMINISTRATION
- NOVELL IDENTITY ASSURANCE SOLUTION 3.0.2 - ADMINISTRATION
- NOVELL IDENTITY MANAGER 3.6.1 - STAGING BEST PRACTICES GUIDE 2010
- NOVELL IDENTITY MANAGER 3.6.1 - NULL SERVICE AND LOOPBACK SERVICE DRIVERS
- NOVELL IDENTITY MANAGER 3.6.1 - JOBS GUIDE
- NOVELL IDENTITY MANAGER 3.6.1 - TASK SERVICE DRIVER
- NOVELL IFOLDER 3 - ADMINISTRATION
- NOVELL POLICIES IN IMANAGER 3.6.1 - 06-05-2009
- NOVELL POLICY IN DESIGNER 3.5 - 09-18-2009