Novell ACCESS MANAGER 3.1 SP2 - IDENTITY SERVER GUIDE 2010 Manual page 113

 Triple DES: A variant of DES in which data is encrypted three times with standard DES,
using two different keys.
4 To specify where to store secret data, click New under Extended Schema User Store References
and fill in the following:
User Store: Select the user store where you want secret store enabled.
Attribute Name: Specify the LDAP attribute that you have created to store the secrets on the
selected user store.
5 Click OK twice.
6 On the Identity Servers page, update the Identity Server.
7 To create policies that use the stored secrets, see
the Novell Access Manager 3.1 SP2 Policy
For troubleshooting information, see
Configuring an eDirectory User Store to Use SecretStore
For Access Manager to use Novell SecretStore, the user store must be eDirectory and Novell
SecretStore must be installed there. When configuring this user store for secrets, Access Manager
extends the eDirectory schema for an NMAS method. This method converts authentication
credentials to a form understood by eDirectory. For example, Access Manager supports smart card
and token authentications, and these authentication credentials must be converted into the username
and password credentials that eDirectory requires. This allows the Identity Server to authenticate as
that user and access the user's secrets. Without this NMAS method, the Identity Server is denied
access to the user's secrets.
To use a remote SecretStore, your network environment must conform to the following
requirements:
 The eDirectory server must have Novell SecretStore installed.
When you configure a user store to use Novell SecretStore, the admin user that you have

configured for the user store must have sufficient rights to extend the schema on the eDirectory
server, to install the SAML NMAS method, and set up the required certificates and objects. For
more information on the rights required, see
User Store," on page
 The user store must be configured to use secure connections (click Access Manager > Identity
Servers > Edit > Local > User Stores > [User Store Name]. In the Server replicas section,
ensure that the Port is 636 and that Use SSL is enabled. If they aren't, click the name of the
replica and reconfigure it.
 If you have enabled a firewall between the Administration Console and the user store, and
between the Identity Server and the user store, make sure that both LDAP ports (389 and 636)
and the NCP port (524) are opened.
If you are going to configure Access Manager to use secrets that are used by other applications,

you need to plan a configuration that allows the user to unlock a locked SecretStore. See
"Determining a Strategy for Unlocking the SecretStore" on page
To configure the user store:
1 In the Administration Console, click Devices > Identity Servers > Edit > Local.
2 Click the name of your user store.
Guide.
"Troubleshooting the Storing of Secrets" on page
Section 3.1.3, "Configuring an Admin User for the
109.
"Creating and Managing Shared
115.
Configuring Local Authentication 113
Secrets" in
115.