Novell ACCESS MANAGER 3.1 SP2 - IDENTITY SERVER GUIDE 2010 Manual page 115

11 Continue with one of the following:
If other applications are using the secret store, you need to determine whether Access

Manager users need the option to unlock the secret store. See
Unlocking the SecretStore" on page
To create policies that use the stored secrets, see

in the Novell Access Manager 3.1 SP2 Policy
For troubleshooting information, see

page 115.
Determining a Strategy for Unlocking the SecretStore
When an administrator resets a user's password, secrets written to the Novell SecretStore with an
enhanced security flag become locked. The Identity Server does not write the secrets that it creates
with this flag, but other applications might:
If Access Manager is not sharing secrets with other applications, the secrets it is using are never

locked, and you do not need to configure Access Manager to unlock secrets.
 If Access Manager is sharing secrets with other applications and these application are using the
security flag that locks secrets when a user's password is reset, you need to configure Access
Manager so that users can unlock their secrets.
If you want users to receive a prompt for a passphrase when secrets are locked, complete the
following configuration steps:
1 Require all users to set up a passphrase (also called the Master Password).
Access Manager uses the SecretStore Master Password as the passphrase to unlock the secrets.
If the user has not set a passphrase before the SecretStore is locked, this feature of Access
Manager cannot unlock the SecretStore. If it is necessary to unlock the SecretStore by using the
user's prior password, another tool must be used. See your SecretStore documentation.
2 Configure the Identity Server to perform the check:
2a In the Administration Console, click Devices > Identity Servers > Edit > Local > [User
Store Name].
2b Select the Enable Secret Store lock checking option.
2c Click OK twice, then update the Identity Server.
3 Make sure Web Services Framework is enabled:
3a In the Administration Console, click Devices > Identity Servers > Edit > Liberty > Web
Services Framework.
3b In the Framework General Settings section, make sure that Enable Framework is selected.
3c Click OK. If you made any changes, update the Identity Server.
4 Continue with
"Creating and Managing Shared
Policy Guide.
When the SecretStore is locked and the users log in, the users are first prompted for their login
credentials, then prompted for the passphrase that is used to unlock the SecretStore.
Troubleshooting the Storing of Secrets
"Secrets Aren't Stored in Novell SecretStore" on page 116

115.
"Creating and Managing Shared
Guide.
"Troubleshooting the Storing of Secrets" on
Secrets" in the Novell Access Manager 3.1 SP2
"Determining a Strategy for
Secrets"
Configuring Local Authentication 115