A shared secret is an object that holds name and value pairs for Form Fill and Identity Injection policies.
If your HTML form prompts the user for more than credential information, you need to create a shared secret to store the values.
If your Web server requires some name/value pairs to be injected and these are not available from the HTTP request, you need to create a shared secret to store these name/value pairs so that they can be injected into the header before it is sent to the Web server.
Access Manager supports the creation and use of secrets from the following locations:
In the local configuration store
In eDirectory user stores that are running Novell SecretStore
In a user store that has been configured with a custom attribute for secrets
For more information on configuring Access Manager to store secrets, see NetIQ Access Manager 3.1 SP5 Identity Server Guide.
This section describes the following topics:
The policy engine allows you to create shared secrets and name the attributes for the store as you are creating an Identity Injection or Form Fill policy. When you create the shared secret, we recommend that you name the shared secret after the application for which you are creating the policy. Each value requires a name, and we recommend that you use the same name for the value name as the Input Field Name on a Form Fill policy or for the header name on an Identity Injection policy. For example if your e-mail application requires the e-mail address for the name on the login form, you could set up the following Shared Secret values:
Input Field Name
Input Field Value
Shared Secret Name
Your applications, how you use them, and your personal preferences determine whether you create one shared secret and use it for all your applications or whether you create a shared secret for each application.
If the applications use some of the same secrets, you can use the same shared secret for these applications. In this case, give the shared secret a name that reflects all of the applications using it.
If an application does not use the same secrets as another application and you want the freedom to remove the application and its secrets without affecting other applications, you should create a separate shared secret for this application.
If you are using Novell SecretStore, the secret names specified in your Access Manager policies need to match the names you have already configured.
A local shared secret store does not contain any name/value pairs until you configure a Form Fill policy to add name/value pairs or enable the Edit > >option. This option allows the username and password to be stored in the local secret store. To set this option, click > >
You can create a shared secret as part of the process of creating a Form Fill or Identity Injection policy. You can also create a shared secret independent of a policy:
In the Administration Console, click> , then click > .
To create a new shared secret, clickin the section, and fill in the following fields:
Secret Name: Specify a display name for the shared secret.
Secret Entry Name. Specify an attribute name for a value you want to store.
The Identity Server creates and encrypts the object.
To create additional attributes to store values, click the secret name, click, specify a name, then click .
Before deleting a shared secret, you need to delete the policies that are using the shared secret or modify the policies to use a different shared secret. For information about deleting policies, see Section 1.3.3, Deleting Policies.
Both Form Fill and Identity Injection policies can use shared secrets. The following instructions explain how to modify an Identity Injection policy to use a new shared secret and then how to delete the old shared secret.
In the Administration Console, click> > .
Select thefield that uses the shared secret you want to delete. Click its name, then click .
Specify the name for a new shared secret, then click.
Click the name of the shared secret, select the new shared secret store, then click.
Specify the attribute name for this shared secret entry, then click.
Modify any otherfields to use the new shared secret. Create new attributes as needed.
To save the modifications to the policy, clicktwice, then .
To delete the old shared secret, click> > .
Select the name of the old shared secret and the attributes, then click.