4.3 Sharing Secrets

Applications and software solutions can share secrets. For example, after you configure a Web site for SecureLogin, Novell Portal Services (NPS) can use the secrets in eDirectory to access that Web site.

In addition, when you change a password in either SecureLogin or NPS, the other software service recognizes and uses that changed password.

So that SecureLogin, NPS, and iChain® can share a secret for an application, provide a common name for that application. Then refer to that common name when configuring the application for SecureLogin, iChain, or an NPS gadget.

4.3.1 Example Configuration: Sharing Secrets with Novell Products

This example uses GroupWise® to explain how secrets are shared among SecureLogin, Portal Services, and iChain.

  1. Set up NPS to use SecretStore.

    Make sure that NICI 2.04 or later is installed on the workstation.

    Configure SecretStore as an NPS SecretStore provider, and configure shared secrets for gadget instances.

  2. Using the SecureLogin Wizard, set up groupwise.exe to use SecureLogin.

  3. Using NPS, set up GroupWise as a gadget:

    1. Refer to GroupWise by using the name that is already set up in SecureLogin.

      This name becomes the common name. NPS passes this parameter.

      For example, type


      The parameter is case sensitive. Make sure that the case matches the common name.

    2. For the Portal Services gadget, type the same key-value pair (for example, Username, Password) that was used in SecureLogin's configuration for GroupWise.

      NPS automatically uses only Username and Password for the keys in the credentials. These keys aren't case sensitive.

Scenario: Sharing a Secret. SecretStore and eDirectory are running on server DAir23. Portal Services is set up to use SecretStore and eDirectory on DAir23. SecureLogin was installed on Henri's workstation, using the Novell eDirectory with SecretStore option.

SecureLogin and a Portal Services gadget are set up to automatically grant users access to GroupWise. Both NSL and NPS use the same naming convention to refer to the shared secret for GroupWise. Because Henri has used GroupWise previously with SecureLogin, Henri's secrets for GroupWise are stored on an attribute in Henri's User object and in Henri's secret store.

Henri authenticates to the network. SecureLogin watches for events on Henri's desktop. Henri launches GroupWise, which returns a password dialog box. Because it has hooks into the system, SecureLogin recognizes the password dialog box and the application. SecureLogin automatically enters access credentials (username and password) for Henri. Henri uses GroupWise.

Both NSL and NPS use the same naming convention to refer to the shared secret. Also, both NSL and NPS specify the same credentials (for example, username and password).