What modes can SecureLogin run in and on which Directories can it store data?

  • 7940212
  • 19-Aug-2009
  • 15-Jan-2014

Environment

SecureLogin
SecureLogin SSO
All Versions

Situation

Question

What modes can SecureLogin run in and on which Directories can it store data such as application usernames and passwords? Does it have to use SecretStore in a Novell environment?

Resolution

Answer

One of the real strengths of SecureLogin is that you choose the location of the encrypted SSO data store (contains SSO data such as application usernames and passwords, SSO enabled applications and settings etc.). SecureLogin fully integrates with your existing infrastructure, whether that be Microsoft Active Directory, Novell eDirectory, an LDAP v3 compliant Directory or even NT4.0.

One of the advantages of leveraging your existing infrastructure is that you don’t have to setup new servers or have separate backup routines and security policies to run SecureLogin. The data is encrypted and stored in your corporate Directory. No two organizations in the world are the same so we don’t try to tell you which Directory is best for your environment or predict where you will be in 5-10 years time. If you move Directories, we move with you.

You can run SecureLogin in the following modes;

  • MAD/Microsoft Active Directory - SecureLogin data is encrypted and stored in Active Directory
  • NDS/Novell eDirectory - SecureLogin data encrypted and stored in NDS or eDirectory
  • SecretStore - SecureLogin data is encrypted and stored in SecretStore (requires NICI, SecretStore and eDirectory etc.)
  • Dummy/Standalone - SecureLogin data is encrypted and stored on local hard disk (for demo purposes only - some features aren’t available in Standalone mode)
  • NT 4.0 - SecureLogin data is encrypted and stored in the file system of the NT 4.0 server

Most customers that use a Novell Directory for network logon use the same Directory for the SecureLogin data store. Most customers that use Microsoft Active Directory for network logon use the same Directory for the SecureLogin data store.

Some customers initially logon to either a Novell or Microsoft network but use an LDAP compliant Directory as the data store. SecureLogin is extremely flexible and customizable and you can choose the mode to meet your requirements.

There is no absolute requirement to use SecretStore as your SecureLogin data store in a Novell environment but you may find it of business benefit. If you don’t install SecretStore, just like using Microsoft Active Directory mode without SecretStore, your SecureLogin data is encrypted and stored in the Directory schema (see the knowledgebase article on the schema extensions for more information). Your secrets are encrypted and you still have protection from administrators trying to view your secrets but with SecretStore, you have additional NICI encryption and the ability to share secrets with other Novell applications via a SecretStore API. This may or may not benefit you.

In SecretStore mode, you must also configure NICI (see www.novell.com for information on Novell technologies) which offers an additional level of encryption and protection between the client and the server. You also need to configure SecretStore on servers. SecretStore ""secrets"" such as usernames and passwords can be shared with other Novell applications such as iChain.

To ensure the SSO project is successfully we strongly recommend contacting ActivIdentity Professional Services for recommendations based on your requirements and environment.