SECURING


Using a credential store to share credentials
In this release, the on-premises Domino® server can use a credential store application (credstore.nsf). The credential store is a secure repository for document encryption keys and other tokens necessary for Notes® client users to grant access to applications that use the OAuth (open authorization) protocol. OAuth allows user credentials to be shared with compliant applications so that users avoid extra password prompts.

About this task

A credential store allows Notes users to authorize a Domino server application which can access their resource data on an OAuth-compliant Web site without additional password prompts.In addition, you can centrally store OAuth consumer keys and secret information without requiring any insecure distribution of document encryption keys.

After you have created the credential store, you use it to for central storage of the consumer key and secret that you create whenever you configure a Domino server application to access the Web using the OAuth protocol, as well as the access token generated when Notes or iNotes® user authorizes the Domino application for access to his or her data on an OAuth-compliant Web site.

Note: A credential store can also benefit iNotes client users. iNotes users accessing their mail are protected from cross-site referral forgeries across a cluster with additional password prompts. For more information, search the Notes and Domino wiki for the documentation on iNotes administration.

Procedure

Perform the tasks in the following procedure.