Domino AppDev Pack

1.0.11

Configure the Domino credential store

AppDev Pack components use the Domino credential store to store the credentials needed to make introspection calls to the IAM service. Introspection is the call that the Domino server makes to the IAM service to authenticate and retrieve the user details. When an application acts on behalf of a user it obtains an AccessToken and:

  • Proton makes introspection calls to the IAM service when it receives an AccessToken from an application using the domino-db Node.js module.
  • the Domino web server, through the use of a DSAPI filter, makes introspection calls to the IAM service when a HTTP request contains a bearer token.

Create the encryption key

A named encryption key (NEK) is stored in the Domino server's ID file. The Domino server uses this key to encrypt the documents in the credential store. Execute the following command on the Domino server console to create a NEK called mycredstorekey.

> keymgmt create nek mycredstorekey
12/10/2019 11:20:44.36 AM NEK > NEK mycredstorekey - Fingerprint 0681 4C0E C230 7CD1 3833 49DC 2ADD 7976 DE38 2577
NEK mycredstorekey created successfully
>

Make a record of the NEK Fingerprint to use to verify the key with the credential store.

Create the credential store database

The credential store is a special Domino database. Use the following command on the Domino server to create it on the Domino server. Provide the NEK created above for encrypting the data in this database. Verify the NEK Fingerprint in the command output.

> keymgmt create credstore mycredstorekey
Credential Store Name : IBM_CredStore\credstore.nsf
NEK Fingerprint : 0681 4C0E C230 7CD1 3833 49DC 2ADD 7976 DE38 2577
Credential Store created successfully. The credential store was NOT created in a cluster. If you wish to cluster the current server or move the credential store to another server, see the product documentation
Nonce Fingerprint : 7480 4100 55B5 A403 77EF CF7D 9AB0 0484 C45D 4B3E
>

Verify

Use the HCL Domino Administrator client to confirm that your Domino server has the credential store database as shown below:

setup-guide-aau-credstore

Act-as-User OverviewConfigure Proton as a resource provider