Skip to end of metadata
Go to start of metadata

The Credential Manager is a Taverna utility that manages your credentials and certificates of services you wish to invoke. It can store your username and password pairs and private key certificates securely and remembers which credentials you want to use for which services. This is convenient, as you do not have to enter them every time you wish to invoke a secure service from a workflow. In this respect, the Credential Manager is similar to Password Manager in Firefox or Internet Explorer, or Keychain (Apple’s password management system in Mac OS X).

The Credential Manager also keeps certificates from trusted services and trusted CAs (that issue certificates to services). This is so that Taverna can open HTTPS connections to a desired secure service when executing a workflow, similar to Web browsers.

Java Cryptography Policy Warning

The first thing that happens when you try to access a secure resource is a pop up reminding you to install the Strong Java Cryptography Policy. Please make sure you do install it as security features in Taverna will not function properly.

If you do not want to be warned about this again - make sure you tick the box in the dialog.

Masted Password for the Credential Manager

Every time Taverna tries to access a secure service (e.g. one that requires HTTPS or you to authenticate), it will contact the Credential Manager to see if it can provide the necessary information (e.g. a trusted certificate of the service provider or your username and password to authenticate to the service). Every time Taverna has to access the Credential Manager, it will always ask you to enter the master password for the Credential Manager to authorize the access. If the Credential Manager does not have a master password set yet (i.e. you have never used the Credential Manager before), then it will prompt you to set one. Otherwise, it will just ask you to confirm your master password.

Try and remember your master password - it is user to protect all your other credentials. If you forget then you will have to delete the security directory in the Taverna home directory and effectively wipe out the Credential Manager's content and start over.

Credentials and Certificates in the Credential Manager

To see what is stored inside the Credential Manager:

  1. In the top menu, select Advanced -> Credential Manager.

The Credential Manager contains your:

  • username and passwords
  • user certificates
  • user proxy certificates
  • trusted CA and service certificates

Initially, the Credential Manager does not contain any credentials - usernames and passwords or user certificates - since you have not added any yet. However, it does initially contain a certain number of trusted certificates (found under Trusted Certificates tab). These are standard default trusted Certification Authorities' (CAs') certificates that have been imported from Java. It enables many HTTPS-protected services that have certificates signed by one of the trusted CAs to be marked as trusted as well so Taverna will not prompt you to confirm your trust in such a service. However, if you try to access an HTTPS-protected service that has not been marked as trusted - Credential Managed will recognize that it is a new certificate and will ask if you want to accept or reject it.

If you reject it then the workflow will still attempt to run but will fail.

Authenticating to Services

Telling Taverna that a service requires authentication

In some cases, e.g. when you are simply trying to fetch a page which requires HTTP Basic Authentication, Taverna will detect that the service requires authentication and prompt you for a username and password. You do not have to configure anything for this service and it will all work automatically.

In other cases, most notably for WSDL services, you will have to explicitly tell Taverna what kind of authentication the service provider expects. See the Configuring a WSDL Service section for more. 

Username and password for the service

If the password for a secure service is not currently stored in the Credential Manager and you try to run the workflow with such a service, Taverna will prompt you for username and password. It is up to you whether you also want to store them in the Credential Manager so you do not get prompted for them next time you run the workflow.

Labels
  • None