The Credential Manager is a Taverna utility that manages your credentials and certificates of services you wish to invoke. It can store your username and password pairs and private key certificates securely and remembers which credentials you want to use for which services. This is convenient, as you do not have to enter them every time you wish to invoke a secure service from a workflow. In this respect, the Credential Manager is similar to Password Manager in Firefox or Internet Explorer, or Keychain (Apple’s password management system in Mac OS X).
The Credential Manager also keeps certificates from trusted services and trusted CAs (that issue certificates to services). This is so that Taverna can open HTTPS connections to a secure services and addresses when executing a workflow, similar to Web browser padlocks.
Java Cryptography Policy Warning
The first thing that happens when you try to access a secure resource is a pop up reminding you to install the Strong Java Cryptography Policy. Please make sure you do install it as security features in Taverna will not function properly, including the Credential Manager, storing username/passwords for myExperiment and REST services, HTTPS certificates, etc.
If you do not want to be warned about this again - make sure you tick the box in the dialog.
If you get these errors:
Even if you believe you are using the correct passphrase, then first:
Masted Password for the Credential Manager
Every time Taverna tries to access a secure service (e.g. one that requires HTTPS or you to authenticate), it will contact the Credential Manager to see if it can provide the necessary information (e.g. a trusted certificate of the service provider or your username and password to authenticate to the service). Every time Taverna has to access the Credential Manager, it will always ask you to enter the master password for the Credential Manager to authorize the access. If the Credential Manager does not have a master password set yet (i.e. you have never used the Credential Manager before), then it will prompt you to set one. Otherwise, it will just ask you to confirm your master password.
Try and remember your master password - it is used to protect all your other credentials. If you forget then you will have to delete the
If you did not install the JCE Java Cryptography Policy (see above), then Java will not allow a master password that is longer than 7 character. A workaround, which is obviously not particularly secure, is to use a 6-character master password. This might be useful if Taverna needs the Credential Manager to manage HTTPS connections, but you are not storing any username/passwords.
If you have not installed JCE, but set a master password that is too long, the credential manager will later fail to open. To start again, (loosing any stored passwords), delete the
Credentials and Certificates in the Credential Manager
To see what is stored inside the Credential Manager:
The Credential Manager contains your:
- username and passwords
- user certificates
- user proxy certificates
- trusted CA and service certificates
Initially, the Credential Manager does not contain any credentials - usernames and passwords or user certificates - since you have not added any yet. However, it does initially contain a certain number of trusted certificates (found under Trusted Certificates tab). These are standard default trusted Certification Authorities' (CAs') certificates that have been imported from Java. It enables many HTTPS-protected services that have certificates signed by one of the trusted CAs to be marked as trusted as well so Taverna will not prompt you to confirm your trust in such a service. However, if you try to access an HTTPS-protected service that has not been marked as trusted - Credential Managed will recognize that it is a new certificate and will ask if you want to accept or reject it.
If you reject it then the workflow will still attempt to run but will fail.
Authenticating to Services
Telling Taverna that a service requires authentication
In some cases, e.g. when you are simply trying to fetch a page which requires HTTP Basic Authentication, Taverna will detect that the service requires authentication and prompt you for a username and password. You do not have to configure anything for this service and it will all work automatically.
Username and password for the service
If the password for a secure service is not currently stored in the Credential Manager and you try to run the workflow with such a service, Taverna will prompt you for username and password. It is up to you whether you also want to store them in the Credential Manager so you do not get prompted for them next time you run the workflow.