Skip to end of metadata
Go to start of metadata

See the documentation.

Video:

Using the Credential Manager and Secure Services demo on youtube

Taverna can be used to access all sorts of secure services, including services requiting HTTP Basic Authentication or WS-Security with username and passwords, and Web services behind HTTPS and using certificates. In this video, we will demonstrate accessing such services and the use of Taverna's Credential Manager to store username and passwords and certificates.

The first thing that happens when you try to access a secure resource is a pop up reminding you to install the Strong Java Cryptography Policy. There is a chance you already have it installed but should still do it just in case. A quick look in your Java lib/security directory should show the US_export_policy and local_policy. Since we cannot tell if these policy files refer to the strong or limited security policy (as they are named the same in both cases), make sure you back them up and then download the strong policy versions from the Java's Web site (link shown in the video) and copy them to this directory.

The first time you access the functionality of Credential Manager it does not have a master password set yet - it will prompt you to enter one. Try and remember it as if you forget then - you will have to delete the security directory in Taverna home directory.

When invoking a secure service as part of a workflow run, Taverna will first ask Credential Manager to provide username and password for it. If the username and password for this secure service is not currently stored in Credential Manager, it will prompt you for them. It is up to you whether you want Credential Manager to remember them or just make it a one time use. If you do not store them in Credential Manager, you will be prompted for them each time.

You can configure the type of security that a Web service uses by selecting the service in the Workflow Diagram or Workflow Explorer, choosing the Details tab and clicking on the Configure security button. You can also set the username and password for the service here or enter it in Credential Manager directly.

Credential Manager can be accessed through the Advanced menu option in the top menu bar. You can see which secure services you have accessed and have usernames and passwords saved for. You can edit or delete you usernames and passwords here, on enter new ones for different services. You can also view, delete and export certificates that either belong to you or to services that you trust and trusted Certification Authorities (CAs).

When you access a new HTTPS service for the first time, Credential Manager checks if this service is marked as trusted (i.e. its certificate is among the trusted certificates inside Credential Manager). If the service's certificate is not recognized - it will ask if you want to accept or reject it (i.e. trust it or not). If you reject it then the workflow will still attempt to run but will fail. You can choose to trust always or only for this instance of Taverna, shutting Taverna down will clear the certificate. The best option it to trust always so will not be prompted again.

Labels
  • None