locked
How secure are Credentials stored in a BizTalk SSO database? RRS feed

  • Question

  • I'm trying to determine how secure the SSO database is. Essentially what I'd like to know is whether it is possible for anyone other than the user who stored their credentials in the store to retrieve them back out again.

    consider this scenario:

    1. As "DOMAIN\Scott" I store credentials in the SSO database

    2. This database is compromised in such a way that the table data is stolen

    3. The master secret on the master secret server is also compromised

    Can they use this to decrypt the credentials? or do they need a Kerberos ticket from AD as well? If this is the case is there any way to encrypt data in such a way that a valid Kerberos ticket is the only way to get access to it?

    Regards,

    Scott

    Sunday, October 21, 2012 4:10 AM

Answers

  • HI

    If your administrator had created proper group to facilitate each group .. Then SSo is best place to store your config data..

    As SSO Can be access by only SSO Administrator Group

    But we normally configure with one ID which is not the proper way to setup.

    Refer This

    http://msdn.microsoft.com/en-us/library/ee251728%28v=bts.10%29.aspx

    http://msdn.microsoft.com/en-us/library/aa560954%28v=bts.10%29.aspx

    http://msdn.microsoft.com/en-us/library/ee251682%28v=bts.10%29.aspx

    Monday, October 22, 2012 3:52 AM