...
IDM references descriptors by their name: for each use case there is a known descriptor name. Most names are fixed (e.g. ConfigZipEncrypter is always used for encrypting configuration files) and a few can be named arbitrarily (e.g. descriptors for PIN blob decryption).
See the tables below the example for more information on the different possible attributes of a descriptor/-type.
Descriptor example
| Code Block | ||
|---|---|---|
| ||
<descriptor name="ObjectHistorySigner" version="1">
<type algorithm="SHA-256" key="objectHistorySignerCert" />
</descriptor> |
See the following tables for more information on the different possible attributes of a descriptor/-type.
| Description |
|---|---|
name | Used by Identity Manager to refer to this descriptor. There might be different descriptors with the same name but with different versions. |
version | A numeric value that denotes the descriptor's version. This is only needed for the |
...
There are also descriptors which cannot be versioned, e.g. EncryptedFields. For those the version always needs to be set to 1.
Key
See the tables below the example for more information about the key/-typeKey elements are referenced by the descriptors. They describe keys found in HSMs and/or keystores. Each key should be used by only one descriptor.
Key example
| Code Block | ||
|---|---|---|
| ||
<key name="objectHistorySignerCert">
<type name="pkcs12" locationValue="classpath:sign.p12" pin="1234"/>
</key> |
See the tables below for more information about the key/-type.
| Description |
|---|---|
name | Used by descriptors' key attribute to reference this key. |
...