Page Comparison

messagingServer

Example value:

• MessagingServer

The name of the Smart ID Messaging configuration as defined in Identity Manager Admin. This configuration provides data (url, authentication token, lifespan and timeout) needed for the Smart ID Messaging connection.

messageName

Example value:

• p10PreparationCallback

The name of the intermediate message catching event that will be triggered by Smart ID Messaging.

userid

Example value:

• ${Person_Email}

ID representing the user on the messaging server. This will be displayed in the profile on the mobile app to verify the correct data is provided.

A common approach is to use the user's email address.

errorMessageField

Example value:

• ErrorMessage

Process variable to put the error message in case of failure.

errorTypeField

Example value: 

• ErrorType

Process variable to put the error type in case of failure.

signCertificateTemplate

-

Signature certificate template.

authCertificateTemplate

-

Authentication certificate template.

profileName

If new profile

Leave empty (when updating a profile)

Profile name for Smart ID Messaging. Will be displayed in the Smart ID Mobile App. Leave empty if you want to update an existing profile.

serverName

If new profile

Example value: 

• Smart ID

Name of the server that issued the provisioning request. This is for the user to understand where the profile comes from. 

attestationKeySet

-

(If not set will default to "ATTESTATION")

Example value:

• ATTESTATION (default value)

The name of the attestation key that will be used for signing (by the client) and validating (by Identity Manager) the mobile client's data. The available values are the names of the descriptors in the sign and encrypt engine that start with "att_", without this prefix. An attestation key with the same name must be defined in Smart ID Mobile App/MDM device.

Default value is "ATTESTATION" when no descriptor value is provided.

qrResultField

If new profile

Example value:

• QR_CODE_VAR

Process variable to put the resulting url. This url may be converted to a QR-Code for the Smart ID Mobile App by using GenerateQRCodeParametrizedAction.

profileId

If update profile

Leave empty (for new profile)

Id of the Smart ID Mobile App profile that will be updated with new keys. Leave empty if you want to provision a new profile.

storagePriority

Valid values:

• APP (for Smart ID Mobile App, default)

• EXT (for Mobile Iron device)

• MDM (replaced by EXT, but still supported)

Storage priority of certificates. MDM is replaced by EXT, however MDM is still supported.

visualIdLayout

If using visual ID

Example value:

• Default Layout

The layout to be used for creating the visual ID. If there is a juel expression configured for the front or backside image, this will take precedence over the statically configured image. If there is no image found for the juel expression, and there is no statically configured image, the task will fail.

cardDatapool

If using visual ID

Example value:

• PcmDpPersonalMobile

 The datapool used for saving the mobile ID profile.

contentId

If using visual ID

Example value:

• ${GeneratedContentId}

 A unique ID in UUID format, which will be associated with the personal mobile profile. Can be generated with the service task "MISC: Generate Random GUID into Data Map Field".

messagingServer

The name of the Smart ID Messaging configuration as defined in Identity Manager Admin. This configuration provides data (url, authentication token, lifespan and timeout) needed for the Smart ID Messaging connection.

messageName

p10FinishedCallback

The name of the intermediate message catching event that will be triggered by Smart ID Messaging.

userid

${Person_Email}

ID representing the user on the messaging server. This must match the userid provided when the profile was requested.

errorMessageField

ErrorMessage

Process variable to put the error message in case of failure.

errorTypeField

ErrorType

Process variable to put the error type in case of failure.

signatureCertificate

-

${SIG_VAR}

The signature certificate.

authenticationCertificate

-

${AUTH_VAR}

The authentication certificate.

deviceEncryptionP10

${DEVICE_ENC_P10_VAR}

The PKCS#10 request for the Device Encryption Certificate, created by the "Mobile App: Create Key" task.

profileId

${profileId}

The id of the profile under which to store the certificates. This is initially provided by the "Mobile App: Create Key" task.

encryptionCertificate

-

Encryption certificate template.

recoveryCertificate

-

Recovery certificate template.

processVariable

-

Certificate_CoreObjects

Variable name which holds Core object ids list or Core object descriptor list of certificates to be recovered.

p12PasswordField

profilePassword

Reference field where the created password is stored. This password is used for all PKCS#12 containers in this communication. There are a number of actions for creating passwords.

storagePriority

Valid values:

• APP (for Smart ID Mobile App, default)

• EXT (for Mobile Iron device)

• MDM (replaced by EXT, but still supported)

Storage priority of encryption certificates. MDM is replaced by EXT, however MDM is still supported.

messagingServer

The name of the Smart ID Messaging configuration as defined in Identity Manager Admin. This configuration provides data (url, authentication token, lifespan and timeout) needed for the Smart ID Messaging connection.

messageName

The name of the intermediate message catching event that will be triggered by Smart ID Messaging.

errorMessageField

ErrorMessage

Process variable to put the error message in case of failure.

errorTypeField

ErrorType

Process variable to put the error type in case of failure.

profileId

when confirmation flag is true

${Card_ProfileId}

ID of the profile to be deleted, as created via 'Mobile App: Create Key'.

userid

${Person_Email}

ID representing the user on the messaging server. This must match the userid provided when the profile was requested.

confirmation

Valid values:

• true

• false

Messaging Server will forward the profile deletion request to Smart ID Mobile App when set to true.

messagingServer

Example value:

• MessagingServer

The name of the Smart ID Messaging configuration as defined in Identity Manager Admin. This configuration provides data (url, authentication token, lifespan and timeout) needed for the Smart ID Messaging connection.

messageName

Example value:

• p10PreparationCallback

The name of the intermediate message catching event that will be triggered by Smart ID Messaging.

userid

Example value:

• ${Person_Email}

ID representing the user on the messaging server. This will be displayed in the profile(-list) on the desktop app to verify the correct data is provided.

A common approach is to use the user's email address.

errorMesageField

Example value: 

• ErrorMessage

Process variable to put the error message in case of failure.

errorTypeField

Example value: 

• ErrorType

Process variable to put the error type in case of failure.

signCertificateTemplate

-

Example value:

• Sign-Certificate

Certificate template of the signature certificate.

authCertificateTemplate

-

Example value:

• Authentication-Certificate

Certificate template of the authentication certificate.

aux_<identifier>_certificateTemplate

-

Example value:

• Authentication-Certificate

Certificate template of auxiliary authentication certificate. <identifier> bust be replaced with an alphanumeric value, for example aux_myDomain_certificateTemplate. You can optionally add one or more parameters of this form.

The name of the identifier must be the same as the one used in the "aux_<identifier>_certificate" parameter in "Desktop App: Install Certificates on Virtual Smart Card").

profileName

Example value:

• VSC 1

Profile name for Smart ID Messaging. Will be displayed in Smart ID Desktop App as the heading of the profile.

serverName

Example value:

• Smart ID

Name of the server that issued the provisioning request. This is for the user to understand where the profile comes from.

attestationKeySet

-

(If not set will default to "ATTESTATION")

Example value:

• ATTESTATION (default value)

The name of the attestation key that will be used for signing (by the client) and validating (by Identity Manager) the client's data. The available values are the names of the descriptors in the sign and encrypt engine that start with "att_", without this prefix. An attestation key with the same name must be defined in Smart ID Desktop App.

plugoutResultField

If new profile

Example value: 

• plugoutUri

Process variable to put the resulting Smart ID Plugout URI that will open Smart ID Desktop App on the client machine.

adminKey

Example value: 

• ${Card_CardManagerKey}

The secret field reference of 24-byte 3DES admin key in HEX format. The key can also be set directly as plain hex value for testing.

Note: Smart ID Desktop App.s own default is 123456781234567812345678123456781234567812345678, but you must make sure Identity Manager always defines the value!

smartCardId

Example Value: 

• ${Card_VscId}

Virtual smart card id. Usually it will be created via a dedicated number-range.

provisionReader

Valid values:

• CreateTPM

• FreeTPM

• RenewTPM 

• 0TPM/1TPM..../15TPM

• CreateTPM (create a new VSC on the TPM) 

• FreeTPM (use first free VSC on the TPM) .

• RenewTPM Use this option to renew existing TPM certificates.

• 0TPM / 1TPM / ... / 15TPM  Specific VSC on the TPM can be also used for installing certificates.

The value is passed as-is to Smart ID Desktop App.

pinMinLength

Example value:

• 6

Min. length of the VSC PIN (Windows API allows 4-127 characters,
see https://docs.microsoft.com/en-us/uwp/api/windows.devices.smartcards.smartcardpinpolicy.minlength )

pinMaxLength

Example value:

• 15

Max length of the VSC PIN (Windows API allows 4-127 characters,
see https://docs.microsoft.com/en-us/uwp/api/windows.devices.smartcards.smartcardpinpolicy.maxlength )

pinUppercase

Valid values:

• ALLOWED (default)

• DISALLOWED

• REQUIRED

Whether uppercase chars in the PIN are ALLOWED / DISALLOWED / REQUIRED

pinLowercase

Valid values:

• ALLOWED (default)

• DISALLOWED

• REQUIRED

Whether lowercase chars in the PIN are ALLOWED / DISALLOWED / REQUIRED

pinDigits

Valid values:

• ALLOWED (default)

• DISALLOWED

• REQUIRED

Whether digits in the PIN are ALLOWED / DISALLOWED / REQUIRED

pinSpecialChars

Valid values:

• ALLOWED (default)

• DISALLOWED

• REQUIRED

Whether special chars in the PIN are ALLOWED / DISALLOWED / REQUIRED

hybridProfile

-

Valid values:

• FALSE

• (default)

• TRUE

oldAdminKey

-

-

This field only makes sense in case the "FreeTPM" provisionReader is configured. If provided, it will change the VSC's admin key. "oldAdminkey" must hold the old admin key and "adminKey" must hold the new admin key.

For example, default admin key of 010203040506070801020304050607080102030405060708 when you create VSC from Tpmvscmgr tool.

storagePriority

Valid values (version-dependent, Smart ID Desktop App or Smart ID Messaging update may be required for some):

• VSC (TPM-based virtual smart card, default)

• TPM (direct TPM storage, depending on the version of Smart ID Desktop App, it might have same meaning as VSC

• )

• YUBI (Yubico YubiKey 5 PIV Token, since Identity Manager 3.12.5)

• OS (operating system certificate store)

Storage priority - defines where certificates and keys are stored. Usually just a single value.
If hybridProfile is TRUE, then this may be a comma-separated list.

Example:

VSC,

OS would mean: try to write to a virtual smart card first, and if that fails, use the OS certificate store instead.

desktopKeyProtectionLevel

Valid values:

• NONE (default)

• CONSENT

• PASSWORD

• BIOMETRICS

Specifies the key protection level at OS key store. It is only used in case of OS storage priority. 

• NONE - No strong key protection.

• CONSENT - The user is notified through a dialog box when the private key is created or used.

• PASSWORD - The user is prompted to enter a password for the key when the key is created or used.

• BIOMETRICS - The user is prompted to enter a fingerprint verification for the key when the key is created or used.

messagingServer

The name of the Smart ID Messaging configuration as defined in Identity Manager Admin. This configuration provides data (url, authentication token, lifespan and timeout) needed for the Smart ID Messaging connection.

messageName

p10FinishedCallback

The name of the intermediate message catching event that will be triggered by Smart ID Messaging.

userid

${Person_Email}

ID representing the user on the messaging server. This must match the userid provided when the profile was requested.

errorMessageField

ErrorMessage

Process variable to put the error message in case of failure.

errorTypeField

ErrorType

Process variable to put the error type in case of failure.

signatureCertificate

${SIG_VAR}

The signature certificate.

authenticationCertificateauthenticationCertificate

${AUTH_VAR}

The authentication certificate.

aux_<identifier>_certificate

${AUTH<identifier>_CERT_VAR}

The auxiliary authentication certificate <identifier>.
It is necessary to replace <identifier> with a value as described in the "Desktop App: Create Virtual Smart Card Key" task. You can optionally add one or more parameters of this form.

deviceEncryptionP10

${DEVICE_ENC_P10_VAR}

The PKCS#10 request for the Device Encryption Certificate, created by the "Desktop App: Create Virtual Smart Card Key" task.

profileId

${profileId}

The id of the profile under which to store the certificates. This is initially provided by the 'Desktop App: Create Virtual Smart Card Key' task.

encryptionCertificate

Encryption certificate template.

recoveryCertificate

Recovery certificate template.

processVariable

Certificate_CoreObjects

Variable name which holds Core object ids list or Core object descriptor list of certificates to be recovered.

p12PasswordField

p12password

Reference field where the created password is stored. This password is used for all PKCS#12 containers in this communication. There are a number of actions for creating passwords.

smartCardId

${Card_VscId}

Virtual smart card id. Usually it will be created via a dedicated number-range.

storagePriority

Valid values (version-dependent, Smart ID Desktop App or Smart ID Messaging update may be required for some):

• VSC (TPM-based virtual smart card, default)

• TPM (direct TPM storage, depending on the version of Smart ID Desktop App, it might have same meaning as VSC or be unsupported)

• YUBI (Yubico YubiKey 5 PIV Token, since Identity Manager 3.12.5)

• OS (operating system certificate store)

Storage priority - defines where certificates and keys are stored. Usually just a single value.

If the profile was created with hybridProfile set to TRUE (see 'Desktop App: Create Virtual Smart Card Key'), then this may be a comma-separated list.

Example:

VSC, OS would OS would mean: try to write to a virtual smart card first, and if that fails, use the OS certificate store instead.

• TPM is not supported and will fail - use VSC instead

• in hybrid profile mode the only valid combination is: VSC, OS

desktopKeyProtectionLevel

Valid values:

• NONE (default)

• CONSENT

• PASSWORD

• BIOMETRICS

Specifies the key protection level at OS key store. It is only used in case of OS storage priority. 

• NONE - No strong key protection.

• CONSENT - The user is notified through a dialog box when the private key is created or used.

• PASSWORD - The user is prompted to enter a password for the key when the key is created or used.

• BIOMETRICS - The user is prompted to enter a fingerprint verification for the key when the key is created or used.

messagingServer

The name of the Smart ID Messaging configuration as defined in Identity Manager Admin. This configuration provides data (url, authentication token, lifespan and timeout) needed for the Smart ID Messaging connection.

messageName

deleteSmartCardCallback

The name of the intermediate message catching event that will be triggered by Smart ID Messaging.

errorMessageField

ErrorMessage

Process variable to put the error message in case of failure.

errorTypeField

ErrorType

Process variable to put the error type in case of failure.

profileId

when confirmation flag is true

${Card_ProfileId}

ID of the profile to be deleted, as created via 'Desktop App: Create Virtual Smart Card Key'.

smartCardId

when profileId provided and confirmation flag is true

${Card_VscId}

ID of the virtual smart card, as created via 'Desktop App: Create Virtual Smart Card Key'.

plugoutUrl

when profileId provided and confirmation flag is true

plugoutUrl

Process variable to put the resulting Smart ID Plugout URI that will open Smart ID Desktop App on the client machine.

userid

${Person_Email}

ID representing the user on the messaging server. This must match the userid provided when the profile was requested.

adminKey

when profileId provided and confirmation flag is true

The secret field reference of the new 24-byte 3DES admin key to be set, in HEX format. The key can also be set directly as plain hex value for testing.

oldAdminKey

when profileId provided and confirmation flag is true

${Card_CardManagerKey}

The secret field reference of the 24-byte 3DES current admin key, in HEX format. The key can also be set directly as plain hex value for testing.

confirmation

Valid values:

• true (default)

• false

Messaging Server will forward the delete profile request to Smart ID Desktop App when this set to true.

messagingServer

Example value:

• MessagingServer

The name of the Smart ID Messaging configuration as defined in Identity Manager Admin. This configuration provides data (url, authentication token, lifespan and timeout) needed for the Smart ID Messaging connection.

messageName

Example value:

• p10PreparationCallback

The name of the intermediate message catching event that will be triggered by Smart ID Messaging.

userid

Example value:

• ${Person_Email}

ID representing the user on the messaging server. This will be displayed in the profile(-list) on the desktop app to verify the correct data is provided.

A common approach is to use the user's email address.

errorMesageField

Example value: 

• ErrorMessage

Process variable to put the error message in case of failure.

errorTypeField

Example value: 

• ErrorType

Process variable to put the error type in case of failure.

profileName

Example value:

• Windows Certs

Profile name for Smart ID Messaging. Will be displayed in Smart ID Desktop App as heading of the profile.

serverName

Example value:

• Smart ID

Name of the server that issued the provisioning request. Will be displayed in Smart ID Desktop App so the user can understand where this profile comes from. 

plugoutResultField

Example value: 

• plugoutUri

Process variable to put the resulting Smart ID Plugout URI that will open Smart ID Desktop App on the client machine.

desktopKeyProtectionLevel

Valid values:

• NONE (default)

• CONSENT

• PASSWORD

• BIOMETRICS

Specifies the key protection level at OS key store. It is only used in case of OS storage priority. 

• NONE - No strong key protection.

• CONSENT - The user is notified through a dialog box when the private key is created or used.

• PASSWORD - The user is prompted to enter a password for the key when the key is created or used.

• BIOMETRICS - The user is prompted to enter a fingerprint verification for the key when the key is created or used.

attestationKeySet

-

(If not set will default to "ATTESTATION")

Example value:

• ATTESTATION (default value)

The name of the attestation key that will be used for signing (by the client) and validating (by Identity Manager) the client's data. The available values are the names of the descriptors in the sign and encrypt engine that start with "att_", without this prefix. An attestation key with the same name must be defined in Smart ID Desktop App.

Smart ID Desktop App only accepts the default key set named "ATTESTATION".

If new profile

messagingServer

The name of the Smart ID Messaging configuration as defined in Identity Manager Admin. This configuration provides data (url, authentication token, lifespan and timeout) needed for the Smart ID Messaging connection.

boxId

Process variable to put the boxId.

plugoutUrl

Process variable to put the plugout url.

messageToUser

A An optional message to the user which will be displayed in Smart ID Desktop App.

messageName

The name of the intermediate message catching event that will be triggered by Smart ID Messaging.