Versions Compared

Version Old Version 2 New Version 3
Changes made by

Ann Base (Deactivated)

Josefin Klang (Deactivated)

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.


Excerpt


Expand
titleCert QuoVadis PKI: Create domain request

Description

Use this task to create a new domain request in the QuoVadis Certificate Authority. It is saved as a request core-object in a dedicated data-pool.

Prerequisites

Data-pool

  1. The data-pool must have the fields shown below. Pay special attention to the name of the Meta_CoreObjectState_-field which needs to end with the matching data-pool name:
  2. Note the field TransactionId which is used to store a UUID assigned by QuoVadis to each domain request. It is required to later query the status of the request.
    Usually the internal Requests table is used as data-source as shown below:

State-graph

  1. The state-graph must contain at least the following states: pending/approved/rejected (case-insensitive), with transitions from pending to both approved and rejected.
  2. If you want to disambiguate requests that did not yet have their state queried at the CA from those which are pending according to the CA, then add a start state sent before pending, as shown below, but this is optional (pending will be the start state when not using sent).

Request core-template

  1. You need a request core-template which uses the above data-pool and state-graph definitions:

Search-configuration (optional)

  1. Optionally you may configure a search-configuration for your request core-objects, for example, like this:

Configuration

To use this task, configure the following delegate expression in your service task:

Code Block
languagexml
${quoVadisRequestDomainParametrizedTask}

The following parameters can be configured in Identity Manager Admin:

ParameterMandatoryValueDescription
quoVadisConnection

Example value:

  • MyQvConnectorConfig
QuoVadis connection name.
organisation

Example value:

  • My QV Organisation
QuoVadis organisation name.
adminEmail

Example value:

  • qvadmin@mycompany.com
QuoVadis administrator e-mail address.
domain

Example value:

  • my.new.domain.com
Domain or IP-address for which to issue the request.
isEV

Valid values:

  • true
  • false
Whether you want to use extended validation with this domain.
requestTemplate

Example value:

  • QvDomainRequest
The core template name which should be used for the new QuoVadis domain request core objects.
errorMsgField

ErrorMsgThe name of the field in which to save the error message for errors that happen during CA request or when saving of the core-object.
If no such error happened, then this field is not set.
errorCodeField

ErrorCodeThe name of the field in which to save the error code for errors that happen during CA request or when saving of the core-object.
This can be either of the following:
  • caRequestFailed
    → could not issue the domain request at the CA
  • saveFailed
    → domain request was successful, but creating the request core-object failed

If no such error happened, then this field is not set.



Expand
titleCert QuoVadis PKI: Update domain request status

Description

Use this task to query the status of a QuoVadis domain request in the Certificate Authority and update the state of the request core-object in Identity Manager accordingly.
This task requires a QuoVadis domain request core-object to be loaded into the process map before execution.

Note

The QuoVadis API does not allow any other kind of interaction with a created domain request besides querying its status. For example, to cancel a request is not supported.

Prerequisites

The prerequisites of the Cert QuoVadis PKI: Create domain request task above also apply here.

Configuration

To use this task, configure the following delegate expression in your service task:

Code Block
languagexml
${quoVadisUpdateDomainRequestStatusParametrizedTask}

The following parameters can be configured in Identity Manager Admin:

ParameterMandatoryValueDescription
quoVadisConnection

Example value:

  • MyQvConnectorConfig
QuoVadis connection name.
organisation

Example value:

  • My QV Organisation
QuoVadis organisation name.
requestDataPool

Example value:

  • DpQuoVadisDomainRequest
Data-pool for QuoVadis domain requests.
errorMsgField

ErrorMsgThe name of the field in which to save the error message for errors that happen during CA request or when saving of the core-object.
If no such error happened, then this field is not set.
errorCodeField

ErrorCodeThe name of the field in which to save the error code for errors that happen during CA request or when saving of the core-object.
This can be either of the following:
  • caRequestFailed
    → could not query the domain request status at the CA
  • saveFailed
    → querying the request status was successful, but could not update the state of the request core-object

If no such error happened, then this field is not set.



Expand
titleCert QuoVadis PKI: Save domain list into Identity Manager

Description

Use this task to save account domain list from QuoVadis Certificate Authority into Identity Manager lookup table. This task deletes the old domain list entry and creates a fresh entry in the configured lookup table.

Prerequisites

Create a lookup table-based datapool and core template name for storing the domain list information into Identity Manager.

Datapool

  1. The datapool must have the fields with the described names as shown in this figure. This field names are fixed and taken from DomainInfo response.

  2. Configure the datapool datasource as lookup table as shown in this figure:

       

Lookup table

  1. Create a lookup table which belongs to the Domain data pool. Any state graph can be assigned to this lookup table. 

       

Configuration

To use this task, configure the following delegate expression in your service task:

Code Block
languagexml
${quoVadisDomainListUpdateParametrizedTask}

The following parameters can be configured in Identity Manager Admin:

ParameterMandatoryValueDescription
quoVadisConnection


QuoVadis connection name.
coreTemplateName


The core template name which should be used for the new core objects. This core template should consist of lookup table type DomainList Datapool.