Description Use this task to generate a response using the card manager key and a challenge for the offline unblocking process. ConfigurationTo use this task, configure the following delegate expression in your service task: | Code Block |
|---|
${challengeResponseGeneratorTask} |
The following parameter can be configured in Identity Manager Admin: | Parameter | Mandatory | Value | Description |
|---|
| CardManagerKeyField | | Example value: | The name of the field that needs to hold the reference value to the card manager key (for example, Card_CardManagerKey). Must be a reference field. | | ChallengeField | | Example value: - "CV act sc interface manager" in case of Cryptovision
| The challenge provided by Windows or a 3rd party tool. | | ResponseField | |
| The response is generated by this task to support unblocking. | | DisableDerivation | - | Valid values: | Set to "true" if you want to use the CardManagerKey directly as challenge/response key instead of deriving one. This is relevant for non-Cryptovision middlewares (for example, CardOS or Gemalto), where we directly use a 3DES CardManagerKey instead of a 2DES key from which the actual challenge/response key is derived. If the field is absent, derivation is enabled and a 2DES CardManagerKey is expected. | | DisableDerivationField | - |
| If present, points to a field containing the (override) value of DisableDerivation. If both DisableDerivation and DisableDerivationField are present and the referenced field contains a value, the latter takes precedence. This is mainly intended for deployments that deal with multiple middlewares, which require different DisableDerivation values (for example CV + CardOS). |
The following dependencies must be configured in the Spring configuration:
| Dependency | Description |
|---|
secretFieldsArchiver | Responsible for archiving the secrets into the secret field store. |
| 
