Info |
---|
This article includes updates for Smart ID 23.04.6. |
Expand | ||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ||||||||||||||||||||||||||||||||
Description Use this task to generate a response using the card manager key and a challenge for the offline unblocking process. Configuration To use this task, configure the following delegate expression in your service task:
The following parameter can be configured in PRIME DesignerIdentity Manager Admin:
|
Example value:
| The challenge provided by Windows or a 3rd party tool. | |
ResponseField |
The response is generated by this task to support unblocking. | |||
DisableDerivation | - | Valid values:
| Set to "true" if you want to use the CardManagerKey directly as challenge/response key instead of deriving one. This is relevant for non-Cryptovision middlewares (for example, CardOS or Gemalto), where we directly use a 3DES CardManagerKey instead of a 2DES key from which the actual challenge/response key is derived. If the field is absent, derivation is enabled and a 2DES CardManagerKey is expected. |
DisableDerivationField | - | If present, points to a field containing the (override) value of DisableDerivation. If both DisableDerivation and DisableDerivationField are present and the referenced field contains a value, the latter takes precedence. This is mainly intended for deployments that deal with multiple middlewares, which require different DisableDerivation values (for example CV + CardOS). |
The following dependencies must be configured in the Spring configuration:
Dependency | Description |
---|---|
secretFieldsArchiver | Responsible for archiving the secrets into the secret field store. |
Expand | |||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| |||||||||||||||||||||||||
Description Use this task to generate a 2DES / 3DES key as card manager key for minidriver compatible cards. The value generated is saved in an encrypted field. Configuration To use this task, configure the following delegate expression in your service task:
The following parameters can be configured in PRIME DesignerIdentity Manager Admin:
The following dependencies must be configured in the Spring configuration:
|
Expand | ||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ||||||||||||||||||||||||||||||
Description Use this task to generate a value for PIN and PUK according to certain rules (length, allowed characters) and to archive those values for later retrieval during card production or for PIN letter printing. Configuration To use this task, configure the following delegate expression in your service task:
The following parameters can be configured in PRIME DesignerIdentity Manager Admin:
|
Expand | ||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ||||||||||||||||||||||||||||||
Description Use this task to generate a password or another secret and to archive the value for later retrieval during card production or for PIN letter printing. The secret value is also hashed and stored in a separate field for easier comparison. The hash algorithm is defined in Spring since it must be the same as the one that is used for checking the passwords during login. Configuration To use this task, configure the following delegate expression in your service task:
The following parameters can be configured in PRIME DesignerIdentity Manager Admin:
The following dependencies must be configured in Spring:
|
Expand | ||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ||||||||||||||||||||||||||
Description Use this task to decrypt values that were encrypted using the INSIDE server. Configuration To use this task, configure the following delegate expression in your service task:
The following parameters can be configured in Identity Manager Admin:
|