Document toolboxDocument toolbox

Cert QuoVadis PKI - Standard service tasks in Identity Manager

 

Description

Use this task to create a new domain request in the QuoVadis Certificate Authority. It is saved as a request core-object in a dedicated data-pool.

Prerequisites

Data-pool

  1. The data-pool must have the fields shown below. Pay special attention to the name of the Meta_CoreObjectState_-field which needs to end with the matching data-pool name:

  2. Note the field TransactionId which is used to store a UUID assigned by QuoVadis to each domain request. It is required to later query the status of the request.
    Usually the internal Requests table is used as data-source as shown below:

State-graph

  1. The state-graph must contain at least the following states: pending/approved/rejected (case-insensitive), with transitions from pending to both approved and rejected.

  2. If you want to disambiguate requests that did not yet have their state queried at the CA from those which are pending according to the CA, then add a start state sent before pending, as shown below, but this is optional (pending will be the start state when not using sent).

Request core-template

  1. You need a request core-template which uses the above data-pool and state-graph definitions:


Search-configuration (optional)

  1. Optionally you may configure a search-configuration for your request core-objects, for example, like this:

Configuration

To use this task, configure the following delegate expression in your service task:

${quoVadisRequestDomainParametrizedTask}

The following parameters can be configured in Identity Manager Admin:

Parameter

Mandatory

Value

Description

Parameter

Mandatory

Value

Description

quoVadisConnection

 

Example value:

  • MyQvConnectorConfig

QuoVadis connection name.

organisation

 

Example value:

  • My QV Organisation

QuoVadis organisation name.

adminEmail

 

Example value:

  • qvadmin@mycompany.com

QuoVadis administrator e-mail address.

domain

 

Example value:

  • my.new.domain.com

Domain or IP-address for which to issue the request.

isEV

 

Valid values:

  • true

  • false

Whether you want to use extended validation with this domain.

requestTemplate

 

Example value:

  • QvDomainRequest

The core template name which should be used for the new QuoVadis domain request core objects.

errorMsgField

 

ErrorMsg

The name of the field in which to save the error message for errors that happen during CA request or when saving of the core-object.
If no such error happened, then this field is not set.

errorCodeField

 

ErrorCode

The name of the field in which to save the error code for errors that happen during CA request or when saving of the core-object.
This can be either of the following:

  • caRequestFailed
    → could not issue the domain request at the CA

  • saveFailed
    → domain request was successful, but creating the request core-object failed

If no such error happened, then this field is not set.

 

Description

Use this task to query the status of a QuoVadis domain request in the Certificate Authority and update the state of the request core-object in Identity Manager accordingly.
This task requires a QuoVadis domain request core-object to be loaded into the process map before execution.

The QuoVadis API does not allow any other kind of interaction with a created domain request besides querying its status. For example, to cancel a request is not supported.

Prerequisites

The prerequisites of the Cert QuoVadis PKI: Create domain request task above also apply here.

Configuration

To use this task, configure the following delegate expression in your service task:

${quoVadisUpdateDomainRequestStatusParametrizedTask}

The following parameters can be configured in Identity Manager Admin:

Parameter

Mandatory

Value

Description

Parameter

Mandatory

Value

Description

quoVadisConnection

 

Example value:

  • MyQvConnectorConfig

QuoVadis connection name.

organisation

 

Example value:

  • My QV Organisation

QuoVadis organisation name.

requestDataPool

 

Example value:

  • DpQuoVadisDomainRequest

Data-pool for QuoVadis domain requests.

errorMsgField

 

ErrorMsg

The name of the field in which to save the error message for errors that happen during CA request or when saving of the core-object.
If no such error happened, then this field is not set.

errorCodeField

 

ErrorCode

The name of the field in which to save the error code for errors that happen during CA request or when saving of the core-object.
This can be either of the following:

  • caRequestFailed
    → could not query the domain request status at the CA

  • saveFailed
    → querying the request status was successful, but could not update the state of the request core-object

If no such error happened, then this field is not set.



Description

Use this task to save account domain list from QuoVadis Certificate Authority into Identity Manager lookup table. This task deletes the old domain list entry and creates a fresh entry in the configured lookup table.

Prerequisites

Create a lookup table-based datapool and core template name for storing the domain list information into Identity Manager.

Datapool

  1. The datapool must have the fields with the described names as shown in this figure. This field names are fixed and taken from DomainInfo response.


  2. Configure the datapool datasource as lookup table as shown in this figure:

       

Lookup table

  1. Create a lookup table which belongs to the Domain data pool. Any state graph can be assigned to this lookup table. 

       

Configuration

To use this task, configure the following delegate expression in your service task:

${quoVadisDomainListUpdateParametrizedTask}

The following parameters can be configured in Identity Manager Admin:

Parameter

Mandatory

Value

Description

Parameter

Mandatory

Value

Description

quoVadisConnection

 



QuoVadis connection name.

coreTemplateName

 



The core template name which should be used for the new core objects. This core template should consist of lookup table type DomainList Datapool.

 

Copyright 2024 Technology Nexus Secured Business Solutions AB. All rights reserved.
Contact Nexus | https://www.nexusgroup.com | Disclaimer | Terms & Conditions