Write data objects to smart cards

This article describes how to write data objects to smart cards in Identity Manager by defining the encoding description and applying extra attributes to the description file.

Define encoding description

Define the encoding description.

[Fields]
OBJECT_DATA=
USER_NAME=
...

[Application_A]
DataObject=OBJECT_DATA
LabelExpressionDataObject=Issued for !{USER_NAME}

Element	Description
DataObject=...	Specifies from which defined field the object data is taken. The field's value must be base64 encoded.
LabelExpressionDataObject=....	The label (CKA_LABEL value) for the data object. It is possible to put the text directly or use the expression language to access fields.

Apply extra attributes

Apply extra attributes to handle more complex objects.
Example:

[Application_A]
DataObject=OBJECT_DATA
AttributesDataObject=CKA_PRIVATE=TRUE,CKA_APPLICATION="IDM",CKA_OBJECT_ID=1.2.3.4.5,...

Supported attributes:

Attribute	Data type	Value (as appearing in the .dsc file)
CKA_PRIVATE	CK_BBOOL	TRUE \| FALSE
CKA_COPYABLE	CK_BBOOL	TRUE \| FALSE
CKA_MODIFIABLE	CK_BBOOL	TRUE \| FALSE
CKA_DESTROYABLE	CK_BBOOL	TRUE \| FALSE
CKA_APPLICATION	byte array	For example: "IDM" - quoted text
CKA_OBJECT_ID	byte array	For example: 1.2.3.4.5 - ASN.1 Object Identifier Literal

The support of the attributes depends on the middleware and the version of the middleware.

Nexus Documentation

Write data objects to smart cards

Analytics

Related content