Label
Mandatory
Description
Key
Available options are:
E-ID user attribute
E-ID certificate attribute
Enable Nexus Personal Plugout
Enable IBM CBT
Enable Nexus Personal
Enable Nexus Personal XML DigSig
Enable Netmaker NetID
Nexus Personal CA Names
Netmaker NetID CA Names
OSIF Provider ID Nexus Personal Plugout
OSIF Provider ID IBM CBT
OSIF Provider ID Nexus Personal
OSIF Provider ID Netmaker NetID
OSIF Provider ID Nexus Personal XML DigSig
OSIF Service Communication protocol
OSIF Policy parameter
Service Host Alternative FQDN
Allow user not listed in any User Storage
Force create user
Create user on failed logon
Nexus Personal XML DigSig Template
Nexus Personal Plugout Template
Nexus Personal Plugout Message Server URL
Nexus Personal Plugout Format
Nexus Personal Plugout Mechanism
Value
E-ID user attribute
Specify LDAP user attribute to map user to user in directory service.
Example: cn=joe smith
Mandatory when E-ID certificate attribute mapping is specified for mapping.
E-ID certificate attribute
Specify LDAP certificate attribute to map user to correct certificate.
Example: cn=joe smith
Mandatory when E-ID user attribute is specified for mapping.
Enable Nexus Personal Plugout
Select true or false.
Mandatory.
Set to false by default.
Enable IBM CBT
Select true or false.
Mandatory.
Set to false by default.
Enable Nexus Personal XML DigSig
Select true or false.
Mandatory.
Set to false by default.
Enable Nexus Personal
Select true or false.
Mandatory.
Set to false by default.
Enable Netmaker NetID
Select true or false.
Mandatory.
Set to false by default.
Nexus Personal CA Names
Specify a list of CA Certificate Display Names of the issuers of the user certificates used for the Nexus Personal client. Wildcards can be used.
Example: cn=Bank A Test*, Bank B SmartCard, Bank C*
If not specified, a list of all certificates available for the user is presented at logon.
Netmaker NetID CA Names
Specify a list of CA Certificate Display Names of the issuers of the user certificates used for the Netmaker NetID client. Wildcards can be used.
Example: cn=Bank A Test*, Bank B SmartCard, Bank C*
If not specified, a list of all certificates available for the user is presented at logon.
OSIF Provider ID Nexus Personal Plugout
What Provider ID to use when communicating with OSIF when validating signatures created using Nexus Personal Plugout. Possible values are:
- 31 (xml format)
- 32 (pkcs7 format)
Set to 31 by default.
Note, setting OSIF provider ID requires correct value for Nexus Personal Plugout Format.
OSIF Provider ID IBM CBT
What Provider ID to use when communicating with OSIF when validating signatures created using IBM CBT
If not specified, default value of 1
OSIF Provider ID Nexus Personal
What Provider ID to use when communicating with OSIF when validating signatures created using client SSL with Nexus Personal
If not specified, default value of 4
OSIF Provider ID Netmaker NetID
What Provider ID to use when communicating with OSIF when validating signatures created using client SSL with Netmaker NetID
If not specified, default value of 5
OSIF Provider ID Nexus Personal XML DigSig
What Provider ID to use when communicating with OSIF when validating signatures created using Nexus Personal’s authentication plugin creating XML DigSig signatures.
If not specified, default value of 6
OSIF Service Communication protocol
If HTTP or HTTP over SSL (HTTPS) is to be used, HTTPS is default.
Example: “http://”
OSIF Policy parameter
The policy to set in each message sent to OSIF server.
Service Host Alternative FQDN
Used in verification requests sent to OSIF. Variable is named “host” in the OSIF specification.
Allow user not listed in any User Storage
Select true or false.
When set to true, users can be authenticated without a Digital Access user account. All access rules of the type user group membership are ignored.
Note the following dependencies:
When set to true, and eID certificate attribute mapping and eID user attribute are not specified, the user ID is set to Subject DN from the certificate.
When set to true, and eID certificate attribute mapping is specified as for example "cn", the user ID is set to the certificate's cn.
When set to true, and eID certificate attribute mapping and eID user attribute are specified, mapping is attempted. If mapping fails however, the certificate attribute value is attempted, and then the user attribute.
Before authentication, the Policy Service searches the directory service for the user ID using specified search rules. Regardless of whether the user ID is found in the directory service, the user is allowed for authentication.
This is a global Policy Service setting that does not affect the authentication method behavior. To facilitate administration however, it is managed on each applicable authentication method.
Set to false by default.
Force create user
If this extended property is enabled then the Digital Access account will be created on successful login. When disabled, the Digital Access account is only created and linked if the user is found in any User Storage(s).
Set to false by default.
Create user on failed logon
If this extended property is enabled then the Digital Access account will be created on failed login. It is recommended to enable this when the backend authentication service is unable to lock user after a number of invalid authentication attempts.
Set to false by default.
Nexus Personal XML DigSig Template
This extended property specifies which template will be used for Nexus Personal XML DigSig. It will append ".html" and look for the file in "access-point/files/custom-files/wwwroot/wa/authmech/".
Set to NexusPersonalXmlDigSigAuth by default.
Nexus Personal Plugout template
This extended property specifies which template will be used for Nexus Personal Plugout. It specifies the ".html" file in "access-point/files/custom-files/wwwroot/wa/authmech/".
Set to PersonalPlugoutAuth by default.
Nexus Personal Plugout Message Server URL
This extended property specifies which Plugout Message server that should be used.
Set to https://example.com/plugout/api/v1/ by default.
Mandatory when Enable Nexus Personal Plugout set to true.
Nexus Personal Plugout Format
This extended property specifies which Plugout Message server that should be used. Possible values are:
- xml (OSIF provider 31)
- pkcs7 (OSIF provider 32)
Set to xml by default.
Mandatory when Enable Nexus Personal Plugout set to true.
Note, setting format requires correct value for OSIF Provider ID Nexus Personal Plugout.
Nexus Personal Plugout Mechanism
This extended property specifies which mechanism that should be used. Possible values are:
- CKM_SHA1_RSA_PKCS
- CKM_SHA256_RSA_PKCS
- CKM_RSA_PKCS
- CKM_RSA_X_509
Set to CKM_SHA1_RSA_PKCS by default.
Mandatory when Enable Nexus Personal Plugout set to true.