Page tree
Skip to end of metadata
Go to start of metadata

This view in Nexus Service Station allows the user to log in using a smart card.

  1. First, the user supplies the PIN code for one of the certificates on the card.
  2. When the PIN code has been validated successfully, attributes from any of the certificates on the card can be mapped to the current user’s attributes.

Example of screen:

Configurable parameters

Parameter

Possible Values

Mandatory

Description

issuer

Any text

Yes

A substring of the issuer attribute in the certificate to be used for logging in. Must be specific enough that it doesn't match multiple certificates on the card (or any other certificate in the Personal Windows certificate store).

keyUsage

An X509KeyUsageFlag

Yes

The "key usage" of the certificate to be used for logging in. Must match one of the "Member names" of the X509KeyUsageFlags enumeration, see https://msdn.microsoft.com/en-us/library/system.security.cryptography.x509certificates.x509keyusageflags(v=vs.110).aspx

fields

The name of a certificate mapping section

Yes

The fields to read from the certificate(s) on the card, and how to map them to User attributes after validating the PIN.

cardExamples

<file_name.file_ext>|<optional_label_text>,
<file_name.file_ext>|<optional_label_text>,
etc.

No

Displays images and, optionally, labels of example cards in the view. The image files must be stored in the “images” folder in the installation folder.

certificateReadTimeout

Any positive integer

No

Determines how long the application should try to read a card before timing out, defaults to 10 seconds if not specified.

A certificate mapping section must be defined for the fields parameter. Each certificate can have the following settings:

Setting

Possible Values

Mandatory

Description

issuer

Any text

Yes

A substring of the issuer attribute in the certificates to be used for logging in. Must be specific enough that it doesn't match multiple certificates on the card (or any other certificate in the Personal Windows certificate store)

keyUsage

An X509KeyUsageFlag

Yes

The "key usage" of the certificate to be used for logging in. Must match one of the "Member names" of the X509KeyUsageFlags enumeration, see https://msdn.microsoft.com/en-us/library/system.security.cryptography.x509certificates.x509keyusageflags(v=vs.110).aspx.

And each field can have the following setting:

Setting

Possible Values

Mandatory

Description

key

Any text

Yes

The name of a certificate attribute. The arrows are used to select a value of a "sub-attribute" (new-line separated key-value pairs in the value of an attribute)

type

Standard” or ”Extension”

Yes

The X509 certificate field type. Either "Standard" (Version 1) or "Extension".

mapTo

Any text

Yes

The name of an attribute in the User model.

Related information

Links