This view in Nexus Service Station allows the user to log in using a smart card.
- First, the user supplies the PIN code for one of the certificates on the card.
- When the PIN code has been validated successfully, attributes from any of the certificates on the card can be mapped to the current user’s attributes.
Example of screen:
Configurable parameters
Parameter | Possible Values | Mandatory | Description |
|---|---|---|---|
issuer | Any text | Yes | A substring of the issuer attribute in the certificate to be used for logging in. Must be specific enough that it doesn't match multiple certificates on the card (or any other certificate in the Personal Windows certificate store). |
keyUsage | An X509KeyUsageFlag | Yes | The "key usage" of the certificate to be used for logging in. Must match one of the "Member names" of the X509KeyUsageFlags enumeration, see https://msdn.microsoft.com/en-us/library/system.security.cryptography.x509certificates.x509keyusageflags(v=vs.110).aspx |
fields | The name of a certificate mapping section | Yes | The fields to read from the certificate(s) on the card, and how to map them to User attributes after validating the PIN. |
cardExamples | <file_name.file_ext>|<optional_label_text>, | No | Displays images and, optionally, labels of example cards in the view. The image files must be stored in the “images” folder in the installation folder. |
certificateReadTimeout | Any positive integer | No | Determines how long the application should try to read a card before timing out, defaults to 10 seconds if not specified. |
A certificate mapping section must be defined for the fields parameter. Each certificate can have the following settings:
Setting | Possible Values | Mandatory | Description |
|---|---|---|---|
issuer | Any text | Yes | A substring of the issuer attribute in the certificates to be used for logging in. Must be specific enough that it doesn't match multiple certificates on the card (or any other certificate in the Personal Windows certificate store) |
keyUsage | An X509KeyUsageFlag | Yes | The "key usage" of the certificate to be used for logging in. Must match one of the "Member names" of the X509KeyUsageFlags enumeration, see https://msdn.microsoft.com/en-us/library/system.security.cryptography.x509certificates.x509keyusageflags(v=vs.110).aspx. |
And each field can have the following setting:
Setting | Possible Values | Mandatory | Description |
|---|---|---|---|
key | Any text | Yes | The name of a certificate attribute. The arrows are used to select a value of a "sub-attribute" (new-line separated key-value pairs in the value of an attribute) |
type | Standard” or ”Extension” | Yes | The X509 certificate field type. Either "Standard" (Version 1) or "Extension". |
mapTo | Any text | Yes | The name of an attribute in the User model. |