Cert QuoVadis PKI - Standard service tasks in Identity Manager

Cert QuoVadis PKI: Create domain request

Description

Use this task to create a new domain request in the QuoVadis Certificate Authority. It is saved as a request core-object in a dedicated data-pool.

Prerequisites

Data-pool

The data-pool must have the fields shown below. Pay special attention to the name of the Meta_CoreObjectState_-field which needs to end with the matching data-pool name:
Note the field TransactionId which is used to store a UUID assigned by QuoVadis to each domain request. It is required to later query the status of the request.
Usually the internal Requests table is used as data-source as shown below:

State-graph

The state-graph must contain at least the following states: pending/approved/rejected (case-insensitive), with transitions from pending to both approved and rejected.
If you want to disambiguate requests that did not yet have their state queried at the CA from those which are pending according to the CA, then add a start state sent before pending, as shown below, but this is optional (pending will be the start state when not using sent).

Request core-template

You need a request core-template which uses the above data-pool and state-graph definitions:

Search-configuration (optional)

Optionally you may configure a search-configuration for your request core-objects, for example, like this:

Configuration

To use this task, configure the following delegate expression in your service task:

XML

${quoVadisRequestDomainParametrizedTask}

The following parameters can be configured in Identity Manager Admin:

Parameter	Value	Description
quoVadisConnection	Example value: MyQvConnectorConfig	QuoVadis connection name.
organisation	Example value: My QV Organisation	QuoVadis organisation name.
adminEmail	Example value: qvadmin@mycompany.com	QuoVadis administrator e-mail address.
domain	Example value: my.new.domain.com	Domain or IP-address for which to issue the request.
isEV	Valid values: true false	Whether you want to use extended validation with this domain.
requestTemplate	Example value: QvDomainRequest	The core template name which should be used for the new QuoVadis domain request core objects.
errorMsgField	ErrorMsg	The name of the field in which to save the error message for errors that happen during CA request or when saving of the core-object. If no such error happened, then this field is not set.
errorCodeField	ErrorCode	The name of the field in which to save the error code for errors that happen during CA request or when saving of the core-object. This can be either of the following: caRequestFailed → could not issue the domain request at the CA saveFailed → domain request was successful, but creating the request core-object failed If no such error happened, then this field is not set.

Cert QuoVadis PKI: Update domain request status

Description

Use this task to query the status of a QuoVadis domain request in the Certificate Authority and update the state of the request core-object in Identity Manager accordingly.
This task requires a QuoVadis domain request core-object to be loaded into the process map before execution.

The QuoVadis API does not allow any other kind of interaction with a created domain request besides querying its status. For example, to cancel a request is not supported.

Prerequisites

The prerequisites of the Cert QuoVadis PKI: Create domain request task above also apply here.

Configuration

To use this task, configure the following delegate expression in your service task:

XML

${quoVadisUpdateDomainRequestStatusParametrizedTask}

The following parameters can be configured in Identity Manager Admin:

Parameter	Value	Description
quoVadisConnection	Example value: MyQvConnectorConfig	QuoVadis connection name.
organisation	Example value: My QV Organisation	QuoVadis organisation name.
requestDataPool	Example value: DpQuoVadisDomainRequest	Data-pool for QuoVadis domain requests.
errorMsgField	ErrorMsg	The name of the field in which to save the error message for errors that happen during CA request or when saving of the core-object. If no such error happened, then this field is not set.
errorCodeField	ErrorCode	The name of the field in which to save the error code for errors that happen during CA request or when saving of the core-object. This can be either of the following: caRequestFailed → could not query the domain request status at the CA saveFailed → querying the request status was successful, but could not update the state of the request core-object If no such error happened, then this field is not set.

Cert QuoVadis PKI: Save domain list into Identity Manager

Description

Use this task to save account domain list from QuoVadis Certificate Authority into Identity Manager lookup table. This task deletes the old domain list entry and creates a fresh entry in the configured lookup table.

Prerequisites

Create a lookup table-based datapool and core template name for storing the domain list information into Identity Manager.

Datapool

The datapool must have the fields with the described names as shown in this figure. This field names are fixed and taken from DomainInfo response.
Configure the datapool datasource as lookup table as shown in this figure:

Lookup table

Create a lookup table which belongs to the Domain data pool. Any state graph can be assigned to this lookup table.

Configuration

To use this task, configure the following delegate expression in your service task:

XML

${quoVadisDomainListUpdateParametrizedTask}

The following parameters can be configured in Identity Manager Admin:

Parameter	Mandatory	Value	Description
quoVadisConnection			QuoVadis connection name.
coreTemplateName			The core template name which should be used for the new core objects. This core template should consist of lookup table type DomainList Datapool.