Cert QuoVadis PKI: Create domain request
Description
Use this task to create a new domain request in the QuoVadis Certificate Authority. It is saved as a request core-object in a dedicated data-pool.
Prerequisites
Data-pool
-
The data-pool must have the fields shown below. Pay special attention to the name of the Meta_CoreObjectState_-field which needs to end with the matching data-pool name:
-
Note the field TransactionId which is used to store a UUID assigned by QuoVadis to each domain request. It is required to later query the status of the request.
Usually the internal Requests table is used as data-source as shown below:
State-graph
-
The state-graph must contain at least the following states: pending/approved/rejected (case-insensitive), with transitions from pending to both approved and rejected.
-
If you want to disambiguate requests that did not yet have their state queried at the CA from those which are pending according to the CA, then add a start state sent before pending, as shown below, but this is optional (pending will be the start state when not using sent).
Request core-template
-
You need a request core-template which uses the above data-pool and state-graph definitions:
Search-configuration (optional)
-
Optionally you may configure a search-configuration for your request core-objects, for example, like this:
Configuration
To use this task, configure the following delegate expression in your service task:
${quoVadisRequestDomainParametrizedTask}
The following parameters can be configured in Identity Manager Admin:
|
Parameter |
Mandatory |
Value |
Description |
|---|---|---|---|
|
quoVadisConnection |
|
Example value:
|
QuoVadis connection name. |
|
organisation |
|
Example value:
|
QuoVadis organisation name. |
|
adminEmail |
|
Example value:
|
QuoVadis administrator e-mail address. |
|
domain |
|
Example value:
|
Domain or IP-address for which to issue the request. |
|
isEV |
|
Valid values:
|
Whether you want to use extended validation with this domain. |
|
requestTemplate |
|
Example value:
|
The core template name which should be used for the new QuoVadis domain request core objects. |
|
errorMsgField |
|
ErrorMsg |
The name of the field in which to save the error message for errors that happen during CA request or when saving of the core-object.
|
|
errorCodeField |
|
ErrorCode |
The name of the field in which to save the error code for errors that happen during CA request or when saving of the core-object.
If no such error happened, then this field is not set. |
Cert QuoVadis PKI: Update domain request status
Description
Use this task to query the status of a QuoVadis domain request in the Certificate Authority and update the state of the request core-object in Identity Manager accordingly.
This task requires a QuoVadis domain request core-object to be loaded into the process map before execution.
The QuoVadis API does not allow any other kind of interaction with a created domain request besides querying its status. For example, to cancel a request is not supported.
Prerequisites
The prerequisites of the Cert QuoVadis PKI: Create domain request task above also apply here.
Configuration
To use this task, configure the following delegate expression in your service task:
${quoVadisUpdateDomainRequestStatusParametrizedTask}
The following parameters can be configured in Identity Manager Admin:
|
Parameter |
Mandatory |
Value |
Description |
|---|---|---|---|
|
quoVadisConnection |
|
Example value:
|
QuoVadis connection name. |
|
organisation |
|
Example value:
|
QuoVadis organisation name. |
|
requestDataPool |
|
Example value:
|
Data-pool for QuoVadis domain requests. |
|
errorMsgField |
|
ErrorMsg |
The name of the field in which to save the error message for errors that happen during CA request or when saving of the core-object.
|
|
errorCodeField |
|
ErrorCode |
The name of the field in which to save the error code for errors that happen during CA request or when saving of the core-object.
If no such error happened, then this field is not set. |
Cert QuoVadis PKI: Save domain list into Identity Manager
Description
Use this task to save account domain list from QuoVadis Certificate Authority into Identity Manager lookup table. This task deletes the old domain list entry and creates a fresh entry in the configured lookup table.
Prerequisites
Create a lookup table-based datapool and core template name for storing the domain list information into Identity Manager.
Datapool
-
The datapool must have the fields with the described names as shown in this figure. This field names are fixed and taken from DomainInfo response.
-
Configure the datapool datasource as lookup table as shown in this figure:
Lookup table
-
Create a lookup table which belongs to the Domain data pool. Any state graph can be assigned to this lookup table.
Configuration
To use this task, configure the following delegate expression in your service task:
${quoVadisDomainListUpdateParametrizedTask}
The following parameters can be configured in Identity Manager Admin:
|
Parameter |
Mandatory |
Value |
Description |
|---|---|---|---|
|
quoVadisConnection |
|
|
QuoVadis connection name. |
|
coreTemplateName |
|
|
The core template name which should be used for the new core objects. This core template should consist of lookup table type DomainList Datapool. |