IVCred module
The IVCred token module (IVCredModule) creates and consumes IVCreds credentials. The trust service creates local tokens and also uses credentials for authorization decisions.
- Supported modes
- Validate
Issue- Configuration properties
- Validate mode
- Enable signature validation
- Select check box to enable validation of signatures in the token module.
- Select validation key
- Validation key the partner must use.
- Certificate Database
- Certificate database to use for validation.
- Certificate Label
- Certificate label for validation.
- Issue mode
- List the attribute types to include
- Attribute type of the attributes to be inserted during token creation. The attributes consist of information about the identity (user). By default, all types are supported, as indicated by the asterisk (*) wildcard character.
- Enable signatures
- Specifies that signatures must be added to tokens.
- Select the signing key
- Key to use to sign tokens.
- Certificate Database
- Certificate database to use for validation.
- Certificate Label
- Certificate label for validation.
- Select the KeyInfo elements to include
- Elements of the signing certificate in the extended attributes of the credential. Included if signatures are enabled. Default is disabled.
- Public Key
- The public key of the signing certificate is included in the Base64 encoded form. The extended attribute is labeled...
ITFIM_IVCRED_SIGNER_CERTIFICATE_PUBKEY
Clear the check box to exclude the public key.
- X509 Subject Name
- The distinguished name of the subject for the signing certificate is included. The extended attribute is labeled...
ITFIM_IVCRED_SIGNER_CERTIFICATE_SUBJECT
Clear the check box to exclude the X509 Subject Name.
- X509 Subject Issuer Details
- The issuer details of the signing certificate are included. The extended attribute is labeled...
ITFIM_IVCRED_SIGNER_CERTIFICATE_ISSUER
Clear the check box to exclude the X509 Subject Issuer Details.
- X509 Subject Key Identifier
- The subject key identifier of the signing certificate is included. The extended attribute is labeled...
ITFIM_IVCRED_SIGNER_CERTIFICATE_SKI
Clear the check box to exclude the X509 Subject Key Identifier.
- X509 Certificate Data
- The certificate data of the signing certificate is included in the Base64 encoded form. The extended attribute is labeled...
ITFIM_IVCRED_SIGNER_CERTIFICATE
Clear the check box to exclude the X509 Certificate Data.
If none of the KeyInfo elements are selected, X509Certificate data is still included in the signature by default.
Parent topic: Supported module types