About the Credential Provider Service Provider Interface (SPI)

This section describes the Credential Provider Service Provider Interface (SPI) that allows the ActivID Credential Management System (CMS) to integrate with third-party credential sources through third-party credential providers.

This section provides the following information about:

  • Understanding Credential Provider concepts

  • Using Credential Provider interface classes and methods

  • Integrating Credential Provider with the ActivID CMS architecture

  • Creating public key infrastructure (PKI) credential management solutions using Credential Provider

  • Exchanging or transferring data between entities

  • Using external operations to add functionality to Credential Provider

  • Understanding Credential Provider development guidelines

  • Installing and initializing a Credential Provider within ActivID CMS

This section also introduces you to developing Credential Providers. For a complete list of all classes in the CredentialProvider interface, see the Javadocs that accompany this release of ActivID CMS.

The CredentialProvider interface is an SPI that allows ActivID CMS to integrate with third-party credential sources through third-party Credential Providers. Typically, Credential Providers are developed, maintained, and supported by customers, system integrators, and vendors that manufacture credential management products that integrate with external credential sources.

Because a Credential Provider abstracts all credential-specific workflow steps required to provision and manage the Credential from ActivID CMS, the CredentialProvider interface makes it possible for a developer who lacks internal knowledge of ActivID CMS to do the following:

  • Create a Credential Provider that connects to an external credential source.

  • Install the Credential Provider on top of an existing operational installation of ActivID CMS.

Prerequisites

The Credential Provider interface SPI 1.5 is a Java-based interface, and any CredentialProvider interface implementations with their dependent components must support the Java Developer Kit running ActivID CMS (JDK 11 by default). Any native binaries that are included in the CredentialProvider Interface plug-in implementation must support the target ActivID CMS operating systems.

Note: JDK version 11 removes some deprecated interfaces and classes (such as the com.sun.* and sun.* packages); consequently, your code must not depend on any of these removed features (for details, see JDK 11 Removed Features and Options).

Topics in this section: