About the Generic Plug-In SPI

The Generic Plug-In SPI A Service Provider Interface (SPI) consists of a set of constant definitions and method declarations without implementations and intended to be called or used in a pre-determined generic manner with a set of outputs that meet pre-determined abstract rules and expectations. is used to extend the ActivID CMS standard card-issuance and user-management functionality to execute custom operations and retrieve custom data from sources external to the ActivID CMS. Plug-ins written using the Generic Plug-In SPI run on either the server or the client. The Generic Plug-in framework differentiates the client and the server plug-ins as listed.

A client plug-in is a software component that enables the ActivID CMS to perform custom operations on the workstation where the following operations are performed:
- Issuance
- Post-issuance
- PIN unlock
- Card replacement
- Device re-issuance
For example, a client plug-in can interface with a new enrollment device, such as a signature pad or a digital camera.

A server plug-in is a software component that enables the ActivID CMS to perform custom operations on an ActivID CMS server. For example, a server plug-in can retrieve demographic data from various data repositories, such as databases. An enrollment plug-in is a server plug-in that is involved every time a user attribute is set or retrieved by the ActivID CMS. Thus, you can map user attributes to repositories other than the ActivID CMS standard LDAP databases, such as an Integrated Database Management System (IDMS), non-LDAP databases, or .xml files.

Important: A generic plug-in (client or server) has a server scope, but it does not apply only to specific device policies. All declared plug-ins apply to all users and devices declared in the ActivID CMS.
In addition, starting with version 5.13, you can configure ActivID CMS to work with more than one type of directory. In this case, you may need to specify the directory type by adding a suffix with the directory short name to the .input, .output and .link property keys (for example, <plugin name>.input.msft-ad). For details about the directory short names, see Configuring the Generic Plugin. .

Generic Plug-In SPI and ActivID CMS

Store additional attributes.
Extend the list of available user attributes with computed attributes or attributes retrieved from another source (for example, the human resource database).

The following diagram illustrates how ActivID CMS communicates with an issuance workstation.

Interaction Between ActivID CMS and An Issuance Workstation

The following diagram illustrates the generic plug-in architecture.

Generic Plug-In Architecture

In the Generic plug-in architecture, standard ActivID CMS user attributes (such as Name, User Name, and Email) are fetched from LDAP directories. An enrollment generic plug-in is created to map these user attributes to other repositories. The role of the ActivID CMS is to pass needed input attributes to the plug-ins and to use the output attributes returned by the plug-ins in subsequent device issuance and user management operations.

ActivID CMS dynamically generates the calls to client plug-ins and transports needed values to the client side. The output attributes of each plug-in are displayed in the graphical user interface (GUI), either passed to another client plug-in or server plug-in or printed to the card. Plug-in parameters (attributes) are identified in the ActivID CMS by the concatenation of the plug-in name and the attribute name. The LDAP user attributes are the basic case, and no prefix is used. Attributes with a "policy#" prefix are retrieved from the policy definition and attributes with a "content#" prefix are retrieved from the device content.

The Generic Plug-In SPI consists of a generic server-side plug-in and a generic client plug-in.

Generic Server-Side Plug-Ins

On the server side, the Generic Plug-In SPI enables ActivID CMS to access user attributes on repositories other than an LDAP directory. Generic server-side plug-ins are also known as enrollment plug-ins.

Generic Client Plug-In Infrastructure

The Generic Client Plug-In infrastructure enables the customization of the ActivID CMS issuance workflow steps that occur on the client. Client-side generic plug-ins enable customers deploying ActivID CMS to include such data as a user photograph or biometrics at card issuance time.

Client plug-ins are defined as a set of scriptable codes (for example, JavaScript) that is integrated into the HTML pages generated by the ActivID CMS at the issuance workflow step for which the client plug-in has been configured. The client plug-in then invokes custom control.

The generic client plug-in is used in conjunction with the enrollment plug-ins. The results of a client plug-in call are forwarded to a server enrollment plug-in, and conversely a server enrollment plug-in is used to prepare data for a client plug-in. The ActivID CMS plug-in configuration defines which plug-ins are to be invoked at each step and the input/output parameters for each plug-in.

Prerequisites

The server Generic Plug-In SPI 4.1 is a Java-based interface. Generic plug-in server implementations and their dependent components must support the Java Developer Kit (JDK) running ActivID CMS (JDK 11 by default). Where native binaries are included in the Generic plug-in server implementation, they must support the target ActivID CMS operating system.

The client Generic Plug-In SPI 4.1 is an HTML-based interface. Generic plug-in client implementations and their dependent components must support Google Chrome™ version 88, or Microsoft^® Edge version 88. Where native binaries are included in the Generic plug-in client implementation, they must support the target ActivID CMS operating system.

This section describes the process for developing, configuring, and deploying a generic plug-in for ActivID CMS. For a complete list of all classes in the Generic Plug-In SPI, refer to the Javadocs that accompany this release.

Topics in this section: