Credential Manager

Note: Update can only be used if there is an existing credential (of the provided type).

The Credential Manager provisions and manages credentials used for ActivID CMS authentication. The CCM API, when used in a remote client, requires the appropriate authentication and authorization for it to be authorized to exercise the corresponding functionality.

Retrieving Credentials

To retrieve the Initial Password, use getCredentials. (This method also returns the initial PIN and PIN policy information.)

To retrieve the Initial PIN, use getCredentials. (This method also returns initial password and PIN policy information.)

To retrieve the base 64-encoded PKI certificate, use getCredentials.

Security question answers cannot be retrieved. The questions can be retrieved by using the following:

  • getProfileSyntax

  • getProfileDynamicEntries

Provisioning Credentials

To update an existing initial password, use the following guidelines:

  • To add an initial password when a credential does not yet exist, use importCredentials.

  • To add security question answers to an existing credential, use updateCredential. This method adds the answers if provided or, if none are provided, it removes them. The number of answers provided, plus the number of existing answers must be equal to or greater than the amount configured in minAnswers.

  • To add security question answers when a credential does not exist, use importCredentials.

Deleting Credentials

  • To delete the initial password for the device, use deleteCredential.

  • To delete security question answers, use deleteCredential.

However, be aware that when calling this method, the answers the user entered are deleted. The user can no longer authenticate using the same answers as were stored in the system. In addition, when this method is called, the number of failed authentications is set to zero (0).

Managing Credentials

This section provides the following tips for finding additional information related to managing credential operations:

Credential Manager Classes

This section introduces and briefly describes the classes used in the Credential Manager.

The CredentialManagerFactory class constructs the desired CredentialManager using the supplied CredentialManagerFactory configuration parameters.

The parameters consist of:

Either:

  • CONFIG_URL—URL of the CredentialManager service in ActivID CMS.

Or both of the following:

  • CONFIG_HOST_NAME—Hostname of the CredentialManager service in ActivID CMS.

  • CONFIG_HOST_PORT—Port number of the CredentialManager service in ActivID CMS.

And:

  • CONNECT_TIMEOUT—Represents the client timeout used when connecting to the ActivID CMS HTTP server hosting the corresponding ActivID CMS service. A value of zero (0) means that there is no client timeout; the client timeout is determined by the server settings. The timeout value is for each connection attempt; the default value is zero.

  • CONNECT_RETRY—Represents the number of retry attempts permitted for connecting to the ActivID CMS service host. The default value is 1.

For Java implementations:

  • CONFIG_TRUSTSTORE (optional)—Truststore containing the root or intermediate certificate that issued the server certificate. If not present, the default Java truststore is used.

  • CONFIG_TRUSTSTORE_PWD (optional)—Password to the truststore.

  • CONFIG_KEYSTORE (mandatory)—Keystore which contains client certificate.

  • CONFIG_KEYSTORE_PWD (mandatory)—Password to the keystore.

  • CONFIG_ TRUSTMANAGERS (optional)—TrustManagers containing the root certificate.

  • CONFIG_ KEYMANAGERS (optional)—KeyManagers containing client certificate.SSL

A collection of credential elements (see the CredentialElement section for details) that in combination provides identity-proofing services to the Credential owner.

A credential contains the following:

  • A unique identifier for the credential.

  • Zero (0) or more CredentialElements.

Other attributes include:

  • id—Represents a CredentialId object, which includes an identifier and the type. The type can be one of the following:

    • CRED_ID_TYPE_PIN

    • CRED_ID_TYPE_SQ

    • CRED_ID_TYPE_PASSWORD

    • CRED_ID_TYPE_PKI

    • CRED_ID_TYPE_SKI

    • CRED_ID_TYPE_VCI (Virtual Contact Interface)

  • created

  • modified

  • state—state can be one of the following:

    • CRED_STATUS_ACTIVE

    • CRED_STATUS_SUSPENDED

    • CRED_STATUS_REVOKED

  • profileId

  • description

A fragment of a credential (see the Credential section). In combination, a collection of CredentialElements make up a Credential and provide identity-proofing services to its owner. Each credential contains zero or more CredentialElements.

Each CredentialElement consists of the following:

  • The owning/parent Credential's unique identifier

  • The element type can be one of the following:

    • CRED_ELEMENT_TYPE_PIN

    • CRED_ELEMENT_TYPE_PASSWORD

    • CRED_ELEMENT_TYPE_CERTIFICATE

    • CRED_ELEMENT_TYPE_SQ

    • CRED_ELEMENT_TYPE_VCI_CVC

    • CRED_ELEMENT_TYPE_VCI_PAIRING_CODE

  • A boolean that indicates whether this is a reference to an element or a value

  • The value or the reference information

  • The type of encoding for the value

For an example of using CredentialElement objects, see Setting a Security Question Answer.

A unique CredentialId is a credential identifier that consists of the following:

  • The type can be one of the following:

    • CRED_ID_TYPE_PIN (PIN)

    • CRED_ID_TYPE_SQ (security question/answer)

    • CRED_ID_TYPE_PASSWORD (initial password)

    • CRED_ID_TYPE_PKI (PKI)

    • CRED_ID_TYPE_SKI

    • CRED_ID_TYPE_VCI (Virtual Contact Interface)

  • ID—An identifier that can be a combination of a type and an identifier, and which must represent a unique credential.

An Entry represents a concrete configuration value with the labeling and sensitivity information required to display the value in a presentation layer where appropriate. An entry contains the following:

  • A unique identifier,

  • A human-readable (or localizable) label for display on the user interface,

  • A boolean that indicates whether the entry's value is sensitive data; if true, any external components are requested to protect it (especially where displayed or persisted), and

  • The entry value.

For more information, see getProfileDynamicEntries.

An EntryTemplate provides information about the entries needed as an input when importing credentials. It contains the following components:

  • key—A string that serves as the entry identifier.

  • label—A human-readable string which can also be used for localization.

  • boolean—Indication of whether the value attribute (if populated) is read-only.

An external operation communicates a request from ActivID CMS to an external entity to perform a process related to the managed credential. The attributes of an ExternalOperation include the following:

  • The transaction identifier with which the ExternalOperation is associated.

  • The identifier of the credential provider that requested the ExternalOperation.

  • The type of ExternalOperation.

  • The script the external entity is to execute.

  • The input parameters required for the ExternalOperation.

  • The response parameters resulting from processing of the ExternalOperation.

  • (Optional) The credential profile identifier.

This is the identifier for the supported transaction (for example, an ActivID CMS supported credential transaction is Device Unlock). The other management operations that Credential Manager supports include Action, Operation, or Process.

Credential Manager Methods

This section introduces and briefly describes the methods used in the Credential Manager.

Note: For related error codes, see Maximum Session Error Codes. For specific error codes, see Communication and Connectivity Error Codes.

Closes the current Credential Manager session.

Exceptions:

  • SessionException— if there is no valid session (such as session not opened or timed out).

  • LocalizedRemoteException— (thrown by the Web service layer) only when the most severe, unexpected, SOAP-level failures occur.

     

Note: Make sure that the transaction is valid and that all steps in the credential transaction processing have been completed before calling this method.

This completes the credential transaction specified by supplied transaction ID. This is done by committing a credential transaction to complete the creation/update of the credential associated with the specified transaction. The final call in the offline-unlock process is commitCredentialTransaction().

For the offline-unlock process, each CredentialID in the array returned from the commit is the identifier of a credential with the following attributes set:

  • id—Matches the CredentialId passed in to the original operateCredential method.

  • credentialElements—Empty array (not null).

  • profileId—ConfigurationId used to represent a CredentialProfileId.

  • description—String.

For Java:

Copy 
CredentialId[] commitCredentialTransaction(TransactionId txId)
throws NoSuchTransactionException, TransactionIncompleteException, SessionException, ManagementException, LocalizedRemoteException

For C++:

Copy 
CredentialIdVector *commitCredentialTransaction( TransactionId *txId)

Parameters:

txId—transaction identifier within which the credential was created/updated.

Returns:

A list with one or more credential identifiers depending upon how the transaction was initiated.

Exceptions:

  • NoSuchTransactionException—if the specified transaction identifier is not found.

  • TransactionIncompleteException—if the transaction was not completed.

  • SessionException—if there is no valid session (such as session not opened or timed out).

  • ManagementException—if an internal failure occurs.

  • LocalizedRemoteException— (thrown by the Web service layer) only when the most severe, unexpected, SOAP-level failures occur.

Deletes the specified Credential, completing/terminating its lifecycle. The deleteCredential() method is only supported for security question/answer and initial password. This method does not support the deletion of credentials such as the PIN or LDAP password or certificate.

For Java:

Copy 
void deleteCredential(CredentialId credId) 
throws NoSuchCredentialException, InvalidStateException, SessionException, ManagementException, LocalizedRemoteException

For C++:

Copy 
void deleteCredential(CredentialId *credId)

Parameters:

  • credId—ID of the credential to be deleted.

Returns:

  • NoSuchCredentialException—if the specified credential is not found.

  • InvalidStateException—if credential deletion violates the credential's lifecycle.

  • SessionException—if there is no valid session (such as session not opened or timed out).

  • ManagementException—if an internal failure occurs.

  • LocalizedRemoteException— (thrown by the Web service layer) only when the most severe, unexpected, SOAP-level failures occur.

Returns the IDs of all credentials matching the supplied criteria. This method could be used, for example, to retrieve all certificates that belong to a given user.

For Java:

Copy 
CredentialId[] findCredentialIds(Criteria[] criteria, int maxItems)
throws SessionException, ManagementException, LocalizedRemoteException;

For C++:

Copy 
CredentialIdVector *findCredentialIds( CriteriaVector *criteria, int maxItems)

Parameters:

Note: Selecting weak or poor search criteria may result in inefficient searches. In some cases, it might not be mitigated by supplying a maxItems to the finder method.

  • criteria—list of search criteria that includes the following:

  • CRITERIA_CRED_PARENT_WALLET (this criterion is mandatory).

  • CRITERIA_CRED_PARENT_SMID (this criterion is optional).

  • CRITERIA_CRED_APPLICATION_ID (for all of the credential provider-based, legacy PKI, and PIN credentials, this criterion is not mandatory).

  • CRITERIA_CRED_TYPE (this criterion is optional).

  • maxItems—Maximum number of items to fetch if the search finds more than this number. If there is no limit, set this parameter to 0 (zero) or to a negative number.

Returns:

The IDs of all matching credentials.

Exceptions:

  • SessionException—if there is no valid session (such as session not opened or timed out).

  • ManagementException—if an internal failure occurs.

  • LocalizedRemoteException— (thrown by the Web service layer) only when the most severe, unexpected, SOAP-level failures occur.

Note: Make sure to set the criteria such that only profiles suitable for use with importCredentials are returned. Selecting weak or poor search criteria may result in inefficient searches, and may not necessarily, in some cases, be mitigated by supplying a maxItems to the finder method

Returns the identifiers for a Credential Profile with the following credential types that match the supplied criteria:

  • CRED_ID_TYPE_SQ

  • CRED_ID_TYPE_PIN

  • CRED_ID_TYPE_PASSWORD

For example, this method can be used to find all credential profiles for a certain credential type. This method supports all types of credentials.

For Java:

Copy 
ConfigurationId[] findCredentialProfileIds( Criteria[] criteria, int maxItems)
throws SessionException, ManagementException, LocalizedRemoteException;

For C++:

Copy 
ConfigurationIdVector *findCredentialProfileIds( CriteriaVector *criteria, int maxItems)

Parameters:

  • criteria—List of search criteria. The following criteria are optional in all searches:

  • maxItems—Maximum number of items to fetch if the search finds more than this number. If there is no limit, set this parameter to 0 (zero) or to a negative number.

Search Criteria Parameters and Values

Criteria Key

Criteria Comparison

Possible Values

Description

CRITERIA_ID_PARENT_WALLET

CRITERIA_COMPARISON_EQUAL

Any valid wallet ID.

The wallet for which the credential profile must be suitable and permitted.

CRITERIA_ID_PARENT_SMID

CRITERIA_COMPARISON_EQUAL

Valid security module ID for the given wallet.

Selects all credentials that are associated with a specific security module.

CRITERIA_CRED_TYPE

CRITERIA_COMPARISON_EQUAL

CRED_ID_TYPE_SQ (security questions and answers)

CRED_ID_TYPE_PIN (personal identification number)

CRED_ID_TYPE_PASSWORD (password)

 

If the CRITERIA_CRED_TYPE criterion specifies any other value, a ManagementException is thrown.

The credential type for which the profile is defined.

Exceptions:

  • SessionException— if there is no valid session (such as session not opened or timed out).

  • ManagementException—if an internal failure occurs.

  • LocalizedRemoteException— (thrown by the Web service layer) only when the most severe, unexpected, SOAP-level failures occur.

Returns the valid actions for the updateCredential. This is the method for the specified credential. See the type section for a list of possible action types.

For Java:

Copy 
String[] getActionTypes(CredentialId credId)
throws NoSuchCredentialException, SessionException, ManagementException, LocalizedRemoteException;

For C++:

Copy 
TStringVector *getActionTypes(CredentialId *credId)

Parameters:

  • credId—Credential for which to assess the available update actions.

Returns:

The list of update action types supported for the specified Credential.

Exceptions:

  • NoSuchCredentialException—if the specified Credential is not found.

  • SessionException—if there is no valid session (such as session not opened or timed out).

  • ManagementException—if an internal failure occurs.

  • LocalizedRemoteException— (thrown by the Web service layer) only when the most severe, unexpected, SOAP-level failures occur.

See the updateCredential section for parameter details.

Returns the set of specified credentials.

For Java:

Copy 
Credential[] getCredentials(CredentialId[] credentialIds) 
throws NoSuchCredentialException, SessionException, ManagementException, LocalizedRemoteException;

For C++:

Copy 
CredentialVector *getCredentials( CredentialIdVector *credentialIds)

Parameters:

  • credentialIds—IDs of the Credentials to be retrieved.

Returns:

The retrieved credentials include:

  • Initial passwords

  • Initial PINs

  • Base64-encoded certificates

Exceptions:

  • NoSuchCredentialException—if one or more of the specified credentials is not found.

  • SessionException—if there is no valid session (such as session not opened or timed out).

  • ManagementException—if an internal failure occurs.

  • LocalizedRemoteException—(thrown by the Web service layer) only when the most severe, unexpected, SOAP-level failures occur.

Returns the lifecycle status of the specified credential.

For Java:

Copy 
String getLifecycleStatus(CredentialId credId)
throws NoSuchCredentialException, SessionException, ManagementException, LocalizedRemoteException;

For C++:

Copy 
TString getLifecycleStatus(CredentialId *credId)

Parameters:

  • credId—Credential identifier.

Returns:

The lifecycle status of the specified credential, which will be one of the following:

  • CRED_STATUS_ACTIVE

  • CRED_STATUS_SUSPENDED

  • CRED_STATUS_REVOKED

Exceptions:

  • NoSuchCredentialException—if the specified credential is not found.

  • SessionException—if there is no valid session (such as session not opened or timed out).

  • ManagementException—if an internal failure occurs.

  • LocalizedRemoteException— (thrown by the Web service layer) only when the most severe, unexpected, SOAP-level failures occur.

Retrieves pending external operation(s) for the specified Credential Transaction where the resulting data from external processing is subsequently used to advance the Credential transaction.

Currently, this method returns external operations that are related to OPER_ID_CRED_UNLOCK and the two external operations that are returned in sequence are:

  • CRED_EXOP_GETCHALLENGE: which requires the CRED_EXOP_ PARAM_GETCHALLENGE_RESPONSE parameter.

  • CRED_EXOP_UNLOCK: which contains the CRED_EXOP_PARAM_UNLOCKCODE_RESPONSE external operation parameter.

The pending external operation(s) are formed during credential usage where processing involves multiple steps that require interaction with an entity external to the CredentialManager. Pending external operations can be queued or requested, and result from calling the openSession entry point.

Once external processing is complete, the updated processed external operation is returned to the CredentialManager to advance or complete the workflow using this same entry point.

These updated external operation results may cause further pending external operations to be queued or requested. The passed-in completed ExternalOperations are the results of the processing of the ExternalOperation(s) returned from a previous call to getNextExternalOperations.

For Java:

Copy 
ExternalOperation[] getNextExternalOperations( TransactionId txId, ExternalOperation[] completedExternalOps)
throws NoSuchTransactionException, MalformedDataException, InvalidStateException, SessionException, ManagementException, LocalizedRemoteException;

For C++:

Copy 
ExternalOperationVector *getNextExternalOperations( TransactionId *txId, ExternalOperationVector*completedExternalOps)

Parameters:

  • txId—Credential transaction identifier.

  • completedExternalOps—Previously completed external operations populated with Credential Elements from each External Operation's execution.

Returns:

Zero (0) or more generated external operation(s) for the specified transaction.

Exceptions:

  • NoSuchTransactionException—if the specified transaction is not found.

  • MalformedDataException—if the input data was malformed.

  • InvalidStateException—if credential deletion violates one or more of the credential’s lifecycles.

  • SessionException—if there is no valid session (such as session not opened or timed out).

  • ManagementException—if an internal failure occurs or if the external processing was completed with an unrecoverable error.

  • LocalizedRemoteException— (thrown by the Web service layer) only when the most severe, unexpected, SOAP-level failures occur.

See the openSession section for related parameter details.

Returns the list of credential operation types supported for the specified credential.

For Java:

Copy 
String[] getOperationTypes(CredentialId credId)
throws NoSuchCredentialException, SessionException, ManagementException, LocalizedRemoteException;

For C++:

Copy 
TStringVector *getOperationTypes(CredentialId *credId)

Parameters:

  • credId—ID of the credential for which to assess the available credential operations.

Returns:

The list of credential operation types supported for the specified credential.

Exceptions:

  • NoSuchCredentialException—if the specified credential is not found.

  • SessionException—if there is no valid session (such as session not opened or timed out).

  • ManagementException—if an internal failure occurs.

  • LocalizedRemoteException— (thrown by the Web service layer) only when the most severe, unexpected, SOAP-level failures occur.

See openSession in the Credential Manager Methods section for related parameter details.

Returns the list of credential lifecycles (see Process Type) that are supported for the specified Credential. The list can include the following processes:

  • PROCESS_ID_CRED_SUSPEND

  • PROCESS_ID_CRED_RESUME

  • PROCESS_ID_CRED_REVOKE

The list returns an empty string array for credential types other than PKI.

For Java:

Copy 
String[] getProcessTypes(CredentialId credId)
throws NoSuchCredentialException, SessionException, ManagementException, LocalizedRemoteException;

For C++:

Copy 
TStringVector *getProcessTypes(CredentialId *credId)

Parameters:

  • credId—Credential whose available lifecycle processes are to be assessed.

Returns:

The list of process types supported for the specified credential.

Exceptions:

  • NoSuchCredentialException— if the specified credential is not found.

  • SessionException— if there is no valid session (such as session not opened or timed out).

  • ManagementException—if an internal failure occurs.

  • LocalizedRemoteException— (thrown by the Web service layer) only when the most severe, unexpected, SOAP-level failures occur.

See performProcess for related parameter details and Lifecycles of the Managed Objects.

Returns a list of EntryTemplates that must be resolved for the specified credential profile. This method supports importing the security question/answer and the updating of initial passwords and security question/answer credentials. This method only supports profiles for the following types of credentials:

  • CRED_ELEMENT_TYPE_PASSWORD

  • CRED_ELEMENT_TYPE_SQ

For Java:

Copy 
EntryTemplate[] getProfileDynamicEntries(ConfigurationId credProfileId)
throws NoSuchConfigException, SessionException, ManagementException, LocalizedRemoteException;

For C++:

Copy 
EntryTemplateVector
*getProfileDynamicEntries(ConfigurationId
*credProfileId)

Parameters:

  • credProfileId—Credential profile to examine.

The ProfileId should always be retrieved using getCredentialProfileIds().

The following table indicates how to set the remaining CredentialElement attributes based on the context indicated.

Returns:

The list of runtime input requirement aliases to be resolved. The list includes entryTemplate instances per Credential type.

Runtime Input Requirements

Key

Label

IsReadOnly

Value

password credential type

 

 

 

password

Initial Password

false

<no value supplied>

question-answer credential type

 

 

 

<question ID 1>

<question in plain language>

false

<no value supplied>

<question ID n>

<question in plain language>

false

<no value supplied>

minAnswers

Minimum required answers

true

<number of minimum required answers per policy>

Exceptions:

  • SessionException—if there is no valid session (such as session not opened or timed out).

  • ManagementExceptio—if an internal failure occurs.

  • NoSuchConfigException—if the credential profile addressed by the profileId attribute any of passed Credential instances is not found.

  • LocalizedRemoteException— (thrown by the Web service layer) only when the most severe, unexpected, SOAP-level failures occur.

See also Entry.

Returns the complete data dictionary of all the possible EntryTemplates. The data dictionary is returned as a syntax which is a limited scope XML schema. See the following sub-section “Syntax Per Credential Type” for more information.

This method supports the importation of the security question/answer, the updating of initial passwords and security question/answer credentials, and profiles for credentials of the following type:

CRED_ELEMENT_TYPE_PASSWORD

For Java:

Copy 
String getProfileSyntax(ConfigurationId credProfileId) 
throws NoSuchSessionException, ManagementException, LocalizedRemoteException;

For C++:

Copy 
TString getProfileSyntax(ConfigurationId *credProfileId)

Parameters:

  • credProfileId—Credential profile to be examined.

The ProfileId should always be retrieved using getCredentialProfileIds().

Returns:

The complete data dictionary, as a syntax, of all the possible EntryTemplates for a CredentialProfileTemplate.

Exceptions:

  • SessionException—if there is no valid session (such as session not opened or timed out).

  • ManagementException—if an internal failure occurs.

  • If the ConfigurationId passed is not a legacy profile ID, then a ManagementException is thrown. This protects you from getting entries that cannot possibly be used and ensures that the workflow is terminated as promptly as possible.

  • NoSuchConfigException—if the credential profile addressed by the profileId attribute for any of passed Credential instances is not found.

  • LocalizedRemoteException— (thrown by the Web service layer) only when the most severe, unexpected, SOAP-level failures occur.

Syntax Per Credential Type:

The following sample syntax definitions are those that will change on a per policy basis and which serve as examples. Each syntax is an XML schema definition where only the <xsd:attribute> definition is used.

Within this attribute, constraints such as minimum length, maximum length, regular expressions, and type definitions (for example, integer or float), can be defined. In addition, each syntax attribute carries an optional annotation that can describe the attribute. This typically is used as a tool tip in the UI along with the EntryTemplate.label field (used to label the text field in the UI).

Example: CRED_ELEMENT_TYPE_PASSWORD credential type syntax

The following example shows a password that is limited to a minimum length of four and a maximum length of twelve characters (where all characters in the password must be numeric).

Copy 
<xsd:schema xmlns:xsd="http://www.w3.org/2001/XMLSchema" elementFormDefault="qualified" attributeFormDefault="unqualified">
<xsd:attribute name="password">
<xsd:simpleType>
<xsd:restriction base="xsd:string">
<xsd:pattern value="^[0-9]{4,12}$"/>
<xsd:minLength value="4"/>
<xsd:maxLength value="12"/>
<xsd:allowWeakPin value="false"/>
</xsd:restriction>
</xsd:simpleType>
</xsd:attribute>
</xsd:schema>

The following example shows a password that is limited to a minimum length of eight and a maximum length of twelve characters, with at least one letter and one digit.

Copy 
<xsd:schema xmlns:xsd="http://www.w3.org/2001/XMLSchema" elementFormDefault="qualified" attributeFormDefault="unqualified">
<xsd:attribute name="password">
<xsd:simpleType>
<xsd:restriction base="xsd:string">
<xsd:pattern value="^(?=.*[0-9])(?=.*[a-zA-Z]).{8,12}$"/>
<xsd:minLength value="8"/>
<xsd:maxLength value="12"/>
<xsd:allowWeakPin value="false"/>
</xsd:restriction>
</xsd:simpleType>
</xsd:attribute>
</xsd:schema>

Example: CRED_ELEMENT_TYPE_SQ credential type syntax

The following example shows a security question/answer syntax with three questions.

No validation is applied other than a maximum length which should be in place to protect the underlying data storage maximums (it is not derived from policy).

While there is an entry template that indicates the minimum answers (minAnswers), no syntax validation is needed (this is not a required response because it is read-only).

Copy 
<xsd:schema xmlns:xsd="http://www.w3.org/2001/XMLSchema" elementFormDefault="qualified" attributeFormDefault="unqualified">
<xsd:attribute name="1">
<xsd:annotation>
<xsd:documentation>Fathers Middle Name
</xsd:documentation>
</xsd:annotation>
<xsd:simpleType>
<xsd:restriction base="xsd:string">
<xsd:maxLength value="25"/>
</xsd:simpleType>
</xsd:attribute>
<xsd:attribute name="2">
<xsd:annotation>
<xsd:documentation>Mothers Maiden Name
</xsd:documentation>
</xsd:annotation>
<xsd:simpleType>
<xsd:restriction base="xsd:string">
<xsd:maxLength value="25"/>
</xsd:restriction>
</xsd:simpleType>
</xsd:attribute>
<xsd:attribute name="3">
<xsd:annotation>
<xsd:documentation>Place of Birth
</xsd:documentation>
</xsd:annotation>
<xsd:simpleType>
<xsd:restriction base="xsd:string">
<xsd:maxLength value="12"/>
</xsd:restriction>
</xsd:simpleType>
</xsd:attribute>
<xsd:attribute name="minAnswers" type="xsd:integer">
</xsd:attribute>
</xsd:schema>

See getSessionInfo in Common Methods.

See getVersion in Common Methods.

Imports a set of externally formed credentials. This method can be used to provision security question/answers or initial passwords, and supports the importation of externally provisioned credentials of the following types:

  • CRED_ELEMENT_TYPE_SQ

  • CRED_ELEMENT_TYPE_PASSWORD

For Java:

Copy 
CredentialId[] importCredentials(WalletId walletId, Credential[] credentials)
throws NoSuchWalletException, MalformedDataException, NoSuchConfigException, SessionException, ManagementException, LocalizedRemoteException;

For C++:

Copy 
CredentialIdVector *importCredentials(
WalletId *walletId, CredentialVector *credentials);

Parameters:

  • walletId —The wallet into which to import the Credential.

  • credentials—The externally formed Credentials.

Returns:

The array of credential identifiers of the successfully imported Credentials.

Exceptions:

  • MalformedDataException—if the credential data was malformed.

  • NoSuchConfigException—if the given CredentialElement ID for import is not valid.

  • NoSuchWalletException—if the specified wallet is not found.

  • SessionException—if there is no valid session (such as session not opened or timed out).

  • ManagementException—if an internal failure occurs.

  • LocalizedRemoteException— (thrown by the Web service layer) only when the most severe, unexpected, SOAP-level failures occur.

Returns true if a session is currently open; otherwise, it returns false.

Returns:

  • true—Value returned if session is currently open.

  • false—Value returned if session is not currently open.

Exceptions:

  • SessionException—if there is no valid session (such as session not opened or timed out).

  • LocalizedRemoteException—(thrown by the Web service layer) only when the most severe, unexpected, SOAP-level failures occur.

Opens a new session for this API. This must be the first call made, with all subsequent calls occurring within the scope of the valid session.

Parameters:

  • parameters—This is being reserved for future usage.

Returns:

The identifier of the session opened by the ActivID CMS server.

Exceptions:

  • SessionException—if there is no valid session (such as session not opened or timed out).

  • LocalizedRemoteException— (thrown by the Web service layer) only when the most severe, unexpected, SOAP-level failures occur.

Requests the operation of a credential with the supplied parameters. For example, calling this method is the first step in the offline PIN unlock operation (this applies to offline PIN unlock only).

This entry point may result in the following to occur:

  • Retrieve an external operation using getNextExternalOperations.

  • Process externally.

  • Return it to the CredentialManager using the same entry point.

This executes the OPER_ID_CRED_UNLOCK operation.

All other operations result in an InvalidStateException.

If a credential ID is presented that is not of the type CRED_ID_TYPE_PIN, then a check for its existence is made, and one of the following exceptions is thrown:

  • InvalidStateException—if the specified credential exists.

  • NoSuchCredentialException—if the specified credential is not found.

For Java:

Copy 
TransactionId operateCredential(
CredentialId credId, String operation, Parameter[] parameters)
throws NoSuchCredentialException, MalformedDataException, InvalidStateException, SessionException, ManagementException, LocalizedRemoteException;

For C++:

Copy 
TransactionId *operateCredential(
CredentialId *credId, TString operation, ParameterVector *parameters);

Parameters:

  • credId—Credential identifier.

  • operation—Credential operation requested for the specified Credential.

  • parameters—Input parameters required to perform the operation, or an empty array.

Returns:

The transaction identifier to facilitate potential further steps required for credential update.

Exceptions:

  • NoSuchCredentialException—if the specified credential is not found or not valid.

  • MalformedDataException—if the input data was malformed.

  • InvalidStateException—if credential update violates the credential's lifecycle.

  • SessionException—if there is no valid session (such as session not opened or timed out).

  • ManagementException—if an internal failure occurs.

  • LocalizedRemoteException— (thrown by the Web service layer) only when the most severe, unexpected, SOAP-level failures occur.

See also:

Performs a lifecycle process for the specified credential. The types of processes are associated with the credential's lifecycle rather than its content, such as the following:

  • PROCESS_ID_CRED_SUSPEND

  • PROCESS_ID_CRED_RESUME

  • PROCESS_ID_CRED_REVOKE

Using this method makes it possible to suspend, resume, and revoke certificates (applies to PKI only).

For Java:

Copy 
void performProcess(CredentialId credId, String process, Parameter[] parameters)
throws NoSuchCredentialException, InvalidStateException, SessionException, ManagementException, LocalizedRemoteException;

For C++:

Copy 
void performProcess(
CredentialId *credId, TString process, ParameterVector *parameters);

Parameters:

  • credId—Credential identifier.

  • process—Process to be performed.

  • parameters—Input parameters required to perform the process or an empty array.

Exceptions:

  • NoSuchCredentialException—if the specified credential is not found.

  • InvalidStateException—process requested is invalid for the current state of the credential.

  • SessionException—if there is no valid session (such as session not opened or timed out).

  • ManagementException—if an internal failure occurs.

  • LocalizedRemoteException— (thrown by the Web service layer) only when the most severe, unexpected, SOAP-level failures occur.

For more information, see Lifecycles of the Managed Objects.

Updates an existing credential with the supplied CredentialElements according to the requested action. This method supports the updating of initial passwords and security question/answer credentials, and supports profiles for the following credentials types:

  • CRED_ELEMENT_TYPE_PASSWORD

  • CRED_ELEMENT_TYPE_SQ

For Java:

Copy 
void updateCredential(CredentialId credId, String action, Entry[] inputRequirementData)
throws NoSuchCredentialException, MalformedDataException, InvalidStateException, SessionException, ManagementException, LocalizedRemoteException;

For C++:

Copy 
void updateCredential(
CredentialId *credId, TString action, EntryTemplateVector *inputRequirementData)

Parameters:

  • credId—Credential identifier.

  • action—Update process requested for the specified Credential.

  • inputRequirementData—List of data collected based on the profile to be used during the credential update (for details, see Input Requirements).

Exceptions:

  • NoSuchCredentialException—if the specified credential is not found or not valid.

  • InvalidStateException—if the credential update violates the credential's lifecycle.

  • SessionException—if there is no valid session (such as session not opened or timed out).

  • ManagementException—if an internal failure occurs.

  • LocalizedRemoteException— (thrown by the Web service layer) only when the most severe, unexpected, SOAP-level failures occur.

  • MalformedDataException—if the input data was malformed.