IVCred module

Edit online

The Verify Identity Access credential module creates and consumes Verify Identity Access-specific credentials. These credentials are called IVCreds.

The IVCred token module is called IVCredModule.The trust service can create and use local tokens in an environment that is protected by Verify Identity Access. The support for Access Manager credentials means that the trust service can also use the credentials for authorization decisions.

Supported modes

Validate
Issue

Configuration properties

Validate mode

Enable signature validation

Enables or disables validation of signatures in the token module. Select the check box to enable signature validation.

Select validation key

Specifies the validation key that the partner must use.

Certificate Database: Select the certificate database to use for validation.
Certificate Label: Select the certificate label for validation.

Issue mode

List the attribute types to include

Specifies the attribute type of the attributes to be inserted during token creation. The attributes consist of information about the identity (user).

By default, all types are supported, as indicated by the asterisk (*) wildcard character.

Enable signatures

Specifies that signatures must be added to tokens.

Select the signing key

Specifies the key to use to sign tokens.

Certificate Database: Select the certificate database to use for validation.
Certificate Label: Select the certificate label for validation.

Select the KeyInfo elements to include

Specifies the elements of the signing certificate in the extended attributes of the credential. These attributes are only included if signatures are enabled. The default is for them to be disabled.

Public Key: Select to include the public key. If selected, the public key of the signing certificate is included in the Base64 encoded form. The extended attribute is labeled ITFIM_IVCRED_SIGNER_CERTIFICATE_PUBKEY.
Clear the check box to exclude the public key.
X509 Subject Name: Select to include this attribute. If selected, the distinguished name of the subject for the signing certificate is included. The extended attribute is labeled ITFIM_IVCRED_SIGNER_CERTIFICATE_SUBJECT.
Clear the check box to exclude the X509 Subject Name.
X509 Subject Issuer Details: Select to include this attribute. If selected, the issuer details of the signing certificate are included. The extended attribute is labeled ITFIM_IVCRED_SIGNER_CERTIFICATE_ISSUER.
Clear the check box to exclude the X509 Subject Issuer Details.
X509 Subject Key Identifier: Select to include this attribute. If selected, the subject key identifier of the signing certificate is included. The extended attribute is labeled ITFIM_IVCRED_SIGNER_CERTIFICATE_SKI.
Clear the check box to exclude the X509 Subject Key Identifier.
X509 Certificate Data: Select to include this attribute. If selected, the certificate data of the signing certificate is included in the Base64 encoded form. The extended attribute is labeled ITFIM_IVCRED_SIGNER_CERTIFICATE.
Clear the check box to exclude the X509 Certificate Data.

Note: If none of the KeyInfo elements are selected, X509Certificate data is still included in the signature by default.