Skip to main content
Version: 8.2411.x.x RR

Ticket

This table lists the policy parameters specific to tickets.

In addition to the policy parameters defined in this table, the policy parameter defined in the table under All credential types is also valid for ticket credentials.

NameData Type, ValuesDefaultDescription
closeToExpirationThresholdData type: int (days)10Defines the number of days preceeding the real expiry date at which the UpdateCredentialStateJob (see the chapter UpdateCredentialStateJob) will trigger communication events. Example: If set to 2, all tickets that expire the day after tomorrow (between 00:00 and 23:59) will be affected.
credentialLifetime ticketLifetimeData type: int (>0)5 days in
milliseconds
The time to live (in milliseconds) of the ticket credential. After the defined period of time, the user will not be able to log in with this ticket anymore.The parameter credentialLifetime replaces the parameter ticketLifetime. The parameter ticketLifetime is still supported but deprecated.
hashAlgorithmData type: enum Values: SSHA, SSHA256SSHA256Defines the hash algorithm used for password hashing. Supported are salted SHA-1 (SSHA) and salted SHA-256 (SSHA256).
Since nevisIDM 2.21.2.0, SSHA has been marked as deprecated because collision attacks faster than brute force attacks have been found. Additionally, the default of nevisIDM has been changed to SSHA256. Note that changing this parameter is fully backward compatible. Only newly created passwords are hashed with the defined algorithm.
sendingMethodData Type: comma-separated list of enums Values: any subset of PDFstore, Print, Email, HTMLemail, PDFemail, SMS_SMTP, None OR PDFstream aloneEmailDefines a fallback list of different methods of how a credential should be communicated to the user (if the first method fails for some reason, the second is tried, and so on). Method "Email" will fail if the user has no e-mail address or the address is invalid. Method "SMS_SMTP" will fail if the user has no mobile number or the mobile number is invalid. All methods (except None) will fail if the corresponding template is missing or one or more of the mandatory placeholders are empty.
If sendingMethod was not defined at all, nevisIDM takes the default value. The default value has no fallbacks. Special sendingMethod for GUI: "PDFstream"This sendingMethod cannot be part of a fallback list. After mTAN credential creation or reset, a transient link appears in the CredentialModify view on the GUI. The link can be used to download the communication PDF. If there is an error at PDF generation, the password's plain value will be lost, rendering the credential unusable for the owner. The same happens when the user leaves the view without clicking on the link.
If "PDFstore" is configured, the following additional parameters can be defined:
    PDFstore.destDir (optional): Defines the destination directory where the PDF is to be saved. If the parameter is not configured, the destination directory set in the configuration nevisidm-prod.properties will be used as fallback.
If "SMS_SMTP" is configured, the following additional parameters have to be defined:
    SMS_SMTP.smtp.host (mandatory): host name of the SMTP server. During the startup, the availability of the configured SMTP server is checked.
    SMS_SMTP.smtp.port: port of the SMTP server.
    SMS_SMTP.message.from (mandatory): Sender of the SMS message. It has to be a valid e-mail address.
    SMS_SMTP.message.to (mandatory): Receiver of the SMS message. It has to contain the ${phonenumber} placeholder. For example: ${phonenumber}@sms.mycompany.ch.
    SMS_SMTP.message.subject (mandatory): Subject of the e-mail sent to the SMTP gateway.
The sending method "PDFemail" requires two templates: one e-mail and one OpenOffice template. If either of the templates is missing, the PDF sending will fail. The credential value will be propagated only to the PDF document. If "PDFemail" is configured, the following additional parameter can be defined:
    PDFemail.htmlEmail (optional, default: false): If the parameter is "true", an HTML e-mail will be sent. Otherwise, a plain text e-mail will be sent.
sendWarningWhenCloseToExpirationData type: booleanfalseDefines whether the batch job UpdateCredentialStateJob should trigger a TicketExpirationWarning communication event when closeToExpirationThreshold is reached.
templatePrecedenceData type: intnullThe precedence number of the template we want to use during the communication with the user. If the parameter is not set, the default template will be used. If no template exists with the given precedence number, an error will occur.
ticketCharacterSetData type: String0123456789
abcdefghijklmn
opqrstuvwxzy
ABCDEFGHIJKLMN
OPQRSTUVWXYZ
The characters used when generating the ticket.
ticketLen0 ticketLen1Data type: int (> -1)ticketLen0: 30 ticketLen1: naThe length of the ticket that will be shown to the admin in the web GUI or returned to the caller in case of the SOAP interface. Note that either ticketLen0 or ticketLen1 has to be zero. Ticket strings are either communicated to the final user or to the admin but never to both. The follwing configurations are therefore invalid:ticketLen0 > 0 and ticketLen1 > 0; ticketLen0 = 0 and ticketLen1 = 0.
Note that the case where only ticketLen0 is set in the policy triggers backward compatible behavior (only the final user will be informed, ticket is neither shown to the admin nor returned in the web service response). We therefore recommend to explicitly set both ticketLen0 und ticketLen1 in the ticket policy.
ticketLifetimeData type: int (>0)This parameter is deprecated (however still supported). Instead, use the parameter credentialLifetime.
ticketReuseEnabledData type: int booleanfalseIf set to true, the ticket can be reused.