Skip to main content
Version: 8.2511.x.x RR

URL ticket

This page lists the policy parameters specific to URL tickets.

In addition to the policy parameters defined here, the parameters defined in All credential types are also valid for URL ticket credentials.

credentialLifetime

  • Data type: long (>0)
  • Default: 432000000 (5 days in milliseconds)
  • Description: Lifetime of a URL ticket in milliseconds. After the defined period of time, the user will no longer be able to use his URL ticket.

exposeLinkToCaller

  • Data type: boolean
  • Default: false
  • Description: If set to true, it returns the created link to the caller of the web service in the newValue attribute.

maxCredFailureCount

  • Data type: int (>0) or -1
  • Default: 3
  • Description: Maximum number of login failures before the URL ticket credential is definitely locked. If set to -1, the max. failure counter is disabled.

sendingMethod

  • Data type: Comma-separated list of enums

  • Values: any subset of PDFstore, Print, Email, HTMLemail, PDFemail, SMS_SMTP, None

  • Default: Email

  • Description: Defines a fallback list of different methods of how a credential should be communicated to the user (if the first method fails for some reason, the second is tried, and so on).

    Method Email will fail if the user has no e-mail address or the address is invalid. Method SMS_SMTP will fail if the user has no mobile number or the mobile number is invalid. All methods (except None) will fail if the corresponding template is missing or one or more mandatory placeholders are empty. If sendingMethod was not defined at all, nevisIDM takes the default value. The default value has no fallbacks.

    If PDFstore is configured, the following additional parameter can be defined:

    • PDFstore.destDir (optional): Defines the destination directory where the PDF is to be saved. If not configured, the directory set in nevisidm-prod.properties is used as fallback.

    If SMS_SMTP is configured, the following additional parameters must be defined:

    • SMS_SMTP.smtp.host (mandatory): Host name of the SMTP server. Availability is checked at startup.
    • SMS_SMTP.smtp.port: Port of the SMTP server.
    • SMS_SMTP.message.from (mandatory): Sender of the SMS message. Must be a valid e-mail address.
    • SMS_SMTP.message.to (mandatory): Receiver of the SMS message. Must contain the ${phonenumber} placeholder. Example: ${phonenumber}@sms.mycompany.ch.
    • SMS_SMTP.message.subject (mandatory): Subject of the e-mail sent to the SMTP gateway.

    The PDFemail method requires two templates: one e-mail and one OpenOffice template. If PDFemail is configured, the following additional parameter can be defined:

    • PDFemail.htmlEmail (optional, default: false): If true, an HTML e-mail is sent. Otherwise, a plain text e-mail is sent.

templatePrecedence

  • Data type: int
  • Default: null
  • Description: The precedence number of the template to use during the communication with the user. If the parameter is not set, the default template will be used. If no template exists with the given precedence number, an error will occur.

tmpLockingDuration

  • Data type: long
  • Default: 60000
  • Description: Duration of the temporary locking in milliseconds. Use a tmpLockingDuration of at least 30000 since the exact duration cannot be guaranteed below this value.

tmpLockingMode

  • Data type: String
  • Values: strict, threshold
  • Default: strict
  • Description:
    • strict: when the first temporary locking period is over, the user can try to log in only once before the next temporary locking period activates.
    • threshold: the user can always try tmpLockingThreshold times to log in before the next temporary locking period activates.

tmpLockingThreshold

  • Data type: int
  • Default: 2
  • Description: Number of login failures before the URL ticket credential is temporarily locked. If set to -1, the temporary lock is disabled.

urlPrefix

  • Data type: String

  • Default: none

  • Description: The URL ticket is communicated to the credential's user as part of a personalized link. The URL prefix of this link can be set with this parameter.

    Example: If urlPrefix is http://www.mycompany.ch/nevisidm/resetPin?x=, the personalized link will look like: http://www.mycompany.ch/nevisidm/resetPin?x=Npw6Cm78WupusGwelmLx0LeujLwWh1RfOmJIlSRo6P6h5maGfKlR5-rK7i_nR7QqaLI8SgNyqmCKdmjnFylBA

    Within templates, the link is referenced by the variable _LINK_.

urlTicketCharacterSet DEPRECATED

  • Data type: String
  • Default: abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789
  • Description: The characters used when generating the URL ticket using the SOAP API. It is recommended to use the fully generated URL based on the URL prefix (as set in urlPrefix) instead.

urlTicketLen

  • Data type: int (>-1)
  • Default: 30
  • Description: Length of the generated URL ticket. It is communicated to the credential's user as part of a personalized link.