Skip to main content
Version: 2.82.x.x LTS

IdmUploadCertificateState

This AuthState is a processing AuthState.

This IDM auth plug-in is used for certificate registration by using the client certificate. Registering a client certificate means that a new certificate credential is created for the underlying user.

TopicDescription
Classch.nevis.idm.authstate.IdmUploadCertificateState
LoggingIdmAuth
Auditingnone
MarkerNevisIDM:mutation
PropertiestreatAsStrongAuth (boolean, true) If the property is set to "true", the uploaded certificate is treated as valid strong authentication. Thus, the user is strongly authenticated after having successfully passed this state.
client.name (defined in the chapter "Default input properties")
Methodsauthenticatestepup
Inputconnection.ClientCert (caller, required) Client certificate, used by the authenticating user in PEM format.
Transitionsstrong: Certificate upload successful. User is now strongly authenticated.
weak: Certificate upload successful. User is now weakly authenticated.
failed: Certificate upload failed, i.e., certificate check failed or the same certificate is already registered within the client (tenant) of the user.
clientNotFound: User uses an unsupported client-ID or the "default" client-ID (see input above) is not available.
Outputcertificate.id: External ID of the created certificate credential.
Errors1: no certificate in request (caller does not send a client certificate); 1: client does not match previous authentication; 100: certificate already registered within the client (tenant) of the user
NotesNone

Example

<AuthState
name="IdmUploadCertificate class="ch.nevis.idm.authstate.Idm
UploadCertificateState" final="false">
<ResultCond name="ok:weak" next="PostProcessing"/>
<ResultCond name="ok:strong" next="PostProcessing"/>
<ResultCond name="failed" next="IdmUserIdPasswordLogin"/>
<Response value="AUTH_ERROR">
<Gui name="AuthFailDialog" />
</Response>
<propertyRef name="IdmCertificateLogin"/>
</AuthState>