Skip to main content
Version: 7.2505.x.x LTS

Ticket

This page lists the policy parameters specific to tickets.

In addition to the policy parameters defined here, the parameters defined in the table under All credential types are also valid for ticket credentials.

closeToExpirationThreshold

  • Data type: int (days)
  • Default: 10
  • Description: Defines the number of days preceding the real expiry date at which the UpdateCredentialStateJob will trigger communication events. Example: If set to 2, all tickets that expire the day after tomorrow (between 00:00 and 23:59) will be affected.

credentialLifetime

  • Data type: long (>0)
  • Default: 432000000 (5 days in milliseconds)
  • Description: The time to live (in milliseconds) of the ticket credential. After the defined period of time, the user will not be able to log in with this ticket anymore. The parameter credentialLifetime replaces the deprecated parameter ticketLifetime. The parameter ticketLifetime is still supported but deprecated.

hashAlgorithm

  • Data type: enum
  • Values: SSHA, SSHA256
  • Default: SSHA256
  • Description: Defines the hash algorithm used for ticket hashing. Supported are salted SHA-1 (SSHA) and salted SHA-256 (SSHA256). Since nevisIDM 2.21.2.0, SSHA has been marked as deprecated because collision attacks faster than brute force attacks have been found. Changing this parameter is fully backward compatible — only newly created tickets are hashed with the defined algorithm.

sendingMethod

  • Data type: Comma-separated list of enums

  • Values: any subset of PDFstore, Print, Email, HTMLemail, PDFemail, SMS_SMTP, None, or PDFstream alone

  • Default: Email

  • Description: Defines a fallback list of different methods of how a credential should be communicated to the user (if the first method fails for some reason, the second is tried, and so on).

    Method Email will fail if the user has no e-mail address or the address is invalid. Method SMS_SMTP will fail if the user has no mobile number or the mobile number is invalid. All methods (except None) will fail if the corresponding template is missing or one or more mandatory placeholders are empty. If sendingMethod was not defined at all, nevisIDM takes the default value. The default value has no fallbacks.

    Special sendingMethod for GUI only: PDFstream — after ticket creation or reset, a transient link appears in the CredentialModify view on the GUI. The link can be used to download the communication PDF. If there is an error at PDF generation, the ticket's plain value will be lost.

    If PDFstore is configured, the following additional parameter can be defined:

    • PDFstore.destDir (optional): Defines the destination directory where the PDF is to be saved. If not configured, the directory set in nevisidm-prod.properties is used as fallback.

    If SMS_SMTP is configured, the following additional parameters must be defined:

    • SMS_SMTP.smtp.host (mandatory): Host name of the SMTP server. Availability is checked at startup.
    • SMS_SMTP.smtp.port: Port of the SMTP server.
    • SMS_SMTP.message.from (mandatory): Sender of the SMS message. Must be a valid e-mail address.
    • SMS_SMTP.message.to (mandatory): Receiver of the SMS message. Must contain the ${phonenumber} placeholder. Example: ${phonenumber}@sms.mycompany.ch.
    • SMS_SMTP.message.subject (mandatory): Subject of the e-mail sent to the SMTP gateway.

    The PDFemail method requires two templates: one e-mail and one OpenOffice template. If PDFemail is configured, the following additional parameter can be defined:

    • PDFemail.htmlEmail (optional, default: false): If true, an HTML e-mail is sent. Otherwise, a plain text e-mail is sent.

sendWarningWhenCloseToExpiration

  • Data type: boolean
  • Default: false
  • Description: Defines whether the batch job UpdateCredentialStateJob should trigger a TicketExpirationWarning communication event when closeToExpirationThreshold is reached.

templatePrecedence

  • Data type: int
  • Default: null
  • Description: The precedence number of the template to use during the communication with the user. If the parameter is not set, the default template will be used. If no template exists with the given precedence number, an error will occur.

ticketCharacterSet

  • Data type: String
  • Default: abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789
  • Description: The characters used when generating the ticket.

ticketLen0 and ticketLen1

  • Data type: int (>-1)

  • Defaults: ticketLen0: 30, ticketLen1: 0

  • Description: The lengths of the two parts of the ticket. Note that exactly one of the two must be zero:

    • ticketLen0 > 0, ticketLen1 = 0: The ticket is shown to the final user only (via e-mail or other communication channel). It is not shown to the admin and not returned in the web service response.
    • ticketLen0 = 0, ticketLen1 > 0: The ticket is returned to the caller (SOAP interface) or shown to the administrator (web GUI). It is not communicated to the final user.

    The following configurations are invalid: ticketLen0 > 0 and ticketLen1 > 0; ticketLen0 = 0 and ticketLen1 = 0.

    Note: if only ticketLen0 is set in the policy, backward-compatible behavior is triggered (only the final user is informed; the ticket is neither shown to the admin nor returned in the web service response). We therefore recommend explicitly setting both ticketLen0 and ticketLen1 in the ticket policy.

ticketLifetime DEPRECATED

  • Data type: int (>0)
  • Description: This parameter is deprecated. Use credentialLifetime instead.

ticketReuseEnabled

  • Data type: boolean
  • Default: false
  • Description: If set to true, the ticket can be reused.