Skip to main content
Version: 7.2405.x.x LTS

Detail levels

Most of the nevisIDM authentication plug-ins support detail levels to limit the amount of data fetched from the nevisIDM SOAP services. Reducing the detail level to only the required attributes improves performance.

A detail level can be specified per entity, e.g., user, profile, credential. Possible detail values in increasing order are: EXCLUDE, LOW, MEDIUM, HIGH.

Detail levels might have dependencies. For example, to fetch profile properties, a user detail level of at least MEDIUM is required. For the IdmAuthStates, the following detail levels are of use:

Detail levelDescription
detaillevel.certificatecertificate detail level, depends on detaillevel.user ≥ MEDIUM
detaillevel.credentialcredential detail level, depends on detaillevel.user ≥ MEDIUM
detaillevel.defaultdefault detail level, used if a detail level of an entity is not explicitly specified. If no default detail level is configured by the user, MEDIUM is used.
detaillevel.mobile_signaturemobile signature detail level, depends on detaillevel.user ≥ MEDIUM
detaillevel.profileprofile detail level, depends on detaillevel.user ≥ MEDIUM
detaillevel.propertya special detail level that activates properties on all other objects. It has no enforced dependency, but properties of a certain entity are only returned if the entity's detail level is at least MEDIUM.
detaillevel.rolerole/authorization detail level, depends on detaillevel.profile ≥ MEDIUM
detaillevel.saml_federationSAML federation detail level, depends on detaillevel.user ≥ MEDIUM
detaillevel.security_questionssecurity question detail level, depends on detaillevel.user ≥ MEDIUM
detaillevel.unitunit detail level, depends on detaillevel.profile ≥ MEDIUM
detaillevel.useruser detail level

The detail level of a fetched entity is stored in the session along with the user for usage in another nevisIDM authentication plug-in. IdmGetPropertiesState detects if the detail level of the current user on the session is too low and forces a refetch in this case.

If an early nevisIDM authentication plug-in fetches entity with a low detail level, it must be ensured that also a following IdmGetProperties state will use the same detail levels, or else the entity will be refetched in a second call. If known in advance, the first nevisIDM authenication plug-in should fetch the user entity with a detail level, which satisfies all the following nevisIDM authentication plug-ins. Examples:

  • Only the userExtId is required:
<property name="detaillevel.default" value="EXCLUDE"/>
<property name="detaillevel.user" value="LOW"/>
  • This is equivalent to specifying no detail level at all:
<property name="detaillevel.default" value="MEDIUM"/>
  • Non-satisfied dependencies will be enforced. The following config snippet will be interpreted as "default=EXCLUDE,user=MEDIUM,profile=MEDIUM,unit=LOW":
<property name="detaillevel.default" value="EXCLUDE"/>
<property name="detaillevel.unit" value="LOW"/>
  • The default detail level does not enforce any dependencies. The following config will not fetch any profiles, roles, and so on, but it fetches the user along with user properties:
<property name="detaillevel.default" value="LOW"/>
  • Properties have no dependencies and are not enforced. If only the role-properties are required, it must be configured as:
<property name="detaillevel.default" value="EXCLUDE"/>
<property name="detaillevel.role" value="LOW"/>
<property name="detaillevel.property" value="LOW"/>

Note that this will also cause user and profile properties to be fetched.

nevisIDM authentication plug-ins try to detect a minimum required detail level such that they remain operational and will warn if a config is obviously bad.