Setting Token Types For Specified Smart Cards - Red Hat CERTIFICATE SYSTEM 7.3 - ADMINISTRATION Administration Manual

Chapter 8. Token Processing System
requiredVersion is the numeric key set identifier required for the operation to proceed. If
the smart card does not have the key set specified by the requiredVersion parameter, key
changeover will occur, and the operation process continues.
The TPS audit log shows whether the key changeover worked successfully.
While testing this feature, change an Axalto Web Store smart card back to the original static 4041..
key set. To do this, change the requiredVersion parameter back to 1 and set a new format. Do this
before removing a TKS instance, or else the smart card cannot be managed.

8.5.6. Setting Token Types for Specified Smart Cards

The TPS can be configured to use specific token profiles based on the smart card ATR or a range
of serial numbers for the smart cards. This is useful to manage two types of smart card profiles in a
single deployment to determine the smart card profile based on physical distribution of those cards,
rather than some software process change. The TPS can configure a mapping that specifies the types
of tokens, ATRs, and range of serial numbers (CUID).
Each type of operation contains a parameter mapping.order containing mapping IDs.
NOTE
If the mapping.order parameter contains more than one mapping ID, then each
mapping ID is processed in sequential order until a target is determined or an error is
returned. If the mapping.order parameter is missing, then the code returns an error.
Each mapping ID references a series of parameters called filters. Each filter may contain a specific
value for the request to be tested against. Empty or missing filters act as a wildcard and allow the
request to contain any value and are thus inherently true. If the request passes all filters, the the
specified target token profile is used.
For an example of using token types, see
For the configuration file parameters used to set up mapping and filters, see
Filters".
The TPS can be configured to distinguish between two different sets of tokens by their CUIDs. These
sets have the following settings:
• The development team has 100 tokens and the token set CUIDs from 1000-0000-0000-0000 to
1000-0000-0000-0100.
• The QA team that has 100 tokens and the token set CUIDs from 2000-0000-0000-0000 to
2000-0000-0000-0100.
• The development team uses the LDAP server ldap-dev, and the QA team uses the LDAP server
ldap-qa for authentication.
Configuring the format operation in the TPS involves the following changes to the TPS configuration
file, CS.cfg.
##########################################################################
# Create two mappings
##########################################################################
op.format.mapping.0.filter.tokenCUID.start=1000000000000000
196
Example 8.1, "Configuring Two Different Token Types".
Table 8.7, "Mapping and