Example: Token Mapping With Two Different Token Types - Red Hat CERTIFICATE SYSTEM 8.0 - ADMINISTRATION Admin Manual

Parameter
op.operation.mapping.#.filter.tokenCUID.start
op.operation.mapping.#.filter.tokenCUID.end
op.operation.mapping.#.filter.appletMajorVersion The filter based on the applet version. This filter can be empty or
op.operation.mapping.#.filter.appletMinorVersion The filter based on the minor applet version. For an applet file nam
op.operation.mapping.#.target.tokenType
operation can be enroll, PIN reset, or format.
# is an integer.
Table 5.7. Mapping and Filters

5.4.3. Example: Token Mapping with Two Different Token Types

The process for a format operation is as follows:
1. The user inserts the token. The token is recognized by its CUID in the Enterprise Security Client.
2. The user selects the token and clicks Format.
3. The Enterprise Security Client prompts for LDAP authentication.
4. The format operation completes.
When the token is selected in the Enterprise Security Client, the Enterprise Security Client sends in
the applet version, CUID, ATR, and other information about the token to the TPS server. TPS server
checks the op.format.mapping.. section in the CS.cfg file and figures out which tokenType to
use for the token, either devKey or qaKey. It then uses the appropriate op.format... section to
perform LDAP authentication to the appropriate server and to the corresponding TKS for generating
session keys.
This is an example, configuring two different sets of tokens distinguished by their CUID ranges. These
sets have the following settings:
• The development team has 100 tokens and the token set CUIDs from 1000-0000-0000-0000 to
1000-0000-0000-0100.
• The QA team that has 100 tokens and the token set CUIDs from 2000-0000-0000-0000 to
2000-0000-0000-0100.
• The development team uses the LDAP server ldap-dev, and the QA team uses the LDAP server
ldap-qa for authentication.
Configuring the format operation in the TPS involves the following changes to the TPS configuration
file, CS.cfg.
##########################################################################
# Create two mappings
##########################################################################
op.format.mapping.0.filter.tokenCUID.start=1000000000000000
op.format.mapping.0.filter.tokenCUID.end=1000000000000100
##########################################################################
op.format.mapping.1.filter.tokenCUID.start=2000000000000000
Example: Token Mapping with Two Different Token Types
Description
The filter based on the CUID range. The target tokenType will b
The filter based on the CUID range. The target tokenType will b
are both zero, this indicates there is no applet on the token.
matched if the applet's minor version sent by the Enterprise Secu
Set this parameter to the tokenType to select for this mapping. F
141