Skip to main content

Digital ID (DID)

This section shows you how to configure the Digital ID (DID) module, which is used to update the Lotus Notes ID file repository on the Bravura Security Fabric server, particularly when managing Lotus Notes passwords with Bravura Security Fabric . For a complete explanation of the challenges involved in certificate management with Lotus Notes ID File passwords and some possible solutions, see Lotus Domino Server in the Connector Pack Documentation.

To configure the Digital ID (DID) module:

  1. Click Manage the system > Modules > Digital ID (DID).

  2. Configure the options in Table 1, “Digital ID (DID) module options as required.

  3. If required, configure event options, listed in Table 2, “Digital ID events, trigger external programs.

  4. Click Update to submit the changes.

Table 1. Digital ID (DID) module options

Option

Description

DID ASSOCIATION

Select the method to use to associate users. Choose from:

  • Network operating system ID association

  • Single client ID association

  • Multiple client ID association

    See DID association for details.

DID REG VALIDATION PLUGIN

Type the name of the plugin program or PSLang script to use to validate new digital ID registration requests.

See Digital ID registration for details.



DID association

Network operating system ID association is the default association mode. It associates a registered ID file with a user’s network account ID. The first network account ID to successfully register the ID file obtains the association.

Client ID association is useful when a single user has multiple network operating system ID’s, but only a single digital ID. Additional uses for this type of association are shared workstations (kiosks) where a user does not log in or out of the operating system. There are two types of client ID association:

Single

Under single client ID association, the first client workstation that successfully registers a digital ID is the workstation that will be associated with that ID.

Multiple

Under multiple client ID association, digital ID files can be registered from multiple workstations. The digital ID is not associated with a single workstation. Once registered, updates to the digital ID can come from either an application (for example, Notes) or from Bravura Security Fabric .

Digital ID registration

You can configure a plugin to validate incoming requests for new Digital ID registration requests.

The Digital ID registration validation plugin receives information about:

  • Account ID (DN of the Digital ID)

  • NOS ID

  • Client ID

  • Target ID

  • Mail server

The plugin returns whether the registration should be allowed.

To configure this plugin, type the plugin’s full name in the DID REG VALIDATION PLUGIN field on the Manage the system > Modules > Digital ID page.

A built-in plugin, nos-validate.pss is shipped with Bravura Security Fabric . The nos-validate.pss plugin checks whether the matching account table entry for this registration has a user ID (shortid) that matches the NOS ID of the incoming registration. If the user ID and NOS ID do not match, the ID file is not uploaded to the did table.

Write a custom digital ID registration plugin

Requirements

See Writing plugins for general requirements.

Execution points

The Digital ID registration validation plugin is run by the Digital ID (DID) module when a registration request is received.

Input

Following is an example of the input required for this plugin:

 "" "" = {
     "ACCOUNTID" = "CN=test 2/O=bravura"
     "CLIENTID" = "WINXP206"
     "MAILSERVER" = "CN=win2k4/O=bravura"
     "NOSID" = "Administrator77"
     "TARGETID" = "NOTES"
   }

Output

Following is an example of the output expected for this plugin:

"" "" = {
     "errmsg" = "Everything is good :)"
     "retval" = "0"
   }
In this section: