Questo contenuto non è disponibile nella lingua selezionata.

6.7. Mapping Resolver Configuration


The Token Processing System provides a single mapping resolver by default. The resolver is called FilterMappingResolver. This section will cover its configuration.

Note

See the Mapping Resolver section of the Red Hat Certificate System Planning, Installation, and Deployment Guide for general information about the Mapping Resolver.

6.7.1. Key Set Mapping Resolver

During External Registration, the key set must be resolved using the resolver before a user can authenticate.
The key set mapping resolver name is defined as follows:
externalReg.mappingResolver=<keySet mapping resolver name>
Copy to Clipboard Toggle word wrap
For example:
externalReg.mappingResolver=keySetMappingResolver
Copy to Clipboard Toggle word wrap
The following configuration example shows a full instance configuration:
mappingResolver.keySetMappingResolver.class_id=filterMappingResolverImpl
mappingResolver.keySetMappingResolver.mapping.0.filter.appletMajorVersion=0
mappingResolver.keySetMappingResolver.mapping.0.filter.appletMinorVersion=0
mappingResolver.keySetMappingResolver.mapping.0.filter.keySet=
mappingResolver.keySetMappingResolver.mapping.0.filter.tokenATR=
mappingResolver.keySetMappingResolver.mapping.0.filter.tokenCUID.end=a1000000000000000000
mappingResolver.keySetMappingResolver.mapping.0.filter.tokenCUID.start=a0000000000000000000
mappingResolver.keySetMappingResolver.mapping.0.target.keySet=defKeySet
mappingResolver.keySetMappingResolver.mapping.1.filter.appletMajorVersion=1
mappingResolver.keySetMappingResolver.mapping.1.filter.appletMinorVersion=1
mappingResolver.keySetMappingResolver.mapping.1.filter.keySet=
mappingResolver.keySetMappingResolver.mapping.1.filter.tokenATR=1234
mappingResolver.keySetMappingResolver.mapping.1.filter.tokenCUID.end=
mappingResolver.keySetMappingResolver.mapping.1.filter.tokenCUID.start=
mappingResolver.keySetMappingResolver.mapping.1.target.keySet=defKeySet
mappingResolver.keySetMappingResolver.mapping.2.filter.appletMajorVersion=
mappingResolver.keySetMappingResolver.mapping.2.filter.appletMinorVersion=
mappingResolver.keySetMappingResolver.mapping.2.filter.keySet=
mappingResolver.keySetMappingResolver.mapping.2.filter.tokenATR=
mappingResolver.keySetMappingResolver.mapping.2.filter.tokenCUID.end=
mappingResolver.keySetMappingResolver.mapping.2.filter.tokenCUID.start=
mappingResolver.keySetMappingResolver.mapping.2.target.keySet=jForte
mappingResolver.keySetMappingResolver.mapping.order=0,1,2
Copy to Clipboard Toggle word wrap
The above example defines three mappings named 0, 1, and 2. They are ordered in ascending order using the mappingResolver.keySetMappingResolver.mapping.order=0,1,2 line in the example. This order means the input parameters will be run against the mapping filter 0 first; only if they do not match that filter, the next one in the mapping order will be tried. For example, if a token with the following characteristics is evaluated:
CUID=a0000000000000000011
appletMajorVersion=0
appletMinorVersion=0
Copy to Clipboard Toggle word wrap
Then it would pass mapping 0 and be assigned its target, which is configured to defKeySet, because the applet version matches and the CUID falls within the CUID start and end range for that mapping.
On the other hand, if a token has the following parameters:
CUID=b0000000000000000000
ATR=2222
appletMajorVersion=1
appletMinorVersion=1
Copy to Clipboard Toggle word wrap
In this case this token fails mapping 0 because it is outside the specified CUID range. It also fails mapping 1 because while the applet versions match, the ATR does not. The above token will be assigned to mapping 2 and its target, jForte.
Note how mapping 2 has no assignments for any of its filters. This causes the mapping to match all tokens, effectively making it a "default" value. Mappings like this must be specified last in the mapping order, because any other mappings after it will never be evaluated.

6.7.2. Token Type (TPS) Mapping Resolver

There are three default tokenType mapping resolvers defined in the Token Processing System: formatProfileMappingResolver, enrollProfileMappingResolver, and pinResetProfileMappingResolver. Compared to the External Registration case discussed in the previous section, in the Internal Registration case token types are actually calculated from the defined mapping resolver.
The token type mapping resolver names are defined as follows:
op.<op>.mappingResolver=<mapping resolver name>
Copy to Clipboard Toggle word wrap
For example:
op.enroll.mappingResolver=enrollProfileMappingResolver
Copy to Clipboard Toggle word wrap
The following configuration example describes the enrollProfileMappingResolver:
mappingResolver.enrollProfileMappingResolver.class_id=filterMappingResolverImpl
mappingResolver.enrollProfileMappingResolver.mapping.0.filter.appletMajorVersion=1
mappingResolver.enrollProfileMappingResolver.mapping.0.filter.appletMinorVersion=
mappingResolver.enrollProfileMappingResolver.mapping.0.filter.tokenATR=
mappingResolver.enrollProfileMappingResolver.mapping.0.filter.tokenCUID.end=b1000000000000000000
mappingResolver.enrollProfileMappingResolver.mapping.0.filter.tokenCUID.start=b0000000000000000000
mappingResolver.enrollProfileMappingResolver.mapping.0.filter.tokenType=userKey
mappingResolver.enrollProfileMappingResolver.mapping.0.target.tokenType=userKey
mappingResolver.enrollProfileMappingResolver.mapping.1.filter.appletMajorVersion=1
mappingResolver.enrollProfileMappingResolver.mapping.1.filter.appletMinorVersion=
mappingResolver.enrollProfileMappingResolver.mapping.1.filter.tokenATR=
mappingResolver.enrollProfileMappingResolver.mapping.1.filter.tokenCUID.end=a0000000000000001000
mappingResolver.enrollProfileMappingResolver.mapping.1.filter.tokenCUID.start=a0000000000000000000
mappingResolver.enrollProfileMappingResolver.mapping.1.filter.tokenType=soKey
mappingResolver.enrollProfileMappingResolver.mapping.1.target.tokenType=soKey
mappingResolver.enrollProfileMappingResolver.mapping.2.filter.appletMajorVersion=
mappingResolver.enrollProfileMappingResolver.mapping.2.filter.appletMinorVersion=
mappingResolver.enrollProfileMappingResolver.mapping.2.filter.tokenATR=
mappingResolver.enrollProfileMappingResolver.mapping.2.filter.tokenCUID.end=
mappingResolver.enrollProfileMappingResolver.mapping.2.filter.tokenCUID.start=
mappingResolver.enrollProfileMappingResolver.mapping.2.filter.tokenType=
mappingResolver.enrollProfileMappingResolver.mapping.2.target.tokenType=userKey
mappingResolver.enrollProfileMappingResolver.mapping.order=1,0,2
Copy to Clipboard Toggle word wrap
Three mappings are defined for the enrollProfileMappingResolver in the above example. The mappings are named 0, 1, and 2. The mappingResolver.enrollProfileMappingResolver.mapping.order=1,0,2 line defines the order in which the mappings will be processed. If a token matches a mapping, no further mappings in the order will be evaluated; if it does not match a mapping, the next one in the order will be tried.
In case of a token with the following parameters:
CUID=a0000000000000000011
appletMajorVersion=1
appletMinorVersion=0
extension: tokenType=soKey
Copy to Clipboard Toggle word wrap
A token with this configuration will match the filters for mapping 1 because the applet version matches, the CUID fails within the specified start and end range, and the extension tokenType matches. Therefore, this token will be assigned the target for that mapping - soKey.
In another case, if the token has the following parameters:
CUID=b0000000000000000010
appletMajorVersion=1
appletMinorVersion=1
Copy to Clipboard Toggle word wrap
In this case, the token will fail mapping 1 because the CUID is outside the specified range. Then it will also fail mapping 0, because the tokenType extension is missing. This token will then match mapping 2, because it has no specified filters in order to match all tokens which did not match any of the previous filters.
Torna in cima
Red Hat logoGithubredditYoutubeTwitter

Formazione

Prova, acquista e vendi

Community

Informazioni sulla documentazione di Red Hat

Aiutiamo gli utenti Red Hat a innovarsi e raggiungere i propri obiettivi con i nostri prodotti e servizi grazie a contenuti di cui possono fidarsi. Esplora i nostri ultimi aggiornamenti.

Rendiamo l’open source più inclusivo

Red Hat si impegna a sostituire il linguaggio problematico nel codice, nella documentazione e nelle proprietà web. Per maggiori dettagli, visita il Blog di Red Hat.

Informazioni su Red Hat

Forniamo soluzioni consolidate che rendono più semplice per le aziende lavorare su piattaforme e ambienti diversi, dal datacenter centrale all'edge della rete.

Theme

© 2025 Red Hat