Creating an Attribute Certificate Profile
In this step you can create an attribute profile. An attribute profile is a set of parameters configured within the ADSS Certification Service which define characteristics of the attribute certificates (e.g. lifetime of the certificate along with certificate extensions etc) that will be generated by the service. The advantage of configuring a attribute profile on ADSS Server is that client applications do not need to pass these parameters within each service request message, but can simply refer to a particular configured attribute profile. ADSS Server allows the flexibility to override the profile attributes if specifically allowed within the profile settings.
Navigate to the following location in the ADSS Unity Console:
This shows a table of existing attribute profiles. These can be edited or deleted.
To create a new profile, click the '+' button, this will present the following form:
The user will be landed on Profile Identification section. Once the required configurations are done, click on the next (>) arrow button, it will display the following screen:
The user will be landed on Certificate Settings section page. Once the required configurations are done, click on the next (>) arrow button, it will display the following screen:
The user will be landed on AA Details section page. Here, select the required Attribute Authority from the drop-down. Once all the configurations are done, click on the Save button.
The configuration items are as follows:
Items |
Description |
Status |
A certification profile may be marked Active or Inactive. Note an inactive attribute profile will not be used to process certification requests. |
Profile ID |
A system-defined unique identifier for this profile. This must be referenced in certification service requests if this attribute profile is to be used by the client application. |
Profile Name |
An user-defined unique name for easier human recognition within the ADSS user Console. This could be referenced instead of Profile ID in certification service requests if this attribute profile is to be used by the client application. |
Profile Description |
This can be used to describe the attribute profile in more detail (e.g. in which circumstances this attribute profile will be used and/or what sort of setting the attribute profile holds etc). This is for information purposes only. |
Attribute Authority |
Select an internal Attribute Authority (AA) that is configured to handle certification requests from the ADSS Certification Service. |
Hash Algorithm |
The selected hashing algorithm is used as part of the attribute certificate generation process. The following hashing algorithms are available:
Note: There are some known limitations that the user must be aware of while using SHA3 hashing algorithm. For details, click here. |
Validity Period |
Set the validity period for how long the certificate will be valid. Set this flag to indicate whether the validity period configured in the attribute profile can be overridden by the client application by passing validity parameters in the certification request message. |
Attribute Certificate Extensions |
These flags define whether the selected extensions are added to the attribute certificate. The supported extensions are:
Critical Setting the critical flag marks the relevant extension as critical. |
The list of existing attribute profiles can be sorted in either ascending or descending order by selecting a table column from the drop down list.
Clicking on the Advance Search button on the Attribute Profile main page will display following screen:
This helps to locate a particular type of attribute profile generated in the Certification Service. The profile can be searched based on Status, Profile ID, Profile Name, Attribute Authority Name, Validity Period. If a search is based on multiple values, then these will be combined together using the “AND” operand, and thus only records that meet all the criteria will be presented.
See also