Introduction
In some use cases, it may be required to perform some pre-issuance assignment before a credential is actually issued. For example, it may be required that a particular credential with a specific CSN be pre-issued to a particular user and additionally a particular card template. This will mean that when the credential is actually issued vSEC:CMS will be able to determine from the credential CSN for the particular credential who it should be assigned to and additionally what card template it will be assigned to.
If a credential that was pre-issued is issued then it will no longer be in a pre-issued state. Therefore, if you revoked - retired - unregistered the credential it will not go back into a pre-issue state.
Follow the instructions in this article to configure the vSEC:CMS to allow for this type of pre-issuance assignment.
It is possible to provide the pre-issuance information in two ways. Either through an input file that is used to import the data through a manual import wizard or through an input file that will automatically be read by the vSEC:CMS when it detects that a new input file has been placed in a pre-configured folder on the system.
Pre-issuance using Import Wizard
Step 1 - Create Input File
The input file, which will contain the credential records, should be constructed like below.
The file needs to be saved as UTF-8 encoding format. From Notepad, for example, it is possible to specify the encoding format that the file will be saved as.
V;1.0 T;CSN;DN;TEMPLATE C;"5701135125898D0D2A0AFFFF";"CN=Sam Sim,DC=Sample,DC=local";"SC Logon Template" C;"5701135125898D0D4456FFFF";"CN=Tom Lim,DC=Sample,DC=local";"SC Logon Template" |
The first line in the input file is mandatory and should not be changed.
The second line are identifiers for the actual input data specific for the credential and the user who the credential will be pre-issued to. In the input file in this example T is a tag for the title, CSN is the credential serial number, DN is the distinguished name of the user as exists in the user directory and TEMPLATE is the actual card template that the credential will be pre-issued to in vSEC:CMS. The character ';' acts as the separator in this case. Place all input data in quotation characters as in the sample data here. It is possible to add comments to the input file using '#' character. The C at the start of each input record identifies that the input record is for a credential in this case.
Step 2 - Import Input File
1. From Repository - Smart Card Transfer in the Pre-issuance section click the Proceed button.
2. Click the Browse button to browse to the file created in step 1. Select the separator type from the dropdown list, the character ';' in this example.
3. In the Select smart card template section three options are available:
- Select the Do not assign template if it is required to not assign the input record(s) to a card template. If this option is selected, then this will overwrite any card template that may be already defined in the input file.
- Select the Assign template from file if it is required to assign the input record to the card template as defined in the input file. In this example, we will select this option.
- Select Assign this template and select from the available drop-down list of available card templates on the system. Again, this will overwrite any card template that may be already defined in the input file.
4. Click Proceed to progress.
5. Enter the operator smart card PIN code when prompted to proceed.
6. It is possible to filter the entries based on their user directory. In this example, all users are from the same user directory so no filtering is performed. If you have a much larger input file with users from different directory locations and it is required to filter out specific users from specific directory locations then enable the filter option and select the directory locations that are to be used. Click Next to continue.
7. It is possible to filter the entries based on the smart card template in the input file. In this example, all users are to be assigned to the same card template so no filtering is performed. If you have a much larger input file with users assigned to different card templates and it is required to filter out specific users from specific card templates, then enable the filter option and select the card template that is to be used. Click Next to continue.
8. The complete list of users that are to be imported in pre-issued state is displayed. All entries will be automatically selected. Uncheck the import check box for any user(s) that you do not wish to import at this time. Click Import to proceed.
9. An information dialog will popup. Click Yes to proceed. On completion, a summary dialog will appear. Click the Export button to save the summary report to a html file. Click Close to complete and close out.
Step 3 - Issue Credential
When it is time to actually issue the credential from the Lifecycle page attach the credential that is to be issued. vSEC:CMS will determine from the credential CSN that the credential has been pre-issued. The Lifecycle page will show that the credential is in an unregistered state but you will see that there is a chain symbol indicating that this particular credential has been pre-issued to the particular user and assigned to a particular smart card template. When the operator issues the credential the system will automatically issue the token to the pre-issued user using the pre-assigned card template.
Pre-issuance using Auto-detection
Using this mechanism, it is possible to place pre-configured input files in a folder which the vSEC:CMS service will automatically detect and import into the system in a pre-issued state.
Step 1 - Create Input File
An input file named import.csv should be placed in a folder which will be the root location of where input records for pre-issued credentials can be placed. Within this folder it is possible to have sub-folders that contain input files. The input file import.csv should be constructed like below.
The file needs to be saved as UTF-8 encoding format. From Notepad, for example, it is possible to specify the encoding format that the file will be saved as.
[import] template=1 seperator=; |
The first line is mandatory and should be as defined above.
The template name can have three values.
- If the value is '1' then this means that no card template will be assigned to the card record as read from the actual card record input file;
- If the value is '2' then this means that the card template will be taken from the actual card record input file;
- If the value contains a name, then this name will be used as the actual card template as configured in the vSEC:CMS that the pre-issued credential will be pre-assigned to in the system.
The separator informs the system that in this example the ';' character will be used as the input records separator.
Typically, the card input record file will be constructed as a CSV file.
The input file(s) should be constructed as below if template=1 as described in the previous section is set.
V;1.0 T;CSN;DN;TEMPLATE C;"5701135125898D0D2A0AFFFF";"CN=Sam Sim,DC=Sample,DC=local" C;"5701135125898D0D4456FFFF";"CN=Tom Lim,DC=Sample,DC=local" |
The card record input file(s) should be constructed as below if template=2 as described in the previous section is set.
V;1.0 T;CSN;DN;TEMPLATE C;"5701135125898D0D2A0AFFFF";"CN=Sam Sim,DC=Sample,DC=local";"SC Logon Template" C;"5701135125898D0D4456FFFF";"CN=Tom Lim,DC=Sample,DC=local";"SC Logon Template" |
The card record input file(s) should be constructed as below if template=SC Logon Template as described in the previous section is set, i.e. in vSEC:CMS there will be a card template with a name of SC Logon Template already configured.
V;1.0 T;CSN;DN;TEMPLATE C;"5701135125898D0D2A0AFFFF";"CN=Sam Sim,DC=Sample,DC=local" C;"5701135125898D0D4456FFFF";"CN=Tom Lim,DC=Sample,DC=local |
The first line in the input file is mandatory and should not be changed.
The second line are identifiers for the actual input data specific for the credential and the user who the credential will be pre-issued to. In the input file in this example T is a tag for the title, CSN is the credential serial number, DN is the distinguished name of the user as exists in the user directory and TEMPLATE is the actual card template that the credential will be pre-issued to in vSEC:CMS. The character ';' acts as the separator in this case. Place all input data in quotation characters as in the sample data here. It is possible to add comments to the input file using '#' character. The C at the start of each input record identifies that the input record is for a credential in this case.
Step 2 - Automatically Import from Input File
1. From Repository - Smart Card Transfer in the Pre-issuance section click the Auto collect button.
2. Click the Browse button to navigate to the folder where the vSEC:CMS service will monitor for input files to automatically import pre-issued records. Alternatively, you can enter a relative folder path from the location where the vSEC:CMS was installed to. If the installation was performed to the default location, then this location would be C:\Program Files (x86)\Versasec\vSEC_CMS vSEC:CMS.
3. For File extension enter the file extension for the card input records. The card input record(s) file is typically a CSV file so therefore enter csv in the field provided.
4. Enable the Enabled checkbox to activate this feature. Click the Preserve input checkbox to make the system save the input record file and this will be saved with a .succ file extension. Enable the Store report checkbox if it is required that the system will generate a report file for every input record file that is processed.
5. Click Ok to save and close.
Step 3 - Issue Credential
When it is time to actually issue the credential from the Lifecycle page attach the credential that is to be issued. vSEC:CMS will determine from the credential CSN that the credential has been pre-issued. The Lifecycle page will show that the credential is in an unregistered state but you will see that there is a chain symbol indicating that this particular credential has been pre-issued to the particular user and assigned to a particular smart card template. When the operator issues the credential the system will automatically issue the token to the pre-issued user using the pre-assigned card template.