Introduction
From version 6.5 it is possible to configure and validate that a PIN Policy (PP) is supported on the credentials managed by vSEC:CMS. Different credentials support different PP's so it is important to validate that the PP you are applying is indeed supported on the credential.
This article will describe how you can perform these validations before applying the policy to the card template.
The PP that can be applied to a credential needs to adhere to what is allowed on the credential. Different credentials allow different PP configurations to be applied. Therefore, it is required that any PP that is to be applied to a credential is supported on it. The credential vendor documentation will define what PP settings are supported on it.
Testing PP Configuration
vSEC:CMS supports testing and verifying a PP on a limited range of supported credentials. For these supported credential types you can test and verify that the required PP is supported on the credential before applying the PP to the credential template. This section will describe how you can perform these tests before applying them to the credential template.
Test Thales IDPrime MD PP
PP for the range of Thales IDPrime MD cards that vSEC:CMS supports can be tested by following instructions in this section.
The PP defined here will not be applicable to IDPrime MD 840/940 card types.
Navigate to Repository - PIN Policies and click the Add button. Enter a name and from the drop-down list select Thales IDPrime MD Smart Cards. Enable Smart card managed PIN policies and configure the settings as required.
Click the Test button. You should have a credential attached for which you will apply the PP to. It is recommended to attach a credential that is in its default factory settings. Enter a PIN that complies with the policy we want to set on the credential. Click the Apply PIN Policy button.
Presuming that the credential is in default factory state you will be prompted to register the credential with vSEC:CMS before the policy can be applied. Follow the wizard to register the credential with vSEC:CMS. Then at the end the PP will be applied and if successful you should see a dialog similar to below.
This verifies that the PP is valid and can be applied to the credential type that you are going to deploy. Click Save at the end to save the configuration. The PP can then be applied in the Issue card section of the template from Templates - Card Templates.
Test PIV Credentials
PP for the range of PIV credentials that vSEC:CMS supports can be tested by following instructions in this section.
Navigate to Repository - PIN Policies and click the Add button. Enter a name and from the drop-down list select PIV Smart Cards. Enable Smart card managed PIN policies and configure the settings as required.
The PIV specification states that a PIN length should be minimum of 6 and maximum of 8.
Click the Test button. You should have a credential attached for which you will apply the PP to. It is recommended to attach a credential that is in its default factory settings. Enter a PIN that complies with the policy we want to set on the credential. Click the Apply PIN Policy button.
Presuming that the credential is in default factory state you will be prompted to register the credential with vSEC:CMS before the policy can be applied. Follow the wizard to register the credential with vSEC:CMS. Then at the end the PP will be applied and if successful you should see a dialog similar to below.
This verifies that the PP is valid and can be applied to the credential type that you are going to deploy. Click Save at the end to save the configuration. The PP can then be applied in the Issue card section of the template from Templates - Card Templates.
Test IDPrime Virtual PP
PP for Thales IDPrime Virtual cards that vSEC:CMS supports can be tested by following instructions in this section.
Navigate to Repository - PIN Policies and click the Add button. Enter a name and from the drop-down list select IDPrime Virtual. Enable Smart card managed PIN policies and configure the settings as required.
Click the Test button. You should have an IDPrime Virtual credential created and available on the host for which you will apply the PP to. It is recommended to attach a credential that is in its default factory settings. Enter a PIN that complies with the policy we want to set on the credential. Click the Apply PIN Policy button.
Presuming that the credential is in default factory state you will be prompted to register the credential with vSEC:CMS before the policy can be applied. Follow the wizard to register the credential with vSEC:CMS. Then at the end the PP will be applied and if successful you should see a dialog similar to below.
This verifies that the PP is valid and can be applied to the credential type that you are going to deploy. Click Save at the end to save the configuration. The PP can then be applied in the Issue card section of the template from Templates - Card Templates.
Test Windows Virtual PP
PP for Windows virtual cards that vSEC:CMS supports can be tested by following instructions in this section.
Navigate to Repository - PIN Policies and click the Add button. Enter a name and from the drop-down list select Windows Virtual Smart Card. Enable Smart card managed PIN policies and configure the settings as required.
Click the Test button. You should have a Windows virtual credential created and available on the host for which you will apply the PP to. It is recommended to attach a credential that is in its default factory settings. Enter a PIN that complies with the policy we want to set on the credential. Click the Apply PIN Policy button.
Presuming that the credential is in default factory state you will be prompted to register the credential with vSEC:CMS before the policy can be applied. Follow the wizard to register the credential with vSEC:CMS. Then at the end the PP will be applied and if successful you should see a dialog similar to below.
This verifies that the PP is valid and can be applied to the credential type that you are going to deploy. Click Save at the end to save the configuration. The PP can then be applied in the Issue card section of the template from Templates - Card Templates.
Test Versasec Virtual PP
PP for Versasec's virtual smart cards can be tested by following instructions in this section.
Navigate to Repository - PIN Policies and click the Add button. Enter a name and from the drop-down list select Versasec Virtual Smart Card. Enable Smart card managed PIN policies and configure the settings as required.
You will need to have the Versasec virtual smart card installed on your host to test this feature.
Click the Test button. You should have a Versasec virtual credential created and available on the host for which you will apply the PP to. It is recommended to attach a credential that is in its default factory settings. Enter a PIN that complies with the policy we want to set on the credential. Click the Apply PIN Policy button.
Presuming that the credential is in default factory state you will be prompted to register the credential with vSEC:CMS before the policy can be applied. Follow the wizard to register the credential with vSEC:CMS. Then at the end the PP will be applied and if successful you should see a dialog similar to below.
This verifies that the PP is valid and can be applied to the credential type that you are going to deploy. Click Save at the end to save the configuration. The PP can then be applied in the Issue card section of the template from Templates - Card Templates.