18.10.3.1. Token model

The Token is the central concept of this endpoint. It represents a physical or virtual entity or device that supports a user in the authentication process. Examples are SecurId tokens, phone numbers or registered mobile app instances. A token consists of a unique tokenId and a configurable set of attributes. The actual set of attributes depends on the persistency implementation used.

Currently, IAM supports three different kinds of persistency implementations (aka repositories):

  • token-based: based on the IAM token data model (TokenDataProvider)
  • credential-based: based on the IAM credential bean model (CredentialPersister)
  • custom implementation: custom implementations of the GenericTokenRepository interface may be provided (see bottom of page)

Token-based repository support

The token-based repository (see also below in Configuration) is the default implementation to be used and supports the attribute set as described below. Moreover, a configurable amount of tokens can be assigned to a user.

Attribute
Data Type
Token ID
String
Serial ID
String
Enabled
Boolean
Activation Date
Date
Valid From
Date
Valid To
Date
Generation Date
Date
First Usage Date
Date
Latest Usage Date
Date
Total Usages
Integer
Tracking ID
String
Data
String
Generic Data Element 1 - 12
String

Credential-based repository support

The credential-based repository supports a limited set of attributes. At most two credentials (tokens) exist per user. I.e. a current and a next credential. The first can be accessed by Token ID <username>-current, the latter by <username>-next.

Attribute
Data Type
Information
Data
String
The data is stored either as String or in binary form on the database.
Binary data is represented as a Base64 String when read from the system.
Data Encoding
String
Value is either 'STRING' or 'BINARY' (see above)
Delivery Date
Date
 
Generation Date
Date
 
Serial Number
String
 
Not Active Before
Date
 
Not Active After
Date
 

The credential model should not be used for new token implementations. Please use the token-based model with token-based repository.