Token model

The Token is the central concept of this endpoint. It represents a physical or virtual entity or device that supports a user in the authentication process. Examples are SecurId tokens, phone numbers or registered mobile app instances. A token consists of a unique tokenId and a configurable set of attributes. The actual set of attributes depends on the persistency implementation used.

Currently, IAM supports three different kinds of persistency implementations (aka repositories):

  • token-based: based on the IAM token data model (TokenDataProvider)
  • credential-based: based on the IAM credential bean model (CredentialPersister)
  • custom implementation: custom implementations of the GenericTokenRepository interface may be provided (see bottom of page)

Token-based repository support

The token-based repository (see also below in Configuration) is the default implementation to be used and supports the attribute set as described below. Moreover, a configurable amount of tokens can be assigned to a user.

Attribute

Data Type

Token ID

String

Serial ID

String

Enabled

Boolean

Activation Date

Date

Valid From

Date

Valid To

Date

Generation Date

Date

First Usage Date

Date

Latest Usage Date

Date

Total Usages

Integer

Tracking ID

String

Data

String

Generic Data Element 1 - 12

String

Credential-based repository support

The credential-based repository supports a limited set of attributes. At most two credentials (tokens) exist per user. I.e. a current and a next credential. The first can be accessed by Token ID <username>-current, the latter by <username>-next.

Attribute

Data Type

Information

Data

String

The data is stored either as String or in binary form on the database.

Binary data is represented as a Base64 String when read from the system.

Data Encoding

String

Value is either 'STRING' or 'BINARY' (see above)

Delivery Date

Date

Generation Date

Date

Serial Number

String

Not Active Before

Date

Not Active After

Date

The credential model should not be used for new token implementations. Please use the token-based model with token-based repository.