CA ArcotID PKI Client Reference Guide › ArcotID PKI Client API Reference › ArcotID PKI Client Javascript APIs › SetAttribute() › Parameters

Parameters

The following are the attributes that can be set by using this API function, all the attributes are of string type.

• WalletInMemory
• StorageType
• CredentialFilter
• AID_LOOKUP_MODE
• DeviceLocking
• ScrambleStyle
• ScrambleOrder

WalletInMemory

WalletInMemory is an attribute that instructs the client to download the ArcotID PKI to memory only if set to yes, or to disk (permanent) if set to no.

Note: If the old APIs are used, then use this attribute is used to store the wallet in memory or in the hard disk.

Note: This is a deprecated attribute, use StorageType instead.

StorageType

This attribute specifies the storage location for the subsequent downloaded ArcotID PKIs. A user interface is also provided for choosing the storage location. If the user specifies any option other than MEMORY, then the WalletInMemory attribute will be deprecated.

The following are the possible values or the combination of any:

• HD

  Stores the ArcotID PKI in the hard disk.

• USB

  Stores the ArcotID PKI in the USB flash drive.

• MEMORY

  Stores the ArcotID PKI in the memory for the current browser session.

CredentialFilter

This specifies how the clients should filter the credentials while querying an ArcotID PKI, during authentication or during any other use of an ArcotID PKI. Filtering criteria can include parameters such as, storage medium or issuing CA.

A credential filter is a set of expressions containing <attribute><operator><value>. Each expression is separated by an Ampersand (&).

For example, CertSubject=~OU%3DTesting&storagetype==hd is a credential filter, which displays only ArcotID PKIs that are stored in hard disk and containing the substring OU=Testing. Equal (=) signs that appear in the values need to be encoded as %3D.

There are four supported operators:

• == exact string match
• != not exact string match
• =~ substring match
• !~ not substring match

The case-sensitivity of the match is controlled by the case of the <attribute>. If it is all lower-case then the match is case-insensitive. Therefore in the example, the CertSubject match is case-sensitive while the storage type value is not.

The supported <attribute> values are:

• userid ArcotID PKI attribute
• org ArcotID PKI attribute
• alias ArcotID PKI attribute
• input_method ArcotID PKI attribute
• scrstyle ArcotID PKI attribute
• scrorder ArcotID PKI attribute
• ShowPinKeys Y/N - derived: input_method != keyboard
• ScramblePinPad Y/N (Y when scrstyle=once or always, N when scrstyle=never)
• ScrambleAlways Y/N (Y when scrstyle=always)
• ScrambleRandom Y/N (Y when scrorder=random)
• banner ArcotID PKI attribute
• bannerURL ArcotID PKI attribute
• domain ArcotID PKI attribute
• url_main ArcotID PKI attribute
• url_help ArcotID PKI attribute
• name same as the card name
• CardName name of card
• WalletName name of wallet
• CertSubject Arcot certificate attribute
• CertIssuerSubject Arcot certificate attribute
• CertSerialNumber Arcot certificate attribute
• CertNotBefore Arcot certificate attribute
• CertNotAfter Arcot certificate attribute
• KeyTypeCode key type of Arcot private key, for example, Arcot/RSA.
• cardImage base64-encoded ArcotID PKI attribute
• label ArcotID PKI attribute
• KeyFortEnabled Y/N (Y when ArcotID PKI attribute KeyFortURL is present)
• StorageType wallet attribute - device of locally stored ArcotID PKI - value domain (hd, mem, usb, cdrom)
• storage_type
• serialnumber ArcotID PKI attribute

The value portion of the expression should be URL-encoded if it contains any of the following special characters:

'~', '!', '=', '&','<', '>'

AID_LOOKUP_MODE

This attribute specifies how the clients should search the ArcotID PKI of the users in the database. The ArcotID PKIs are searched using username, orgname, alias, or a combination of these parameters.

Note: ArcotID PKI username aliases are stored as unsigned attributes inside the ArcotID PKI. These unsigned attributes are of the format Alias.<Application Context>=<alias>. For example, Alias.safebank-online=jdoe-sb.

The following lookup modes are supported:

• USERNAME_ONLY_MODE

  Clients searches the ArcotID PKI of the user by their username and orgname.

• ALIAS_ONLY_MODE

  Client searches the ArcotID PKI of the user by their alias and orgname.

• USERNAME_AND_ALIAS_MODE

  In this mode, the client first searches the ArcotID PKI of the user by their username and orgname. If a matching ArcotID PKI is not found, then it searches the ArcotID PKI based on the orgname and alias.

  Note: This is also the default mode.

DeviceLocking

This attribute configures the device locking mechanism in various ways. If no valid attributes are provided, then the default value all is used. Attributes are delimited by Underscore, when two or more are used.

The following are the possible values for this attribute:

• all

  Uses all the below mentioned device locking techniques.

• mem

  Physical memory size of the client’s machine.

• vol

  Identifies the partition that houses the volume to be locked. The volume is identified by the volume identifier.

• mac

  The distinctive address that identifies a Network Interface Card (NIC)is called the Media Access Control (MAC) address.

  A MAC address is a unique character string that identifies a specific physical device, which means one individual NIC. Therefore, the MAC address does not change for the life of the NIC. Because your NIC's MAC address is permanent, it is often referred to as the real or physical address of a computer.

• moth

  Mother board serial number and manufacturer name. This information is not always present.

• bios

  BIOS serial number and manufacturer name. This information is not always present.

• hd

  Hard Disk model number and manufacturer name. Only fixed hard disks are included but not the removable hard disks such as external USB or memory card. Changing or removing the hard disk will change the machine identifier.

• proc

  CPU information such as model number or clock speed. If the machine in use is a multiprocessor machine then the information from all the CPUs is included.

• enc

  Enclosure information is an unique information provided by the manufacturer, such as Service Tag provided by Dell for all its computers.

ScrambleStyle

This attribute facilitates the scrambling of pin pad, which is used to enter the ArcotID PKI password. The following are the different values used to set the frequency of scrambling:

• Never

  The pin pad is never scrambled.

• Once

  The pin pad is scrambled only once, when it is initially displayed. This is the default option.

• Always

  Pin pad is scrambled every time a key is clicked or pressed.

ScrambleOrder

This attribute defines the order in which the pin pad is scrambled. It is ignored if the password is entered using keyboard or the "ScrambleStyle" is set to Never. Following are the different values for this attribute:

• random

  Scrambling is done in random manner. For example, 8403172695

• sequential

  Scrambling is done in sequential fashion. For example, 4567890123