Predefined Logical Attributes

Programming Guides › Programming Guide for Java › Logical Attribute API › Predefined Logical Attributes

Predefined Logical Attributes

CA IdentityMinder includes predefined logical attributes. You can use a predefined logical attribute as is, or customize it to suit your business requirements.

The predefined logical attributes are as follows:

Password

Logical Attribute

|passwordConfirm|

|oldPassword|

Physical Attribute

Display name: Password

Well-known name: %PASSWORD%

Description

Processed by the Confirm Password Handler.

When a user specifies a new password, the password is validated against the password supplied in the confirmation field to be sure the values match.

Typically, oldPassword is defined as a hidden field, while Password and passwordConfirm are displayed.

Available for USER objects.

Password Hint

Logical Attribute

|Question1|... |Question5|

|Answer1|... |Answer5|

|Questions|

|VerifyQuestion|

|VerifyAnswer|

Physical Attribute

Well-known name: %PASSWORD_HINT% (a multi-value attribute)

For Provisioning: eTSelfAuth-Question0-4
eTSelfAuth-Answer0-4

Description

Processed by the Forgotten Password Handler.

Questions and answers for identification can be stored in the directory in various ways, depending upon the configuration. Optionally, the user can be challenged with a verification question at run time. There can be more than one verification question and answer.

Password Reset

Logical Attribute

|forcePasswordReset|

Physical Attribute

Display name: Disabled State

Well-known name: %ENABLED_STATE%

Description

Processed by the Forced Password Reset Handler.

If the administrator enables forcePasswordReset on a task screen, the user’s stored enabled state is updated so that the user must change their password during their next login.

Available for USER objects.

Enable User

Logical Attribute

|enable|

Physical Attribute

Display name: Disabled State

Well-known name: %ENABLED_STATE%

Description

Processed by the Enable User Handler.

If the administrator enables or disables a user’s account through the enable attribute, the user’s stored enabled state is updated accordingly.

Before the task screen is displayed, the user’s stored enabled state value is retrieved from the directory and converted to the logical attribute enable.

Note: If this logical attribute is not used or is empty, the user’s account is enabled by default.

Available for USER objects.

Group Subscription

Logical Attribute

|GroupSubscription|

Physical Attribute

Display name: Self Subscribing

Well-known name: %SELF_SUBSCRIBING%

Description

Processed by the Self Subscribing Handler.

Is available for GROUP objects.

If the administrator sets this attribute to TRUE, users can add themselves to the group.

The handler does the following:

Converts between physical and logical attribute values.
Validates the self-subscription value before the value is written to the data store.

More Information:

Logical Attribute Handler: Forgotten Password