2.2 Mapping OIDs to credential profiles
You can specify an existing credential profile to be used for the imported PIV card by matching an OID from one of the certificate policy extension values in the card's authentication certificate.
When MyID imports the card, the certificates from the PIV containers on the imported card are associated with the certificate policies mapped to those containers in the credential profile. If MyID is connected to the same CA that originally issued the certificates, it can then manage the imported certificates, including revoking them when using the Cancel Credential workflow. Any certificates that MyID cannot associate with policies by matching their container are imported as Unmanaged certificates; MyID cannot manage these certificates.
Alternatively, you can create a new credential profile to be used for imported cards. This credential profile is also used if MyID cannot find a match for the OID in the mappings file; see section 2.3, Setting up the credential profile.
The OID mappings are controlled by the ImportPolicyCredProfile.xml file.
Note: You can map multiple OIDs to the same credential profile, but you cannot map multiple credential profiles to the same OID.
To edit the mappings file:
-
On the MyID application server, open the ImportPolicyCredProfile.xml file in a text editor.
By default, this file is stored in the following location:
C:\Program Files\Intercede\MyID\Settings\
If the file does not exist, you must create it.
-
In the top level <mappings> node, add an entry for each OID you want to map.
Use the format:
<mapping oid="<OID>" credprofile="<credential profile name>" />
where:
-
<OID> – the OID from the extension on the certificate policy that you want to match.
-
<credential profile name> – the name of an existing credential profile in MyID.
For example:
Copy<mappings>
<mapping oid="1.2.3.4.5" credprofile="Imported PIV Card" />
<mapping oid="6.7.8.9.10" credprofile="other policy" />
</mappings> -
-
Save the file.