4.10 RequestCertificate
int RequestCertificate(MyIDCertificateRequest certificateRequest);
The RequestCertificate method requests a non-archived “Software Certificate” for the specified user, for use as a .CER certificate. This follows these rules:
-
Credential Profile must be set for “Software Certificates Only”
-
Credential Profile must have only one Certificate Policy
Note: Requests through the API do not honor validation or role restrictions assigned to the credential profile. You can request any credential profile.
4.10.1 Inputs
|
Class |
Field |
Data Type |
Description |
Allow Null? |
|---|---|---|---|---|
|
MyIDCertificateRequest |
|
|
|
No |
|
|
CertificateRequestPKCS10 |
String |
The P10 Certificate Request, in Base64 format. Note: The P10 Certificate Request content provided to this endpoint (such as the SAN) is the responsibility of the caller. |
No |
|
|
CredentialProfileName |
String |
The credential profile that this request will be made against. It must be a profile set for “Software Certificates Only”. Maps to: CardProfiles.Name |
No |
|
|
PersonIdentifier |
String |
The unique identifier for finding a person in MyID. This will map to whatever field is specified in the MyID.config file. |
No |
4.10.2 Output
The output is the Certificates.ID for the new Certificate Request. Any failures to create this request will result in an exception being thrown. Possible error scenarios are:
-
Missing data
-
The user has not been found
-
Credential profile has not been found
-
Credential profile is invalid for this certificate request
4.10.3 Mapping the user identifier
When requesting a certificate, you provide a unique identifier for a person in MyID. You can map this to a variety of fields in the MyID database; you can use the following mappings:
-
UserAccountID – the ID from the UserAccounts table.
-
LogonName – the LogonName from the UserAccounts table.
-
EmployeeID – the EmployeeID from the People table.
-
UserObjectID – the ObjectID from the UserAccounts table.
-
PersonID – the PersonID from the UserAccounts table.
-
Any field in the UserAccountsEx table; make sure it is unique to an individual person.
To map the user identifier, you must edit the MyID.config file for the CWS web service. By default, this file is in the following location:
C:\Program Files\Intercede\MyID\SSP\CredentialWebService
Open the file in a text editor, and amend the following line:
<add key="PersonIdentifier" value="LogonName"/>
Set the value to the field you want to map.
Once you have saved the file, recycle the app pool used for the Credential Web Service in IIS. This ensures that the web service is using the latest settings.