Creating a Contract for the Smart Card

You need to create a contract that uses the NESCM method.

Creating an NMAS Class for NESCM

When you create a class, you can specify values for properties. In the following steps, you specify a property value that determines the sequence of login prompts that the user receives when authenticating with a smart card.

  1. Click Devices > Identity Servers > Edit > Local > Classes > New.

  2. Specify a display name for the class (for example, Class-NMAS-NESCM).

  3. In Java class, select NMASAuthClass.

  4. Click Next.

  5. On the Specify Properties page, click New.

  6. Specify the following values for the property:

    Property Name: Specify NMAS_LOGIN_SEQUENCE

    Property Value: Specify Enhanced Smart Card

    The Property Value matches the method name as displayed in the NMAS task > NMAS Login Methods.

  7. Click OK > Finish.

  8. Continue with Creating a Method to Use the NMAS Class.

Creating a Method to Use the NMAS Class

When you create a method, you can specify property values that are applied to just this method and not the entire class. In this tutorial, we want the method to use the same login sequence as the class. The method also allows you to specify which user stores can use the method. For a smart card method, you need to ensure that the user store or stores specified for the method have NESCM installed.

  1. Click Devices > Identity Servers > Edit > Local > Methods > New.

  2. Specify a Display name. For example, Method-NMAS-NESCM.

  3. In Class, select the class created in Creating an NMAS Class for NESCM.

  4. In Available user stores list, select the user store created in Creating a User Store for the NESCM Method, then click the left-arrow to move this user store into the User stores list.

    Leave other settings on this page unchanged.

  5. Click Finish.

  6. Continue with Creating an Authentication Contract to Use the Method.

Creating an Authentication Contract to Use the Method

Contracts are the element you can assign to a protect a resource.

  1. Click Devices > Identity Servers > Edit > Local > Contracts > New.

  2. Specify a Display name. For example, Contract-NMAS-NESCM-UserStore1.

  3. Enter a URI. For example, nescm/test/uri.

    The URI is used to identify this contract for external providers and is a unique path value that you create.

  4. In Available methods, select the method created in Creating a Method to Use the NMAS Class, then click the left-arrow to move this method into the Methods list.

    All other fields can remain in the default state.

  5. (Conditional) If you want the user’s credentials (username and password) to be available for Identity Injection policies, add the password fetch method as a second method for the contract.

    For more information, see Section 5.16.4, Password Retrieval.

  6. Click Next and specify the following details to configure a card for the contract:

    ID: (Optional) Specify an alphanumeric value that identifies the card. If you need to reference this card outside of Administration Console, you need to specify a value here. If you do not assign a value, Identity Server creates one for its internal use.

    Text: Specify the text that is displayed on the card to the user, for example Smart Card.

    Image: Select the image to display on the card. You can select the NMAS Biometrics image or you can select the Select local image option and upload an image that your users can associate with using this smart card authentication contract.

    Show Card: Determine whether the card is shown to the user, which allows the user to select and use the card for authentication. If this option is not selected, the card is only used when a service provider makes a request for the card.

  7. Click Finish > OK.

  8. Update Identity Server.

  9. Update Access Gateway.

  10. Continue with Assigning the NESCM Contract to a Protected Resource