3.3.5.2.3 DomainEnrollment

Synopsis

This method provides a mechanism for a client to get the member's contact signed by the management server and complete the account configuration process.

Request Preparation:

Steps for computing CSecurity:

The client MUST send a request message as defined in section 2.2.3.21. The DomainEnrollment messages are secured with the key derived from an account configuration code. The security processing rules are defined in section 3.3.5.1.1.

Generate the value of the ActivationKeySignature attribute as follows:

1. Construct a UNICODE string by concatenating  "Activation Key: " including the single space at the end with the activation key itself.

2. Convert this UNICODE string into a byte array, by treating string chars as bytes in little-endian format, not including NULL terminator.

3. Compute the SHA1 hash of the byte array.

4. Compute the SHA1 hash of the hash produced in step 3.

5. Sign the SHA1 hash produced in step 4 with the signature private key of an identity using the RSA algorithm, as defined in [PKCS1].

Response Processing:

On successful response, the client MUST update the identity template managed object and contact of the member.