Certificate Lifecycle Manager Connected Data Sources
Provisioning objects for Certificate Lifecycle Manager is accomplished by provisioning requests in ILM 2007 FP1. Since provisioning contains a number of basic steps, see the Provisioning Objects in the Connector Space topic for an overview on provisioning.
There are two options when deciding how to provision requests:
- Use the CLMUtils helper class to assist with typical provisioning scenarios.
- Write custom provisioning code to help make deterministic decisions on when to provision requests.
Provisioning CLM Objects Examples
This section provides the following topics that show how to provision various Certificate Lifecycle Manager requests:
| Example | Purpose |
|---|---|
| Example: CLM Recover Request | Shows you how to provision a recover request. |
| Example: CLM Online Update Request | Shows you how to provision an online update request. |
| Example: CLM Enroll Request | Shows you how to provision an enroll request. |
| Example: CLM Disable Request | Shows you how to provision a disable request. |
| Example: CLM Suspend Request | Shows you how to provision a suspend request. |
| Example: CLM Reinstate Request | Shows you how to provision a reinstate request. |
| Example: CLM Recover on Behalf Request | Shows you how to provision a Recover on Behalf request. |
| Example: CLM Retire Request | Shows you how to provision a retire request. |
| Example: CLM Duplicate Request | Shows you how to provision a duplicate request. |
| Example: CLM Temp Card Disable Request | Shows you how to provision a disable request for a temporary card. |
| Example: CLM Temp Card Retire Request | Shows you how to provision a retire request for a temporary card. |
| Example: CLM Enroll Linked Temp Card Request | Shows you how to provision a Linked Temp request. |
| Example: CLM Enroll Unlinked Temp Card Request | Shows you how to provision an Unlinked Temp request. |
| Example: CLM Determining Connected Profiles and Requests | Shows you how to utilize the CLMUtils class to determine the connected profiles and requests. |
Framework
Since many of the steps to provisioning a CLM object are the same, the following examples show the framework, in Visual Basic .NET and Visual C# .NET, around which the example tasks are built.
The following example shows you how to use a rules extension to provision a CLM request with the assistance of CLMUtils. This approach assumes that the business logic in CLMUtils is in line with the implementation design required by your solution.
Please refer to the more detailed specific examples of how to provision requests without the help of CLMUtils.
Dim CLMUtils As ClmUtils
Sub Initialize() Implements IMVSynchronization.Initialize
CLMUtils = New ClmUtils(New String() {
"CertificateLifecycleManagerMA"})
End Sub 'IMVSynchronization.Initialize
Sub Provision(ByVal mventry As MVEntry)
Implements IMVSynchronization.Provision
Dim CLMMA As ConnectedMA = mventry.ConnectedMAs(
"CertificateLifecycleManager")
CLMUtils.CreateEnrollRequest(CLMMA,
New Guid(mventry("objectGUID").BinaryValue),
"Smart Card User Template")
If mventry("clmRequestFlag ").IsPresent Then
Select Case mventry("clmRequestFlag").Value.ToLower()
Case "clmdisable"
CLMUtils.CreateDisableRequest(CLMMA,
New Guid(mventry("objectGUID").BinaryValue),
"Smart Card User Template")
Case "clmretire"
CLMUtils.CreateRetireRequest(CLMMA,
New Guid(mventry("objectGUID").BinaryValue),
"Smart Card User Template")
Case "clmrob"
CLMUtils.CreateRecoverOnBehalfRequest(CLMMA,
New Guid(mventry("objectGUID").BinaryValue),
"Smart Card User Template")
Case "clmsuspend"
CLMUtils.CreateSuspendRequest(CLMMA,
New Guid(mventry("objectGUID").BinaryValue),
"Smart Card User Template")
Case "clmreinstate"
CLMUtils.CreateReinstateRequest(CLMMA,
New Guid(mventry("objectGUID").BinaryValue),
"Smart Card User Template")
End Select
End If
End Sub 'IMVSynchronization.Provision
ClmUtils CLMUtils;
void IMVSynchronization.Initialize()
{
CLMUtils = new ClmUtils(new String[] {
"CertificateLifecycleManagerMA" });
}
void IMVSynchronization.Provision(MVEntry mventry)
{
ConnectedMA CLMMA = mventry.ConnectedMAs[
"CertificateLifecycleManager"];
CLMUtils.CreateEnrollRequest(CLMMA,
new Guid(mventry["objectGUID"].BinaryValue),
"Smart Card User Template");
if (mventry["clmRequestFlag "].IsPresent)
{
switch (mventry["clmRequestFlag"].Value.ToLower())
{
case "clmdisable":
CLMUtils.CreateDisableRequest(CLMMA,
new Guid(mventry["objectGUID"].BinaryValue),
"Smart Card User Template");
break;
case "clmretire":
CLMUtils.CreateRetireRequest(CLMMA,
new Guid(mventry["objectGUID"].BinaryValue),
"Smart Card User Template");
break;
case "clmrob":
CLMUtils.CreateRecoverOnBehalfRequest(CLMMA,
new Guid(mventry["objectGUID"].BinaryValue),
"Smart Card User Template");
break;
case "clmsuspend":
CLMUtils.CreateSuspendRequest(CLMMA,
new Guid(mventry["objectGUID"].BinaryValue),
"Smart Card User Template");
break;
case "clmreinstate":
CLMUtils.CreateReinstateRequest(CLMMA,
new Guid(mventry["objectGUID"].BinaryValue),
"Smart Card User Template");
break;
}
}
}
Send comments about this topic to Microsoft
Build date: 2/16/2009