As of Registry v3.3.0, Service Tokens can be implemented via Authenticator Plugins. As a result, Service Tokens need not be Passwords. To use Service Tokens, first set up an appropriate Authenticator. (In particular, the Password Authenticator Plugin may be useful.) Then edit (or create) the desired Registry Service and select the Authenticator in the configuration.
The LDAP Provisioner supports using PasswordAuthenticators to populate the voPersonApplicationPassword
attribute.
As of Registry v3.3.0, Service Tokens as described in this documentation have been removed. Similar functionality is available via the Password Authenticator Plugin as described above. This documentation applies to Registry v2.0.0 through v3.2.x. |
Service Tokens are currently implemented as an optional plugin, and must be enabled. Once enabled, Service Tokens will be available for all COs on the platform that have CO Services defined. |
CO Service Tokens are an implementation of application specific passwords. CO Service Tokens are based on Registry Services. CO Service Tokens are available as of v2.0.0.
There are various restrictions with the current implementation:
userPassword
attribute. It is an optional plugin, and must be enabled. Once enabled, it is configured by associating with an existing LDAP Provisioning Target and a single CO Service, for which it will write associated service tokens to the CO Person LDAP record. Be sure to order the Service Token Provisioner to run after the primary LDAP provisioner. This Plugin is likely to be replaced or removed in a future release.