Authentication Scheme Configuration

Programming Guides › Programming Guide for Java › Policy Management API › Authentication Scheme Configuration

Authentication Scheme Configuration

When you configure an authentication scheme programmatically, you provide information that would otherwise be provided through the Authentication Scheme Properties dialog box of the Policy Server UI.

When you configure an authentication scheme, you use the get... and set... methods in the SmScheme class to provide the following information:

Scheme type
SiteMinder provides a number of standard authentication scheme types (also called templates). Each authentication scheme type is configured differently. The scheme types are descibed in subsequent topics.
Description
Brief description of the authentication scheme.
Protection level
Protection level values can range from 1 through 1000. The higher the number, the greater the degree of protection provided by the scheme.
Library
An authentication scheme library performs authentication processing for the associated authentication scheme type. Each pre-defined authentication scheme is shipped with a default library, which you typically will use. But optionally, you can use a custom library instead of the default.
Parameter
Additional information that the authentication scheme requires, such as the URL of an HTML login page.

With some authentication schemes, the parameter information is constructed from field values in the Scheme Type Setup tab of the Authentication Scheme Properties dialog box. To see how a parameter string might be constructed for a given scheme type, open this dialog box, choose the appropriate scheme type, provide values to the fields in the Scheme Type Setup tab, and view the constructed parameter in the Advanced tab.

For information on providing parameter values for different authentication scheme types, see the chapter on authentication schemes in the Policy Design Guide.
Shared Secret
Information that is known to both the authentication scheme and the Policy Server. Different authentication schemes use different kinds of secrets. Most schemes use no secret.
Is template?
A flag that specifies whether the authentication scheme is a template.
Is used by administrator?
A flag that specifies whether the authentication scheme can be used to authenticate administrators.
Save Credentials?
A flag that specifies whether the user’s credentials will be saved.
Is RADIUS?
A flag that specifies whether the scheme can be used with RADIUS agents.
Ignore password check?
A flag that specifies whether password policies for the scheme are enabled. If True (1), password policies will be disabled.

Note: These categories of information can be used for different purposes in different authentication schemes. For example, with the TeleID authentication scheme, the shared secret is used to supply the encryption seed.

Anonymous Template

Use this table when configuring an authentication scheme based on the scheme type Anonymous. The Java methods referenced in the table are in the class SmScheme.

Information Type	Value Assignment and Meaning
Scheme type	setType(TypeAnonymous) The scheme type Anonymous.
Description	setDescription(description) The description of the authentication scheme.
Protection level	setLevel(0) Set to 0. Not applicable to this scheme type.
Library	setLibrary("smauthanon") The default library for this scheme type.
Parameter	setParameter(param) A string containing the guest DN. Policies associated with the guest DN must apply to anonymous users.
Shared secret	setSecret("") Set to an empty string. Not applicable to this scheme.
Is template?	setIsTemplate(0) Set to false (0) to indicate that the scheme is not a template.
Is used by administrator?	setIsUsedByAdmin(0) Set to false (0)—scheme is not used to authenticate administrators.
Save credentials?	setAllowSaveCreds(0) Set to false (0) to indicate that user credentials won’t be saved.
Is RADIUS?	setIsRadius(0) Set to false (0)—scheme is not used with RADIUS agents.
Ignore password check?	setIgnorePwCheck(1) Set to true (1)—ignore password checking.

Anonymous Template

Use this table when configuring an authentication scheme based on the scheme type Basic. The Java methods referenced in the table are in the class SmScheme.

Information Type	Value Assignment and Meaning
Scheme type	setType(TypeBasic) The scheme type Basic.
Description	setDescription(description) The description of the authentication scheme.
Protection level	setLevel(value) A value of 1 through 1000. The higher the number, the greater degree of protection provided by the scheme. Default is 5.
Library	setLibrary("smauthdir") The default library for this scheme type.
Parameter	setParameter("") Set to an empty string. Not applicable to this scheme.
Shared secret	setSecret("") Set to an empty string. Not applicable to this scheme.
Is template?	setIsTemplate(0) Set to false (0) to indicate that the scheme is not a template.
Is used by administrator?	setIsUsedByAdmin(1) Set to true (1)—scheme can be used to authenticate administrators.
Save credentials?	setAllowSaveCreds(0) Set to false (0) to indicate that user credentials won’t be saved.
Is RADIUS?	setIsRadius(1) Set to true (1)—scheme can be used with RADIUS agents.
Ignore password check?	setIgnorePwCheck(flag) Set to true (1) to ignore password checking, or false (0) to check passwords. Default is 0.

Basic Over SSL Template

Use this table when configuring an authentication scheme based on the scheme type Basic over SSL. The Java methods referenced in the table are in the class SmScheme.

Information Type	Value Assignment and Meaning
Scheme type	setType(TypeBasicOverSSL) The scheme type Basic over SSL.
Description	setDescription(description) The description of the authentication scheme.
Protection level	setLevel(value) A value of 1 through 1000. The higher the number, the greater degree of protection provided by the scheme. Default is 10.
Library	setLibrary("smauthcert") The default library for this scheme type.
Parameter	setParameter(param) A string containing the domain or IP address of the SSL server and the name of the SSL Credentials Collector (SCC). Format: https://server/SCC?basic The following example uses the default SCC: https://my.server.com/siteminderagent/ nocert/smgetcred.scc?basic
Shared secret	setSecret("") Set to an empty string. Not applicable to this scheme.
Is template?	setIsTemplate(0) Set to false (0) to indicate that the scheme is not a template.
Is used by administrator?	setIsUsedByAdmin(0) Set to false (0) for this scheme.
Save credentials?	setAllowSaveCreds(0) Set to false (0) to indicate that user credentials won’t be saved.
Is RADIUS?	setIsRadius(0) Set to false (0)—scheme is not used with RADIUS agents.
Ignore password check?	setIgnorePwCheck(flag) Set to true (1) to ignore password checking, or false (0) to check passwords. Default is 0.

Custom Template

Use this table when configuring an authentication scheme based on the scheme type Custom. You create custom schemes using the C Authentication API. For more information, see the Developer’s Guide for C. The Java methods referenced in the table are in the class SmScheme.

Information Type	Value Assignment and Meaning
Scheme type	setType(TypeCustom) The scheme type Custom.
Description	setDescription(description) The description of the authentication scheme.
Protection level	setLevel(value) A value of 0 through 1000. The higher the number, the greater degree of protection provided by the scheme. Default is 5.
Library	setLibrary(customLibName) The name of the custom shared library you created using the C Authentication API.
Parameter	setParameter(param) Any string of one or more parameters required by your custom authentication scheme. For a custom authentication scheme that uses SSL, you must supply a URL that points to a SiteMinder Web Agent library required for the SSL-based authentication.
Shared secret	setSecret(secret) The shared secret, if any, that your custom authentication scheme uses for encryption of credentials.
Is template?	setIsTemplate(0) Set to false (0) to indicate that the scheme is not a template.
Is used by administrator?	setIsUsedByAdmin(flag) Set to true (1) to specify that the scheme can be used to authenticate administrators, or to false (0) to specify that the scheme cannot be used to authenticate administrators. Default is 0.
Save credentials?	setAllowSaveCreds(0) Set to false (0) to indicate that user credentials won’t be saved.
Is RADIUS?	setIsRadius(0) Set to false (0)—scheme is not used with RADIUS agents.
Ignore password check?	setIgnorePwCheck(flag) Set to true (1) to ignore password checking, or false (0) to check passwords. Default is 0.

HTML Form Template

Use this table when configuring an authentication scheme based on the scheme type HTML Form. The Java methods referenced in the table are in the class SmScheme.

Information Type	Value Assignment and Meaning
Scheme type	setType(TypeHTMLForm) The scheme type HTML Form.
Description	setDescription(description) The description of the authentication scheme.
Protection level	setLevel(value) A value of 1 through 1000. The higher the number, the greater degree of protection provided by the scheme. Default is 5.
Library	setLibrary("smauthhtml") The default library for this scheme type.
Parameter	setParameter(param) A string containing a user attribute list plus the location of the forms credential collector (FCC). The attribute list must begin with AL= and use commas as the list delimiter character, and it must end with a semicolon—for example: AL=Password,SSN,age,zipcode; The complete parameter format is: attr-list;https:/server/fcc The following example uses the default FCC: AL=PASSWORD,SSN,age,zipcode; http://my.server.com/siteminderagent/ forms/login.fcc
Shared secret	setSecret("") Set to an empty string. Not applicable to this scheme.
Is template?	setIsTemplate(0) Set to false (0) to indicate that the scheme is not a template.
Is used by administrator?	setIsUsedByAdmin(0) Set to false (0)—scheme is not used to authenticate administrators.
Save credentials?	setAllowSaveCreds(flag) Set to true (1) to indicate that user credentials should be saved, or false (0) to indicate that user credentials should not be saved. Default is 0.
Is RADIUS?	setIsRadius(0) Set to false (0)—scheme is not used with RADIUS agents.
Ignore password check?	setIgnorePwCheck(flag) Set to true (1) to ignore password checking, or false (0) to check passwords. Default is 0.

Impersonation Template

Use this table when configuring an authentication scheme based on scheme type Impersonation. The Java methods referenced in the table are in the class SmScheme.

Information Type	Value Assignment and Meaning
Scheme type	setType(TypeImpersonation) The scheme type Impersonation.
Description	setDescription(description) The description of the authentication scheme.
Protection level	setLevel(value) A value of 1 through 1000. The higher the number, the greater degree of protection provided by the scheme. Default is 5.
Library	setLibrary("smauthimpersonate") The default library for this scheme type.
Parameter	setParameter(param) A string containing a user attribute list plus the location of the forms credential collector (FCC). The attribute list must begin with AL= and use commas as the list delimiter character, and it must end with a semicolon—for example: AL=Password,SSN,age,zipcode; The complete parameter format is: attr-list;https:/server/fcc The following example uses the default FCC: AL=PASSWORD,SSN,age,zipcode; http://my.server.com/siteminderagent/ forms/imp.fcc
Shared secret	setSecret("") Set to an empty string. Not applicable to this scheme.
Is template?	setIsTemplate(templateFlag) Set to false (0) to indicate that the scheme is not a template.
Is used by administrator?	setIsUsedByAdmin(0) Set to false (0)—scheme is not used to authenticate administrators.
Save credentials?	setAllowSaveCreds(0) Set to false (0) to indicate that user credentials won’t be saved.
Is RADIUS?	setIsRadius(0) Set to false (0)—scheme is not used with RADIUS agents.
Ignore password check?	setIgnorePwCheck(1) Set to true (1)—ignore password checking.