Previous Topic: SAML POST TemplateNext Topic: SecurID HTML Form Template


SAML 2.0 Template

Use this table when configuring a SAML authentication scheme based on the SAML 2.0 scheme type. A Service Provider uses this authentication scheme to transparently validate a user based on the information in a SAML 2.0 assertion. This transparent validation allows functionality such as single sign-on and single logout.

When you configure a SAML 2.0 authentication scheme, you also define metadata properties for the associated Identity Provider-that is, the Identity Provider that supplies the assertion to the Service Provider.

The properties of the Identity Provider are stored with the authentication scheme object as a separate set of properties. As a result, two structures are used to configure a SAML 2.0 authentication scheme:

Information Type

Value Assignment and Meaning

Scheme type

nType=Sm_Api_SchemeType_SAML2

The scheme type SAML 2.0.

Description

pszDesc=description

The description of the authentication scheme.

Protection level

nLevel=value

A value of 1 through 1000. The higher the number, the greater degree of protection provided by the scheme. Default is 5.

Library

pszLib="smauthsaml"

The default library for this scheme type.

Parameter

pszParam=""

Set to an empty string. SiteMinder assigns a parameter value.

The parameter is a reference to the SAML 2.0 metadata properties for the associated Identity Provider. The properties are defined through Sm_PolicyApi_SAMLProviderProp_t.

 

Shared secret

pszSecret=""

Set to an empty string. Not applicable to this scheme.

Is template?

bIsTemplate=0

Set to false (0) to indicate that the scheme is not a template. Any other value is ignored.

Is used by administrator?

bIsUsedbyAdmin=0

Set to false (0)-scheme is not used to authenticate administrators.

Save credentials?

bAllowSaveCreds=0

Set to false (0) to indicate that user credentials won't be saved.

Is RADIUS?

bIsRadius=0

Set to false (0)-scheme is not used with RADIUS agents.

Ignore password check?

bIgnorePwCheck=1

Set to true (1)-ignore password checking.

More Information:

Custom Agents and Single Sign-On