Previous Topic: Sm_PolicyApi_AuthAzMap_tNext Topic: Sm_PolicyApi_Domain_t


Sm_PolicyApi_CertMap_t

Defines a SiteMinder certification mapping object.

Syntax

typedef struct Sm_PolicyApi_CertMap_s
{
   int iStructId;
   char pszOid[BFSIZE];
   char pszDesc[BFSIZE];
   char pszUserDirOid[BFSIZE];              /* Required */
   char pszIssuerDN[BFSIZE];                /* Required */
   char pszCaDN[BFSIZE];
   char pszMapAttr[BFSIZE];
   Sm_PolicyApi_CertMapFlags_t nFlags;      /* Required */
   Sm_PolicyApi_CertMapAttrType_t nAttrType;
   Sm_PolicyApi_DirType_t nDirType;         /* Required */
   struct Sm_PolicyApi_CertMap_s *next;
} Sm_PolicyApi_CertMap_t;

Field

Description

iStructId

Certificate mapping data structure ID, defined in Sm_PolicyApi_Structs_t.

pszOid

The object identifier of the certificate mapping object.

pszDesc

Brief description of the certificate mapping object.

pszUserDirOid

Object identifier of the user directory.

pszIssuerDN

DN of the server certificate.

pszCaDN

DN of the issuing Certificate Authority.

pszMapAttr

You can perform single attribute mapping or custom mapping:

  • Single Attribute Mapping

The format of the attribute is:

%{<attribute name>}

<attribute name> is the name of the attribute, matching a single attribute from the subject DN of a user's certificate to a single attribute stored in the user directory to verify the user's identity.

  • Custom Mapping

Using custom mapping expressions for complex multiple attribute mapping, you can specify multiple user attributes that should be extracted from a user DN to establish a certificate mapping. The syntax for a custom mapping expression is a parsing specification designed to enable full mapping flexibility. It indicates which information to take from the certificate and where it should be applied to in the user directory. The basic syntax is: UserAttribute=%{CertificateAttribute}, UserAttribute2=%{CertificateAttribute}

nFlags

Set one or more of these flags:

  • Sm_PolicyApi_CertMapFlags_CertRequired
  • Sm_PolicyApi_CertMapFlags_UseDistributionPoints
  • Sm_PolicyApi_CertMapFlags_VerifySignature
  • Sm_PolicyApi_CertMapFlags_CRLCheck
  • Sm_PolicyApi_CertMapFlags_Cache

 

nAttrType

This enumeration specifies how the X.509 client certificate maps to the user information in the authentication directory.

  • Sm_PolicyApi_CertMapAttrType_Single = 1
    Specify single attribute to make the Policy Server match a single attribute from the subject DN of a user's certificate to a single attribute stored in the user directory to verify the user's identity.
  • Sm_PolicyApi_CertMapAttrType_Custom = 2
    You can specify a custom mapping expression to verify the user's identity. Specify this attribute type if the mapping is based on a custom expression.
  • Sm_PolicyApi_CertMapAttrType_Exact = 3
    Specify exact attribute type to make the Policy Server match the user's entire DN from the certificate to the entire DN in the authentication directory.

nDirType

The type of directory used to authenticate users. One of these values:

  • Sm_PolicyApi_DirType_LDAP = 1
  • Sm_PolicyApi_DirType_WinNT = 2
  • Sm_PolicyApi_DirType_ODBC = 3

next

Pointer to the next registration scheme structure.