This structure defines information about a response attribute.
Syntax
This structure has the following format:
typedef struct Sm_AgentApi_Attribute_s { long nAttributeId; long nAttributeTTL; long nAttributeFlags; char lpszAttributeOid[SM_AGENTAPI_SIZE_OID]; long nAttributeLen; char* lpszAttributeValue; } Sm_AgentApi_Attribute_t;
Parameters
This structure has the following parameters:
ID of the response attribute.
The time-to-live value (in seconds) for the response attribute. The attribute remains in cache for the duration of the TTL value.
Response attribute flag. This flag is used in the following session store functions:
See the ppRespAttributes parameter of these functions for more information.
The response attribute object identifier.
The length of the response attribute.
The null-terminated attribute value of a response attribute.
Remarks
The following well-known authentication attributes are returned by Sm_AgentApi_Login() and referenced in the nAttributeId field of the Sm_AgentApi_Attribute_t structure:
The Siteminder object id of the directory where the user was authenticated. This is the internal object id assigned to the SiteMinder user directory.
The SiteMinder "name" specification of the directory where the user was authenticated. This is the directory name specified in the SiteMinder User Directory Dialog.
The SiteMinder "server" specification of the directory where the user was authenticated. This is the directory server specified in the SiteMinder User Directory Dialog.
The SiteMinder "namespace" specification of the directory where the user was authenticated. This is the directory namespace (LDAP:, ODBC:, WinNT:, AD:) as specified in the SiteMinder User Directory Dialog.
The text presented to the user as a result of authentication. Some authentication schemes supply challenge text or a reason why an authentication has failed. A value for this attribute can be provided through the lpszUserMsg parameter of SmAuthenticate().
The user’s distinguished name as recognized by SiteMinder.
This attribute is also used in single sign-on operations.
The user’s universal id, as set in the user directory.
The user’s identity ticket. SiteMinder returns this if the user tracking feature has been enabled.
The following well-known attributes are used in single sign-on operations and referenced in the nAttributeId field of the Sm_AgentApi_Attribute_t structure:
The user’s distinguished name.
The session specification returned from the login call.
The session ID returned from the login call.
The user’s name.
The IP address of the machine where the user initiated a request for a protected resource.
The name of the agent that is decoding the token.
Maximum idle time for a session.
The time the session started after a successful login.
The time that the Policy Server was last accessed within the session.
Specifies the designation of the SSO zone name, which you provide when you call the Sm_AgentApi_CreateSSOToken method. If you do not specify a zone name, the default is "SM." You can read this value in the in the attribute list returned by the Sm_AgentApi_DecodeSSOToken method.
The following well-known management attributes are returned by Sm_AgentApi_DoManagement() and referenced in the nAttributeId field of the Sm_AgentApi_Attribute_t structure:
Instructs the agent to update the name of the affiliate agent.
Instructs the agent to update its "next" Agent key. The value contains 24 bytes of binary data.
Instructs the agent to update its "last" Agent key. The value contains 24 bytes of binary data.
Instructs the agent to update its "current" Agent key. The value contains 24 bytes of binary data.
Instructs the agent to update its static (persistent) Agent key. The value contains 24 bytes of binary data.
Instructs the agent to flush all information in its caches.
Instructs the agent to flush all user information stored in its caches.
Instructs the agent to flush all cache information pertaining to a given user. The value contains the following: <user dir oid> / <user dn>.
Instructs the agent to flush all resource information stored in its caches.
Instructs the agent to flush all resource information pertaining to a given realm. The value is a realm OID.
Copyright © 2014 CA.
All rights reserved.
|
|