Previous Topic: Federation ProgrammingNext Topic: CLI Policy Management Methods


CLI Authentication Scheme Configuration

When you configure an authentication scheme through a Perl script, you provide information that would otherwise be provided through the Authentication Scheme Properties dialog of the Administrative UI. This section describes the information you need to configure a given authentication scheme using the Policy Management API.

Note: When modifying an authentication scheme, be sure to call Save() after calling all the configuration methods.

Configuration Information

Typically, you configure an authentication scheme when you create the scheme with CreateAuthScheme() or when you modify the scheme with the methods in the PolicyMgtAuthScheme object.

Note: The exception to this rule is an authentication scheme based on the SAML 2.0 Template. You create and configure a SAML 2.0 authentication scheme with the method CreateSAMLAuthScheme().

You can provide the following kinds of configuration information for an authentication scheme. Not every authentication scheme template uses all categories of configuration information:

Configuration Tables

The following tables will help you configure authentication schemes. Each table applies to a particular authentication scheme type and contains the following information:

The values in the Information Type column can be used for different purposes in different authentication schemes. For example, with TeleID authentication schemes, the shared secret is used to supply the encryption seed.

Anonymous Template

Use this table when configuring an authentication scheme based on the scheme type Anonymous.

Note: The Ignore password check flag must be set to True for anonymous authentication schemes.

Information Type

Value Assignment and Meaning

Scheme type

Type(templateObject)
CreateAuthScheme() param: schemeTemplate

The scheme type Anonymous.

Description

Description(schemeDesc)
CreateAuthScheme() param: schemeDesc

The description of the authentication scheme.

Protection level

ProtectionLevel(0)
CreateAuthScheme() param: protLevel

Set to 0. Not applicable to this scheme type.

Library

CustomLib("smauthanon")
CreateAuthScheme() param: schemeLib

The default library for this scheme type.

Parameter

CustomParam(param)
CreateAuthScheme() param: schemeParam

A string containing the guest DN. Policies associated with the guest DN must apply to anonymous users.

Shared secret

CustomSecret("")

CreateAuthScheme() param: secret

Set to an empty string. Not applicable to this scheme.

Is template?

IsTemplate(templateFlag)
CreateAuthScheme() param: isTemplate

Set to 0 to indicate that the scheme is not a template. Any other value is ignored.

Is used by administrator?

IsUsedByAdmin(0)
CreateAuthScheme() param: isUsedByAdmin

Set to 0—scheme is not used to authenticate administrators.

Save credentials?

SaveCredentials(0)
CreateAuthScheme() param: saveCreds

Set to 0 to indicate that user credentials will not be saved.

Is RADIUS?

IsRadius(0)
CreateAuthScheme() param: isRadius

Set to 0—scheme is not used with RADIUS agents.

Ignore password check?

IgnorePwd(1)
CreateAuthScheme() param: ignorePwd

Set to 1—ignore password checking.

Basic Over SSL Template

Use this table when configuring an authentication scheme based on the scheme type Basic over SSL.

Information Type

Value Assignment and Meaning

Scheme type

Type(templateObject)
CreateAuthScheme() param: schemeTemplate

The scheme type Basic over SSL.

Description

Description(schemeDesc)
CreateAuthScheme() param: schemeDesc

The description of the authentication scheme.

Protection level

ProtectionLevel(nLevel)
CreateAuthScheme() param: protLevel

A value of 1 through 1000. The higher the number, the greater degree of protection provided by the scheme. Default is 10.

Library

CustomLib("smauthcert")
CreateAuthScheme() param: schemeLib

The default library for this scheme type.

Parameter

CustomParam(param)
CreateAuthScheme() param: schemeParam

A string containing the domain or IP address of the SSL server and the name of the SSL Credentials Collector (SCC). Format:

https://server/SCC?basic

The following example uses the default SCC:

https://my.server.com/siteminderagent/
   nocert/smgetcred.scc?basic

Shared secret

CustomSecret("")

CreateAuthScheme() param: secret

Set to an empty string. Not applicable to this scheme.

Is template?

IsTemplate(templateFlag)
CreateAuthScheme() param: isTemplate

Set to 0 to indicate that the scheme is not a template. Any other value is ignored.

Is used by administrator?

IsUsedByAdmin(0)
CreateAuthScheme() param: isUsedByAdmin

Set to 0 for this scheme.

Save credentials?

SaveCredentials(0)
CreateAuthScheme() param: saveCreds

Set to 0 to indicate that user credentials will not be saved.

Is RADIUS?

IsRadius(0)
CreateAuthScheme() param: isRadius

Set to 0—scheme is not used with RADIUS agents.

Ignore password check?

IgnorePwd(flag)
CreateAuthScheme() param: ignorePwd

Set to 1 to ignore password checking, or 0 to check passwords. Default is 0.

Basic Template

Use this table when configuring an authentication scheme based on the scheme type Basic.

Information Type

Value Assignment and Meaning

Scheme type

Type(templateObject)
CreateAuthScheme() param: schemeTemplate

The scheme type Basic.

Description

Description(schemeDesc)
CreateAuthScheme() param: schemeDesc

The description of the authentication scheme.

Protection level

ProtectionLevel(nLevel)
CreateAuthScheme() param: protLevel

A value of 1 through 1000. The higher the number, the greater degree of protection provided by the scheme. Default is 5.

Library

CustomLib("smauthdir")
CreateAuthScheme() param: schemeLib

The default library for this scheme type.

Parameter

CustomParam("")
CreateAuthScheme() param: schemeParam

Set to an empty string. Not applicable to this scheme.

Shared secret

CustomSecret("")

CreateAuthScheme() param: secret

Set to an empty string. Not applicable to this scheme.

Is template?

IsTemplate(templateFlag)
CreateAuthScheme() param: isTemplate

Set to 0 to indicate that the scheme is not a template. Any other value is ignored.

Is used by administrator?

IsUsedByAdmin(1)
CreateAuthScheme() param: isUsedByAdmin

Set to 1—scheme can be used to authenticate administrators.

Save credentials?

SaveCredentials(0)
CreateAuthScheme() param: saveCreds

Set to 0 to indicate that user credentials will not be saved.

Is RADIUS?

IsRadius(1)
CreateAuthScheme() param: isRadius

Set to 1—scheme can be used with RADIUS agents.

Ignore password check?

IgnorePwd(flag)
CreateAuthScheme() param: ignorePwd

Set to 1 to ignore password checking, or 0 to check passwords. Default is 0.

Custom Template

Use this table when configuring an authentication scheme based on the scheme type Custom. You create custom schemes using the C-language Authentication API, which is available with the SiteMinder SDK.

Information Type

Value Assignment and Meaning

Scheme type

Type(templateObject)
CreateAuthScheme() param: schemeTemplate

The scheme type Custom.

Description

Description(schemeDesc)
CreateAuthScheme() param: schemeDesc

The description of the authentication scheme.

Protection level

ProtectionLevel(nLevel)
CreateAuthScheme() param: protLevel

A value of 0 through 1000. The higher the number, the greater degree of protection provided by the scheme. Default is 5.

Library

CustomLib(customLibName)
CreateAuthScheme() param: schemeLib

The name of the custom shared library you created using the C Authentication API.

Parameter

CustomParam(param)
CreateAuthScheme() param: schemeParam

Any string of one or more parameters required by your custom authentication scheme.

For a custom authentication scheme that uses SSL, you must supply a URL that points to a SiteMinder Web Agent library required for the SSL-based authentication.

Shared secret

CustomSecret(secret)

CreateAuthScheme() param: secret

The shared secret, if any, that your custom authentication scheme uses for encryption of credentials.

Is template?

IsTemplate(templateFlag)
CreateAuthScheme() param: isTemplate

Set to 0 to indicate that the scheme is not a template. Any other value is ignored.

Is used by administrator?

IsUsedByAdmin(flag)
CreateAuthScheme() param: isUsedByAdmin

Set to true (1) to specify that the scheme can be used to authenticate administrators, or to false (0) to specify that the scheme cannot be used to authenticate administrators. Default is 0.

Save credentials?

SaveCredentials(0)
CreateAuthScheme() param: saveCreds

Set to 0 to indicate that user credentials will not be saved.

Is RADIUS?

IsRadius(0)
CreateAuthScheme() param: isRadius

Ignore password check?

IgnorePwd(flag)
CreateAuthScheme() param: ignorePwd

Set to 1 to ignore password checking, or 0 to check passwords. Default is 0.

HTML Form Template

Use this table when configuring an authentication scheme based on the scheme type HTML Form.

Information Type

Value Assignment and Meaning

Scheme type

Type(templateObject)
CreateAuthScheme() param: schemeTemplate

The scheme type HTML Form.

Description

Description(schemeDesc)
CreateAuthScheme() param: schemeDesc

The description of the authentication scheme.

Protection level

ProtectionLevel(nLevel)
CreateAuthScheme() param: protLevel

A value of 1 through 1000. The higher the number, the greater degree of protection provided by the scheme. Default is 5.

Library

CustomLib("smauthhtml")
CreateAuthScheme() param: schemeLib

The default library for this scheme type.

Parameter

CustomParam(param)
CreateAuthScheme() param: schemeParam

A string containing a user attribute list plus the location of the forms credential collector (FCC). The attribute list must begin with AL= and use commas as the list delimiter character, and it must end with a semicolon—for example:

AL=Password,SSN,age,zipcode;

The complete parameter format is:

attr-list;https:/server/fcc

The following example uses the default FCC:

AL=PASSWORD,SSN,age,zipcode;
   http://my.server.com/siteminderagent/
   forms/login.fcc

Shared secret

CustomSecret("")

CreateAuthScheme() param: secret

Set to an empty string. Not applicable to this scheme.

Is template?

IsTemplate(templateFlag)
CreateAuthScheme() param: isTemplate

Set to 0 to indicate that the scheme is not a template. Any other value is ignored.

Is used by administrator?

IsUsedByAdmin(0)
CreateAuthScheme() param: isUsedByAdmin

Set to 0—scheme is not used to authenticate administrators.

Save credentials?

SaveCredentials(credFlag)
CreateAuthScheme() param: saveCreds

Set to 1 to indicate that user credentials should be saved, or 0 to indicate that user credentials should not be saved. Default is 0.

Is RADIUS?

IsRadius(0)
CreateAuthScheme() param: isRadius

Set to 0—scheme is not used with RADIUS agents.

Ignore password check?

IgnorePwd(flag)
CreateAuthScheme() param: ignorePwd

Set to 1 to ignore password checking, or 0 to check passwords. Default is 0.

RADIUS CHAP/PAP Template

Use this table when configuring an authentication scheme based on the scheme type RADIUS CHAP/PAP.

Information Type

Value Assignment and Meaning

Scheme type

Type(templateObject)
CreateAuthScheme() param: schemeTemplate

The scheme type RADIUS CHAP/PAP.

Description

Description(schemeDesc)
CreateAuthScheme() param: schemeDesc

The description of the authentication scheme.

Protection level

ProtectionLevel(nLevel)
CreateAuthScheme() param: protLevel

A value of 1 through 1000. The higher the number, the greater degree of protection provided by the scheme. Default is 5.

Library

CustomLib("smauthchap")
CreateAuthScheme() param: schemeLib

The default library for this scheme type.

Parameter

CustomParam(param)
CreateAuthScheme() param: schemeParam

A string containing the name of a user directory attribute. This attribute is used as the clear text password for authentication.

Shared secret

CustomSecret("")

CreateAuthScheme() param: secret

Set to an empty string. Not applicable to this scheme.

Is template?

IsTemplate(templateFlag)
CreateAuthScheme() param: isTemplate

Set to 0 to indicate that the scheme is not a template. Any other value is ignored.

Is used by administrator?

IsUsedByAdmin(0)
CreateAuthScheme() param: isUsedByAdmin

Set to 0—scheme is not used to authenticate administrators.

Save credentials?

SaveCredentials(0)
CreateAuthScheme() param: saveCreds

Set to 0 to indicate that user credentials will not be saved.

Is RADIUS?

IsRadius(1)
CreateAuthScheme() param: isRadius

Set to 1—scheme can be used with RADIUS agents.

Ignore password check?

setIgnorePwCheck(flag)

Set to 1 to ignore password checking, or 0 to check passwords. Default is 0.

RADIUS Server Template

Use this table when configuring an authentication scheme based on the scheme type RADIUS Server.

Information Type

Value Assignment and Meaning

Scheme type

Type(templateObject)
CreateAuthScheme() param: schemeTemplate

The scheme type RADIUS Server.

Description

Description(schemeDesc)
CreateAuthScheme() param: schemeDesc

The description of the authentication scheme.

Protection level

ProtectionLevel(nLevel)
CreateAuthScheme() param: protLevel

A value of 1 through 1000. The higher the number, the greater degree of protection provided by the scheme. Default is 5.

Library

CustomLib("smauthradius")
CreateAuthScheme() param: schemeLib

The default library for this scheme type.

Parameter

CustomParam(param)
CreateAuthScheme() param: schemeParam

A string containing the IP address and port of the RADIUS server—for example:

123.123.12.12:1645

The default UDP port is 1645.

Shared secret

CustomSecret(secret)

CreateAuthScheme() param: secret

The user attribute that the RADIUS Server will use as the clear text password.

Is template?

IsTemplate(templateFlag)
CreateAuthScheme() param: isTemplate

Set to 0 to indicate that the scheme is not a template. Any other value is ignored.

Is used by administrator?

IsUsedByAdmin(1)
CreateAuthScheme() param: isUsedByAdmin

Set to 1—scheme can be used to authenticate administrators.

Save credentials?

SaveCredentials(0)
CreateAuthScheme() param: saveCreds

Set to 0 to indicate that user credentials will not be saved.

Is RADIUS?

IsRadius(1)
CreateAuthScheme() param: isRadius

Set to 1—scheme can be used with RADIUS agents.

Ignore password check?

IgnorePwd(flag)
CreateAuthScheme() param: ignorePwd

Set to 1 to ignore password checking, or 0 to check passwords. Default is 0.

SafeWord HTML Form Template

Use this table when configuring an authentication scheme based on the scheme type SafeWord.

Information Type

Value Assignment and Meaning

Scheme type

Type(templateObject)
CreateAuthScheme() param: schemeTemplate

The scheme type SafeWord HTML Form.

Description

Description(schemeDesc)
CreateAuthScheme() param: schemeDesc

The description of the authentication scheme.

Protection level

ProtectionLevel(nLevel)
CreateAuthScheme() param: protLevel

A value of 1 through 1000. The higher the number, the greater degree of protection provided by the scheme. Default is 10.

Library

CustomLib("smauthenigmahtml")
CreateAuthScheme() param: schemeLib

The default library for this scheme type.

Parameter

CustomParam(param)
CreateAuthScheme() param: schemeParam

A string containing the name and location of the forms credentials collector. This example shows the default credentials collector:

http://my.server.com/
siteminderagent/forms/safeword.fcc

Shared secret

CustomSecret("")

CreateAuthScheme() param: secret

Set to an empty string. Not applicable to this scheme.

Is template?

IsTemplate(templateFlag)
CreateAuthScheme() param: isTemplate

Set to 0 to indicate that the scheme is not a template. Any other value is ignored.

Is used by administrator?

IsUsedByAdmin(1)
CreateAuthScheme() param: isUsedByAdmin

Set to 1—scheme can be used to authenticate administrators.

Save credentials?

SaveCredentials(0)
CreateAuthScheme() param: saveCreds

Set to 0 to indicate that user credentials will not be saved.

Is RADIUS?

IsRadius(1)
CreateAuthScheme() param: isRadius

Set to 1—scheme can be used with RADIUS agents.

Ignore password check?

IgnorePwd(1)
CreateAuthScheme() param: ignorePwd

Set to 1—ignore password checking.

SafeWord Template

Use this table when configuring an authentication scheme based on the scheme type SafeWord.

Information Type

Value Assignment and Meaning

Scheme type

Type(templateObject)
CreateAuthScheme() param: schemeTemplate

The scheme type SafeWord.

Description

Description(schemeDesc)
CreateAuthScheme() param: schemeDesc

The description of the authentication scheme.

Protection level

ProtectionLevel(nLevel)
CreateAuthScheme() param: protLevel

A value of 1 through 1000. The higher the number, the greater degree of protection provided by the scheme. Default is 10.

Library

CustomLib("smauthenigma")
CreateAuthScheme() param: schemeLib

The default library for this scheme type.

Parameter

CustomParam("")
CreateAuthScheme() param: schemeParam

Set to an empty string. Not applicable to this scheme.

Shared secret

CustomSecret("")

CreateAuthScheme() param: secret

Set to an empty string. Not applicable to this scheme.

Is template?

IsTemplate(templateFlag)
CreateAuthScheme() param: isTemplate

Set to 0 to indicate that the scheme is not a template. Any other value is ignored.

Is used by administrator?

IsUsedByAdmin(1)
CreateAuthScheme() param: isUsedByAdmin

Set to 1—scheme can be used to authenticate administrators.

Save credentials?

SaveCredentials(0)
CreateAuthScheme() param: saveCreds

Set to 0 to indicate that user credentials will not be saved.

Is RADIUS?

IsRadius(1)
CreateAuthScheme() param: isRadius

Set to 1—scheme can be used with RADIUS agents.

Ignore password check?

IgnorePwd(1)
CreateAuthScheme() param: ignorePwd

Set to 1—ignore password checking.

SAML Artifact Template

Use this table when configuring a SAML authentication scheme based on the profile type artifact for communicating security assertions. With the artifact profile type, the URL for retrieving the SAML assertion is referenced within the AssertionRetrievalURL portion of the Parameter string.

Information Type

Value Assignment and Meaning

Scheme type

Type(templateObject)
CreateAuthScheme() param: schemeTemplate

The scheme type SAML Artifact.

Description

Description(schemeDesc)
CreateAuthScheme() param: schemeDesc

The description of the authentication scheme.

Protection level

ProtectionLevel(nLevel)
CreateAuthScheme() param: protLevel

A value of 1 through 1000. The higher the number, the greater degree of protection provided by the scheme. Default is 5.

Library

CustomLib("smauthsaml")
CreateAuthScheme() param: schemeLib

The default library for this scheme type.

Parameter

CustomParam(param)
CreateAuthScheme() param: schemeParam

The following required parameters:

  • Name. The name of the affiliate.
  • RedirectMode. The way in which the SAML Credentials Collector redirects to the target resource. One of the following numeric values:

0. Meaning: 302 No Data.

1. Meaning: 302 Cookie Data.

2. Meaning: Server Redirect.

3. Meaning: Persist Attributes.

  • SRCID. The 20-byte source ID for the site that produces the SAML assertion. The ID is located at the SAML assertion producer’s site in the properties file AMAssertionGenerator.properties.
  • AssertionRetrievalURL. The URL for obtaining the assertion from the SAML assertion producer’s site.
  • Audience. The URI of the document that describes the agreement between the assertion producer site and the affiliate. This value is compared with the audience value specified in the SAML assertion.
  • Issuer. The SAML issuer specified in the assertion.

Parameter (con't)

  • AttributeXPath. A standard XPath query run against the SAML assertion. The query obtains the data that is substituted in a search specification that looks up a user—for example:

//saml:AttributeValue/SM:/SMContent
/SM:Smlogin/SM:Username.text()

This query gets the text of the Username element.

  • SAMLVersion. The SAML version in use: 1.0 or 1.1.
  • RetrievalMethod. One of these values:

0. Meaning: Basic authentication.

1. Meaning: Client certificate authentication.

  • attribute. The search string for looking up a user in a user directory of the specified type. Use a percent sign ( % ) to indicate where the value returned from the XPath query should be inserted. For example, if you specify attribute LDAP:uid=%s, and user1 is returned from the query, the search string used for LDAP directories is uid=user1. At least one attribute must be specified.

Format of the parameter string is as follows. Separate name-value pairs with semi-colons ( ; ). The format example includes LDAP and ODBC attributes:

Name=name;RedirectMode=0|1|2;SRCID=srcid;
AssertionRetrievalURL=url;Audience=audience;
Issuer=issuer;AttributeXpath=XPathQuery;
SAMLVersion=1.0|1.1;RetrievalMethod=0|1;
attribute=LDAP:srchSpc;attribute=ODBC:srchSpc

Shared secret

CustomSecret(secret)

CreateAuthScheme() param: secret

The password for the affiliate site. The password must match the password entered for the affiliate at the site where the SAML assertion is produced.

Is template?

IsTemplate(0)
CreateAuthScheme() param: isTemplate

Set to 0 to indicate that the scheme is not a template. Any other value is ignored.

Is used by administrator?

IsUsedByAdmin(0)
CreateAuthScheme() param: isUsedByAdmin

Set to 0—scheme cannot be used to authenticate administrators.

Save credentials?

SaveCredentials(0)
CreateAuthScheme() param: saveCreds

Set to 0 to indicate that user credentials will not be saved.

Is RADIUS?

IsRadius(0)
CreateAuthScheme() param: isRadius

Set to 0—scheme is not used with RADIUS agents.

Ignore password check?

IgnorePwd(1)
CreateAuthScheme() param: ignorePwd

Set to 1—ignore password checking.

SAML POST Template

Use this table when configuring a SAML authentication scheme based on the profile type POST for communicating security assertions. With the POST profile type, the generated SAML assertion is POSTed to the URL specified in the AssertionConsumerURL portion of the Parameter string.

Information Type

Value Assignment and Meaning

Scheme type

Type(templateObject)
CreateAuthScheme() param: schemeTemplate

The scheme type SAML POST.

Description

Description(schemeDesc)
CreateAuthScheme() param: schemeDesc

The description of the authentication scheme.

Protection level

ProtectionLevel(nLevel)
CreateAuthScheme() param: protLevel

A value of 1 through 1000. The higher the number, the greater degree of protection provided by the scheme. Default is 5.

Library

CustomLib("smauthsaml")
CreateAuthScheme() param: schemeLib

The default library for this scheme type.

Parameter

CustomParam(param)
CreateAuthScheme() param: schemeParam

The following required parameters:

  • Name. The name of the affiliate.
  • SAMLProfile. The profile type: POST.
  • SAMLVersion. The SAML version in use. The POST profile requires version 1.1.
  • RedirectMode. The way in which the SAML Credentials Collector redirects to the target resource. One of the following numeric values:

0. Meaning: 302 No Data.

1. Meaning: 302 Cookie Data.

2. Meaning: Server Redirect.

3. Meaning: Persist Attributes.

  • AssertionConsumerURL. The URL to be sent the generated assertion.
  • Audience. The URI of the document that describes the agreement between the assertion producer site and the affiliate. This value is compared with the audience value specified in the SAML assertion.
  • Issuer. The SAML issuer specified in the assertion.

 

Parameter (con't)

  • AttributeXPath. A standard XPath query run against the SAML assertion. The query obtains the data that is substituted in a search specification that looks up a user—for example:

//saml:AttributeValue/SM:/SMContent
/SM:Smlogin/SM:Username.text()

This query gets the text of the Username element.

  • attribute. The search string for looking up a user in a user directory of the specified type. Use a percent sign ( % ) to indicate where the value returned from the XPath query should be inserted. For example, if you specify attribute LDAP:uid=%s, and user1 is returned from the query, the search string used for LDAP directories is uid=user1. At least one attribute must be specified.

Format of the parameter string is as follows. Separate name-value pairs with semi-colons ( ; ). The format example includes LDAP and ODBC attributes:

Name=name;SAMLProfile=POST;
SAMLVersion=1.1;RedirectMode=0|1|2;
AssertionConsumerURL=consumerUrl;
Audience=audience;Issuer=issuer;
AttributeXpath=XPathQuery;
attribute=LDAP:srchSpc;attribute=ODBC:srchSpc

Shared secret

CustomSecret("")

CreateAuthScheme() param: secret

Set to an empty string. Not applicable to this scheme.

Is template?

IsTemplate(0)
CreateAuthScheme() param: isTemplate

Set to 0 to indicate that the scheme is not a template. Any other value is ignored.

Is used by administrator?

IsUsedByAdmin(0)
CreateAuthScheme() param: isUsedByAdmin

Set to 0—scheme cannot be used to authenticate administrators.

Save credentials?

SaveCredentials(0)
CreateAuthScheme() param: saveCreds

Set to 0 to indicate that user credentials will not be saved.

Is RADIUS?

IsRadius(0)
CreateAuthScheme() param: isRadius

Set to 0—scheme is not used with RADIUS agents.

Ignore password check?

IgnorePwd(1)
CreateAuthScheme() param: ignorePwd

Set to 1—ignore password checking.

SAML 2.0 Template

This authentication scheme is based on the SAML 2.0 scheme type. It is configured by a SAML 2.0 Service Provider.

A Service Provider uses this authentication scheme to transparently validate a user based on the information in a SAML 2.0 assertion.

An authentication scheme based on the SAML 2.0 Template differs from other types of authentication schemes in two ways:

These properties are stored with the PolicyMgtAuthScheme object as a hashtable.

For information about the metadata properties you can assign to a SAML 2.0 authentication scheme, see the section SAML 2.0 Property Reference in this guide.

Where applicable, the method CreateSAMLAuthScheme() is referenced in place of CreateAuthScheme().

Information Type

Value Assignment and Meaning

Metadata properties

CreateSAMLAuthScheme() param: propsHash_ref

The hashtable of SAML 2.0 metadata properties associated with the authentication scheme object.

Call SAMLAuthSchemeProperties() to modify metadata properties associated with an existing SAML 2.0 authentication scheme.

Scheme type

Type(templateObject)

The scheme type SAML 2.0.

Description

Description(schemeDesc)
CreateSAMLAuthScheme() param: schemeDesc

The description of the authentication scheme.

Protection level

ProtectionLevel(nLevel)
CreateSAMLAuthScheme() param: protLevel

A value of 1 through 1000. The higher the number, the greater degree of protection provided by the scheme. Default is 5.

Library

CustomLib("smauthsaml")

The default library for this scheme type.

Parameter

CustomParam(param)

Set as an empty string.

Shared secret

CustomSecret("")

Set as an empty string. Not applicable to this scheme.

Is template?

IsTemplate(0)

Set to 0 to indicate that the scheme is not a template. Any other value is ignored.

Is used by administrator?

IsUsedByAdmin(0)

Set to 0—scheme cannot be used to authenticate administrators.

Save credentials?

SaveCredentials(0)

Set to 0 to indicate that user credentials will not be saved.

Is RADIUS?

IsRadius(0)

Set to 0—scheme is not used with RADIUS agents.

Ignore password check?

IgnorePwd(1)

Set to 1—ignore password checking.

SecurID HTML Form Template

Use this table when configuring an authentication scheme based on the scheme type SecureID HTML Form.

Information Type

Value Assignment and Meaning

Scheme type

Type(templateObject)
CreateAuthScheme() param: schemeTemplate

The scheme type SecureID HTML Form.

Description

Description(schemeDesc)
CreateAuthScheme() param: schemeDesc

The description of the authentication scheme.

Protection level

ProtectionLevel(nLevel)
CreateAuthScheme() param: protLevel

A value of 1 through 1000. The higher the number, the greater degree of protection provided by the scheme. Default is 15.

Library

CustomLib("smauthacehtml")
CreateAuthScheme() param: schemeLib

The default library for this scheme type.

Parameter

CustomParam(param)
CreateAuthScheme() param: schemeParam

A string containing the name of the attribute that contains the ACE IDs, the Web server where the forms credential collector (FCC) is installed, and the target executable file required for processing SecureID authentication with forms support. It also specifies whether an SSL connection is required. Format:

attr;https://server/target

The "s" in "https" is optional, depending on whether you want an SSL connection.

The following example uses the default for processing SecureID authentication with forms support:

ace_id;https://my.server.com/siteminderagent/pwcgi/smpwservicescgi.exe

 

Shared secret

CustomSecret("")

CreateAuthScheme() param: secret

Set to an empty string. Not applicable to this scheme.

Is template?

IsTemplate(templateFlag)
CreateAuthScheme() param: isTemplate

Set to 0 to indicate that the scheme is not a template. Any other value is ignored.

Is used by administrator?

IsUsedByAdmin(0)
CreateAuthScheme() param: isUsedByAdmin

Set to 0—scheme is not used to authenticate administrators.

Save credentials?

SaveCredentials(0)
CreateAuthScheme() param: saveCreds

Set to 0 to indicate that user credentials will not be saved.

Is RADIUS?

IsRadius(0)
CreateAuthScheme() param: isRadius

Set to 0—scheme is not used with RADIUS agents.

Ignore password check?

IgnorePwd(1)
CreateAuthScheme() param: ignorePwd

Set to 1—ignore password checking.

SecurID Template

Use this table when configuring an authentication scheme based on the scheme type SecureID.

Information Type

Value Assignment and Meaning

Scheme type

Type(templateObject)
CreateAuthScheme() param: schemeTemplate

The scheme type SecureID.

Description

Description(schemeDesc)
CreateAuthScheme() param: schemeDesc

The description of the authentication scheme.

Protection level

ProtectionLevel(nLevel)
CreateAuthScheme() param: protLevel

A value of 1 through 1000. The higher the number, the greater degree of protection provided by the scheme. Default is 15.

Library

CustomLib("smauthace")
CreateAuthScheme() param: schemeLib

The default library for this scheme type.

Parameter

CustomParam(param)
CreateAuthScheme() param: schemeParam

A string containing the attribute in the authentication user directory that contains the ACE Server user ID.

 

Shared secret

CustomSecret("")

CreateAuthScheme() param: secret

Set to an empty string. Not applicable to this scheme.

Is template?

IsTemplate(templateFlag)
CreateAuthScheme() param: isTemplate

Set to 0 to indicate that the scheme is not a template. Any other value is ignored.

Is used by administrator?

IsUsedByAdmin(1)
CreateAuthScheme() param: isUsedByAdmin

Set to 1—scheme can be used to authenticate administrators.

Save credentials?

SaveCredentials(0)
CreateAuthScheme() param: saveCreds

Set to 0 to indicate that user credentials will not be saved.

Is RADIUS?

IsRadius(1)
CreateAuthScheme() param: isRadius

Set to 1—scheme can be used with RADIUS agents.

Ignore password check?

IgnorePwd(1)
CreateAuthScheme() param: ignorePwd

Set to 1—ignore password checking.

smauthetsso Authentication Scheme

This authentication scheme is similar to the SiteMinder X.509 certification scheme, but with an eSSO cookie as the authentication credential instead of an X.509 credential.

If this scheme is configured for either cookieorbasic or cookieorforms mode, and both an eSSO cookie and login name and password credentials are passed to it, the eSSO cookie is ignored, and the login name and password are used to authenticate the user to SiteMinder.

When the eSSO cookie is the only credential, the authentication scheme uses the ETWAS API to connect to the configured eSSO Policy Server to validate the cookie and extract the user Distinguished Name (DN) from it.

Use this table when configuring an an smauthetsso authentication scheme, which is based on the scheme type Custom. You create custom schemes using the C-language Authentication API, which is available with the SiteMinder SDK.

Information Type

Value Assignment and Meaning

Scheme type

Type(templateObject)
CreateAuthScheme() param: schemeTemplate

The scheme type Custom.

Description

Description(schemeDesc)
CreateAuthScheme() param: schemeDesc

The description of the authentication scheme.

Protection level

ProtectionLevel(nLevel)
CreateAuthScheme() param: protLevel

A value of 0 through 1000. The higher the number, the greater degree of protection provided by the scheme. Default is 5.

Library

CustomLib("smauthetsso")
CreateAuthScheme() param: schemeLib

The name of the library for this authentication scheme.

Parameter

CustomParam(param)
CreateAuthScheme() param: schemeParam

 

An ordered set of tokens, separated by semi-colons:
<Mode>[; <Target>]; <Admin>; <eTPS_Host>

You can add spaces to make the string easier to read.

<Mode> specifies the type of credentials that the authenticaion scheme will accept. The following values are possible:

  • cookie -- Only eTrust SSO Cookies are acceptable
  • cookieorbasic -- If an eTrust SSO Cookie is not provided, a login name and password are requested by using Basic Authentication.
  • cookieorforms -- If an eTrust SSO Cookie is not provided, a login name and password are requested by using Forms Authentication.

 

<Target> is valid only with cookieorforms mode. This is identical to the Target field for standard HTML Forms Authentication Scheme.

<Admin> specifies the login ID of an administrator for the Policy Server. The password for this administrator has been specified in the Shared Secret field.

<eTPO_Host> specifies the name of the amchine on which the Policy Server is installed.

SiteMinder will authenticate itself as <Admin> to the Policy Server on the <eTPS_Host> so that SiteMinder can request validation of eTrust SSO cookies.

Examples:

"cookie; SMPS_sso; myserver.myco.com"
"cookieorforms; /siteminderagent/forms/login.fcc; SMPS_sso; myserver.myco.com"

 

Shared secret

CustomSecret(secret)

CreateAuthScheme() param: secret

The password of the Policy Server administrator named in the Parameter field.

Is template?

IsTemplate(templateFlag)
CreateAuthScheme() param: isTemplate

Set to 0 to indicate that the scheme is not a template. Any other value is ignored.

Is used by administrator?

IsUsedByAdmin(flag)
CreateAuthScheme() param: isUsedByAdmin

Set to true (1) to specify that the scheme can be used to authenticate administrators, or to false (0) to specify that the scheme cannot be used to authenticate administrators. Default is 0.

Save credentials?

SaveCredentials(0)
CreateAuthScheme() param: saveCreds

Set to 0 to indicate that user credentials will not be saved.

Is RADIUS?

IsRadius(0)
CreateAuthScheme() param: isRadius

Set to 0—scheme is not used with RADIUS agents.

Ignore password check?

IgnorePwd(flag)
CreateAuthScheme() param: ignorePwd

Set to 1 to ignore password checking, or 0 to check passwords. Default is 0.

TeleID Template

Use this table when configuring an authentication scheme based on the scheme type TeleID.

Information Type

Value Assignment and Meaning

Scheme type

Type(templateObject)
CreateAuthScheme() param: schemeTemplate

The scheme type TeleID.

Description

Description(schemeDesc)
CreateAuthScheme() param: schemeDesc

The description of the authentication scheme.

Protection level

ProtectionLevel(nLevel)
CreateAuthScheme() param: protLevel

A value of 1 through 1000. The higher the number, the greater degree of protection provided by the scheme. Default is 15.

Library

CustomLib("smauthencotone")
CreateAuthScheme() param: schemeLib

The default library for this scheme type.

Parameter

CustomParam("")
CreateAuthScheme() param: schemeParam

Set to an empty string. Not applicable to this scheme.

Shared secret

CustomSecret(seed)

CreateAuthScheme() param: secret

The encryption seed. SiteMinder uses this value as an encryption seed for initializing hardware tokens.

Is template?

IsTemplate(templateFlag)
CreateAuthScheme() param: isTemplate

Set to 0 to indicate that the scheme is not a template. Any other value is ignored.

Is used by administrator?

IsUsedByAdmin(1)
CreateAuthScheme() param: isUsedByAdmin

Set to 1—scheme can be used to authenticate administrators.

Save credentials?

SaveCredentials(0)
CreateAuthScheme() param: saveCreds

Set to 0 to indicate that user credentials will not be saved.

Is RADIUS?

IsRadius(1)
CreateAuthScheme() param: isRadius

Set to 1—scheme can be used with RADIUS agents.

Ignore password check?

IgnorePwd(1)
CreateAuthScheme() param: ignorePwd

Set to 1—ignore password checking.

Windows Authentication Template

Use this table when configuring an Integrated Windows Authentication scheme based on the scheme type Windows Authentication (previously known as NTLM). This scheme type is used to authenticate against WinNT or Active Directory user stores.

An Active Directory can be configured to run in mixed mode or native mode. An Active Directory supports WinNT style authentication when running in mixed mode. In native mode, an Active Directory supports only LDAP style lookups.

This authentication scheme supports either mixed mode or native mode.

Information Type

Value Assignment and Meaning

Scheme type

Type(templateObject)
CreateAuthScheme() param: schemeTemplate

The scheme type Windows Authentication (NTLM).

Description

Description(schemeDesc)
CreateAuthScheme() param: schemeDesc

The description of the authentication scheme.

Protection level

ProtectionLevel(nLevel)
CreateAuthScheme() param: protLevel

A value of 1 through 1000. The higher the number, the greater degree of protection provided by the scheme. Default is 5.

Library

CustomLib("smauthntlm")
CreateAuthScheme() param: schemeLib

The default library for this scheme type.

Parameter

CustomParam(param)
CreateAuthScheme() param: schemeParam

The value of param determines the style of authentication to perform for this scheme:

NTLM authentication (for WinNT or Active Directory running in mixed mode)

Format:

iis-web-server-url/path-to-ntc-file

In the format, iis-web-server-url is the name of the IIS web server that is the target of the redirection, and path-to-ntc-file is the location of the .ntc file that collects the WinNT credentials.

For example:

http://myiiswebserver.mycompany.com/
   siteminderagent/ntlm/creds.ntc

A SiteMinder Web Agent must be installed on the specified server. By default, the Web Agent installation creates a virtual directory for NTLM credential collection.

Windows Authentication (for Active Directory running in native mode)

With this authentication style, param has an LDAP filter added to the beginning of the redirection URL. The filter and URL are separated by a semi-colon (;). For example:

cn=%{UID},ou=Users,ou=USA,dc=%{DOMAIN},
   dc=mycompany,dc=com;http://
   myiiswebserver.mycompany.com/
   siteminderagent/ntlm/creds.ntc

SiteMinder uses the LDAP filter to map credentials received from the browser/Web Agent to an LDAP DN or search filter.

Shared secret

CustomSecret("")

CreateAuthScheme() param: secret

Set to an empty string. Not applicable to this scheme.

Is template?

IsTemplate(templateFlag)
CreateAuthScheme() param: isTemplate

Set to 0 to indicate that the scheme is not a template. Any other value is ignored.

Is used by administrator?

IsUsedByAdmin(0)
CreateAuthScheme() param: isUsedByAdmin

Set to 0—scheme is not used to authenticate administrators.

Save credentials?

SaveCredentials(0)
CreateAuthScheme() param: saveCreds

Set to 0 to indicate that user credentials will not be saved.

Is RADIUS?

IsRadius(0)
CreateAuthScheme() param: isRadius

Set to 0—scheme is not used with RADIUS agents.

Ignore password check?

IgnorePwd(flag)
CreateAuthScheme() param: ignorePwd

For WinNT and for Active Directory running in mixed mode, this property must be true (1)—ignore password checking.

For Active Directory running in native mode, set to true (1) to ignore password checking, or false (0) to check passwords. Default is 0.

WS-Federation Template

This authentication scheme is based on the WS-Federation scheme type. It is configured by a WS-Federation Resource Partner.

A Resource Partner uses this authentication scheme to validate a user transparently based on the information in a SAML 1.1 assertion.

An authentication scheme based on the WS-Federation Template differs from other types of authentication schemes in two ways:

These properties are stored with the PolicyMgtAuthScheme object as a hashtable.

Note: For information about the metadata properties you can assign to a WS-Federation authentication scheme, see the section WS-Federation Property Reference in the online Policy Management API Reference.

This authentication scheme requires CA SiteMinder® Federation Legacy Federation. Legacy Federation is licensed separately.

Information Type

Value Assignment and Meaning

Metadata properties

CreateWSFEDAuthScheme() param: propsHash_ref

The hashtable of WS-Federation metadata properties associated with the authentication scheme object.

Call WSFEDAuthSchemeProperties() to modify metadata properties associated with an existing WS-Federation authentication scheme.

Scheme type

Type(templateObject)

The scheme type WSFED.

Description

Description(schemeDesc)
CreateWSFEDAuthScheme() param: schemeDesc

The description of the authentication scheme.

Protection level

ProtectionLevel(nLevel)
CreateWSFEDAuthScheme() param: protLevel

A value of 1 through 1000. The higher the number, the greater degree of protection provided by the scheme. Default is 5.

Library

CustomLib("smauthsaml")

The default library for this scheme type.

Parameter

CustomParam(param)

Set as an empty string.

Shared secret

CustomSecret("")

Set as an empty string. Not applicable to this scheme.

Is template?

IsTemplate(0)

Set to 0 to indicate that the scheme is not a template. Any other value is ignored.

Is used by administrator?

IsUsedByAdmin(0)

Set to 0—scheme cannot be used to authenticate administrators.

Save credentials?

SaveCredentials(0)

Set to 0 to indicate that user credentials will not be saved.

Is RADIUS?

IsRadius(0)

Set to 0—scheme is not used with RADIUS agents.

Ignore password check?

IgnorePwd(1)

Set to 1—ignore password checking.

X.509 Client Cert and Basic Template

Use this table when configuring an authentication scheme based on the scheme type X.509 Client Certificate and Basic.

Information Type

Value Assignment and Meaning

Scheme type

Type(templateObject)
CreateAuthScheme() param: schemeTemplate

The scheme type X.509 Client Certificate and Basic.

Description

Description(schemeDesc)
CreateAuthScheme() param: schemeDesc

The description of the authentication scheme.

Protection level

ProtectionLevel(nLevel)
CreateAuthScheme() param: protLevel

A value of 1 through 1000. The higher the number, the greater degree of protection provided by the scheme. Default is 15.

Library

CustomLib("smauthcert")
CreateAuthScheme() param: schemeLib

The default library for this scheme type.

Parameter

CustomParam(param)
CreateAuthScheme() param: schemeParam

A string containing the domain or IP address of the SSL server and the name and path of the SSL Credentials Collector (SCC). The server redirects a user’s X.509 certificate over an SSL connection. Format:

https://server:port/SCC?cert+basic

The following example uses the default SCC:

https://my.server.com:80/siteminderagent/
   cert/smgetcred.scc?cert+basic

 

Shared secret

CustomSecret("")

CreateAuthScheme() param: secret

Set to an empty string. Not applicable to this scheme.

Is template?

IsTemplate(templateFlag)
CreateAuthScheme() param: isTemplate

Set to 0 to indicate that the scheme is not a template. Any other value is ignored.

Is used by administrator?

IsUsedByAdmin(0)
CreateAuthScheme() param: isUsedByAdmin

Set to 0—scheme is not used to authenticate administrators.

Save credentials?

SaveCredentials(0)
CreateAuthScheme() param: saveCreds

Set to 0 to indicate that user credentials will not be saved.

Is RADIUS?

IsRadius(0)
CreateAuthScheme() param: isRadius

Set to 0—scheme is not used with RADIUS agents.

Ignore password check?

IgnorePwd(flag)
CreateAuthScheme() param: ignorePwd

Set to 1 to ignore password checking, or 0 to check passwords. Default is 0.

X.509 Client Cert and Form Template

Use this table when configuring an authentication scheme based on the scheme type X.509 Client Certificate and Form.

Information Type

Value Assignment and Meaning

Scheme type

Type(templateObject)
CreateAuthScheme() param: schemeTemplate

The scheme type X.509 Client Certificate and HTML Form.

Description

Description(schemeDesc)
CreateAuthScheme() param: schemeDesc

The description of the authentication scheme.

Protection level

ProtectionLevel(nLevel)
CreateAuthScheme() param: protLevel

A value of 1 through 1000. The higher the number, the greater degree of protection provided by the scheme. Default is 15.

Library

CustomLib("smauthcert")
CreateAuthScheme() param: schemeLib

The default library for this scheme type.

Parameter

CustomParam(param)
CreateAuthScheme() param: schemeParam

A string containing the domain or IP address of the SSL server and the name and path of the forms credentials collector (FCC). The server redirects a user’s X.509 certificate over an SSL connection. Format:

https://server:port/FCC?cert+forms

The following example uses the default FCC:

https://my.server.com:80/siteminderagent/
   certoptional/forms/login.fcc?cert+forms

 

Shared secret

CustomSecret("")

CreateAuthScheme() param: secret

Set to an empty string. Not applicable to this scheme.

Is template?

IsTemplate(templateFlag)
CreateAuthScheme() param: isTemplate

Set to 0 to indicate that the scheme is not a template. Any other value is ignored.

Is used by administrator?

IsUsedByAdmin(0)
CreateAuthScheme() param: isUsedByAdmin

Set to 0—scheme is not used to authenticate administrators.

Save credentials?

SaveCredentials(0)
CreateAuthScheme() param: saveCreds

Set to 0 to indicate that user credentials will not be saved.

Is RADIUS?

IsRadius(0)
CreateAuthScheme() param: isRadius

Set to 0—scheme is not used with RADIUS agents.

Ignore password check?

IgnorePwd(flag)
CreateAuthScheme() param: ignorePwd

Set to 1 to ignore password checking, or 0 to check passwords. Default is 0.

X.509 Client Cert or Basic Template

Use this table when configuring an authentication scheme based on the scheme type X.509 Client Certificate or Basic.

Information Type

Value Assignment and Meaning

Scheme type

Type(templateObject)
CreateAuthScheme() param: schemeTemplate

The scheme type X.509 Client Certificate or Basic.

Description

Description(schemeDesc)
CreateAuthScheme() param: schemeDesc

The description of the authentication scheme.

Protection level

ProtectionLevel(nLevel)
CreateAuthScheme() param: protLevel

A value of 1 through 1000. The higher the number, the greater degree of protection provided by the scheme. Default is 5.

Library

CustomLib("smauthcert")
CreateAuthScheme() param: schemeLib

The default library for this scheme type.

Parameter

CustomParam(param)
CreateAuthScheme() param: schemeParam

A string containing the following information:

  • Server for establishing an SSL connection. This server redirects a user’s X.509 certificate over an SSL connection.
  • Name and path of the SSL Credentials Collector (SSC).

If you are using basic authentication over SSL, also provide the following two pieces of information:

  • The fully qualified name of the SSL server used for establishing an SSL connection for basic authentication.
  • Name and path of the SSL Credentials Collector (SSC).

https://SSLserver:port/SCC?certorbasic;
   [https://BasicServer/SCC]

The following example uses the default SCC values:

https://my.SSLserver.com:80/siteminderagent/
   certoptional/smgetcred.scc?certorbasic;
   https://my.BasicServer.com/
   siteminderagent/nocert/smgetcred.scc

 

Shared secret

CustomSecret("")

CreateAuthScheme() param: secret

Set to an empty string. Not applicable to this scheme.

Is template?

IsTemplate(templateFlag)
CreateAuthScheme() param: isTemplate

Set to 0 to indicate that the scheme is not a template. Any other value is ignored.

Is used by administrator?

IsUsedByAdmin(0)
CreateAuthScheme() param: isUsedByAdmin

Set to 0—scheme is not used to authenticate administrators.

Save credentials?

SaveCredentials(0)
CreateAuthScheme() param: saveCreds

Set to 0 to indicate that user credentials will not be saved.

Is RADIUS?

IsRadius(0)
CreateAuthScheme() param: isRadius

Set to 0—scheme is not used with RADIUS agents.

Ignore password check?

IgnorePwd(flag)
CreateAuthScheme() param: ignorePwd

Set to 1 to ignore password checking, or 0 to check passwords. Default is 0.

X.509 Client Cert or Form Template

Use this table when configuring an authentication scheme based on the scheme type X.509 Client Certificate or Form.

Information Type

Value Assignment and Meaning

Scheme type

Type(templateObject)
CreateAuthScheme() param: schemeTemplate

The scheme type X.509 Client Certificate or HTML Form.

Description

Description(schemeDesc)
CreateAuthScheme() param: schemeDesc

The description of the authentication scheme.

Protection level

ProtectionLevel(nLevel)
CreateAuthScheme() param: protLevel

A value of 1 through 1000. The higher the number, the greater degree of protection provided by the scheme. Default is 5.

Library

CustomLib("smauthcertorform")
CreateAuthScheme() param: schemeLib

The default library for this scheme type.

Parameter

CustomParam(param)
CreateAuthScheme() param: schemeParam

A string containing the following information:

  • Server for establishing an SSL connection. This server redirects a user’s X.509 certificate over an SSL connection.
  • Name and path of the SSL and forms credentials collector (SFCC).

If you are using an alternate forms-based authentication over SSL, also provide the following two pieces of information:

  • The fully qualified name of the SSL server used for establishing an SSL connection for authentication.
  • Name and path of the Forms Credentials Collector (FCC).

https://SSLserver:port/SFCC?certorform;
   [https://BasicServer/FCC]

The following example uses the default SCC values:

https://my.SSLserver.com:80/siteminderagent/
   certoptional/forms/login.sfcc?certorform;
   https://my.BasicServer.com/
   siteminderagent/forms/login.fcc

 

Shared secret

CustomSecret("")

CreateAuthScheme() param: secret

Set to an empty string. Not applicable to this scheme.

Is template?

IsTemplate(templateFlag)
CreateAuthScheme() param: isTemplate

Set to 0 to indicate that the scheme is not a template. Any other value is ignored.

Is used by administrator?

IsUsedByAdmin(0)
CreateAuthScheme() param: isUsedByAdmin

Set to 0—scheme is not used to authenticate administrators.

Save credentials?

SaveCredentials(0)
CreateAuthScheme() param: saveCreds

Set to 0 to indicate that user credentials will not be saved.

Is RADIUS?

IsRadius(0)
CreateAuthScheme() param: isRadius

Set to 0—scheme is not used with RADIUS agents.

Ignore password check?

IgnorePwd(flag)
CreateAuthScheme() param: ignorePwd

Set to 1 to ignore password checking, or 0 to check passwords. Default is 0.

X.509 Client Cert Template

Use this table when configuring an authentication scheme based on the scheme type X.509 Client Certificate.

Information Type

Value Assignment and Meaning

Scheme type

Type(templateObject)
CreateAuthScheme() param: schemeTemplate

The scheme type X.509 Client Certificate.

Description

Description(schemeDesc)
CreateAuthScheme() param: schemeDesc

The description of the authentication scheme.

Protection level

ProtectionLevel(nLevel)
CreateAuthScheme() param: protLevel

A value of 1 through 1000. The higher the number, the greater degree of protection provided by the scheme. Default is 5.

Library

CustomLib("smauthcert")
CreateAuthScheme() param: schemeLib

The default library for this scheme type.

Parameter

CustomParam(param)
CreateAuthScheme() param: schemeParam

A string containing the domain or IP address of the server responsible for establishing the SSL connection and the name and path of the SSL Credentials Collector (SCC). The server redirects a user’s X.509 certificate over an SSL connection. Format:

https://server/SCC?cert

The following example uses the default SCC value:

https://my.server.com/siteminderagent/
   cert/smgetcred.scc?cert

 

Shared secret

CustomSecret("")

CreateAuthScheme() param: secret

Set to an empty string. Not applicable to this scheme.

Is template?

IsTemplate(templateFlag)
CreateAuthScheme() param: isTemplate

Set to 0 to indicate that the scheme is not a template. Any other value is ignored.

Is used by administrator?

IsUsedByAdmin(0)
CreateAuthScheme() param: isUsedByAdmin

Set to 0—scheme is not used to authenticate administrators.

Save credentials?

setAllowSaveCreds(0)

Set to 0 to indicate that user credentials will not be saved.

Is RADIUS?

IsRadius(0)
CreateAuthScheme() param: isRadius

Set to 0—scheme is not used with RADIUS agents.

Ignore password check?

IgnorePwd(1)
CreateAuthScheme() param: ignorePwd

Set to 1—ignore password checking.