The AttrMap method sets or retrieves the attribute map for Certificate mapping.
Syntax
The AttrMap method has the following format:
Netegrity::PolicyMgtCertMap‑>AttrMap ([attribute_map])
Parameters
The AttrMap method accepts the following parameter:
attribute_map (string)
(Optional) Specifies the attribute map to be set.
Return Value
The AttrMap method returns one of the following values:
The CacheCRL method sets or retrieves the flag that determines whether to cache Certificate Revocation List (CRL) entries. Setting this flag causes SiteMinder to use cached CRL information until the date specified in the NextUpdate field in the CRL.
Syntax
The CacheCRL method has the following format:
Netegrity::PolicyMgtCertMap‑>CacheCRL([cacheFlag])
Parameters
The CacheCRL method accepts the following parameter:
cacheFlag (int)
(Optional) Specifies whether to cache CRL entries:
Return Value
The CacheCRL method returns one of the following values:
The CertRequired method sets or retrieves the flag that requires SiteMinder to verify that the certificate presented by the user matches the certificate stored in the user's entry in the user directory. The user directory must be an LDAP user directory.
Syntax
The CertRequired method has the following format:
Netegrity::PolicyMgtCertMap‑>CertRequired([certFlag])
Parameters
The CertRequired method accepts the following parameter:
certFlag (int)
(Optional) Specifies whether certificate verification is required:
Return Value
The CertRequired method returns one of the following values:
The CRLUserDirectory method specifies or retrieves the LDAP user directory where the Certificate Revocation List (CRL) is located.
Syntax
The CRLUserDirectory method has the following format:
Netegrity::PolicyMgtCertMap‑>CRLUserDirectory([crlDir])
Parameters
The CRLUserDirectory method accepts the following parameter:
crlDir (PolicyMgtUserDir)
(Optional) Specifies the user directory where the CRL is located.
Return Value
The CRLUserDirectory method returns one of the following values:
The Description method sets or retrieves the description of the certificate map.
Syntax
The Description method has the following format:
Netegrity::PolicyMgtCertMap‑>Description([certMapDesc])
Parameters
The Description method accepts the following parameter:
certMapDesc (string)
(Optional) Specifies the description to set.
Return Value
The Description method returns one of the following values:
The DirectoryType method sets or retrieves the type of user directory involved in the user authentication.
Syntax
The DirectoryType method has the following format:
Netegrity::PolicyMgtCertMap‑>DirectoryType([dirType])
Parameters
The DirectoryType method accepts the following parameter:
dirType (int)
(Optional) Specifies one of the following types of user directory:
Return Value
The DirectoryType method returns one of the following values:
The EnableCRL method sets or retrieves the flag that determines whether to check the Certificate Revocation List (CRL) for revoked certificates.
Syntax
The EnableCRL method has the following format:
Netegrity::PolicyMgtCertMap‑>EnableCRL([ckCRLFlag])
Parameters
The EnableCRL method accepts the following parameter:
ckCRLFlag (int)
(Optional) Specifies whether to check certificates against the CRL:
Return Value
The EnableCRL method returns one of the following values:
Remarks
A CRL is a list of revoked X.509 client certificates published by the Certificate Authority. Comparing a certificate against a CRL is one way to ensure that certificates are valid. When a user with such a certificate tries to access a protected resource, SiteMinder finds the user's certificate in the CRL and rejects the authentication.
Before you enable CRL checking, call the method PolicyMgtCertMap‑>CRLUserDirectory to specify the user directory where the CRL is located.
The IssuerDN method sets or retrieves the DN of the certificate issuer.
Syntax
The IssuerDN method has the following format:
Netegrity::PolicyMgtCertMap‑>IssuerDN([issuerDN])
Parameters
The IssuerDN method accepts the following parameter:
issuerDN (string)
(Optional) Specifies the issuer DN to set.
Return Value
The IssuerDN method returns one of the following values:
The UseDistributionPoints method sets or retrieves the flag indicating whether Certificate Revocation List (CRL) searches should use a distribution point as a starting point for a search.
Syntax
The UseDistributionPoints method has the following format:
Netegrity::PolicyMgtCertMap‑>UseDistributionPoints([distPointsFlag])
Parameters
The UseDistributionPoints method accepts the following parameters:
distPointsFlag (int)
(Optional) Specifies whether to use distribution points for CRL searches:
Return Value
The UseDistributionPoints method returns one of the following values:
Remarks
Large CRLs may contain multiple distribution points that can be used to locate a revoked user. Distribution points indicate a starting point in the CRL LDAP directory. By providing a starting point for a CRL check, distribution points save the processing time that it would take to search the entire CRL.
The VerifySignature method sets or retrieves the flag indicating whether SiteMinder should verify the Certificate Authority's signature in the Certificate Revocation List (CRL).
Syntax
The VerifySignature method has the following format:
Netegrity::PolicyMgtCertMap‑>VerifySignature([verifyFlag])
Parameters
The VerifySignature method accepts the following parameter:
verifyFlag (int)
(Optional) Specifies whether to verify the CA's signature in the CRL:
Return Value
The VerifySignature method returns one of the following values:
Copyright © 2014 CA.
All rights reserved.
|
|