This function performs session login and session validation.
The Policy Server authenticates user credentials during session login and validates the session specification during session validation. Whether the Policy Server performs session login or session validation depends on whether a session specification is defined in the field lpszSessionSpec of the structure Sm_AgentApi_Session_t, as follows:
Syntax
int SM_EXTERN Sm_AgentApi_Login ( const void* pHandle, const char* lpszClientIpAddr, const Sm_AgentApi_ResourceContext_t* pResourceContext, const Sm_AgentApi_Realm_t* pRealm, const Sm_AgentApi_UserCredentials_t* pUserCredentials, Sm_AgentApi_Session_t* pSession, long* pNumAttributes, Sm_AgentApi_Attribute_t** ppAttributes );
Parameter |
I/O |
Description |
---|---|---|
pHandle |
I |
Agent API session handle returned in parameter ppHandle of Sm_AgentApi_Init(). |
lpszClientIpAddr |
I |
The IP address of the client that the user is logging from. This is an optional parameter. If the client IP begins with a star (*), the Policy Server logs the IP address but does not validate it against a session specification. |
pResourceContext |
I |
A pointer to a resource definition structure. |
pRealm |
I |
A realm definition structure. |
pUserCredentials |
I |
A user credentials definition structure. |
pSession |
O |
A User Session definition structure. |
pNumAttributes |
O |
The number of attributes in ppAttributes. |
ppAttributes |
O |
A pointer to an array of response attribute definition structures. This function returns the following attributes, when available:
See Remarks for information about the attributes that are set when a resource is protected by an anonymous authentication scheme. |
Return Values
Remarks
Response attributes can be returned when authentication events occur. Both well-known and policy-based attributes can be returned, as described in Response Attributes. For example, upon successful authentication, a response could return the user’s DN.
When a resource is protected by an anonymous authentication scheme, only the following attributes are set:
Supply only the required credentials (as determined by a call to Sm_AgentApi_IsProtected(), which should be called before Sm_AgentApi_Login()). Unused fields in the user credentials structure must be zero-initialized.
Sm_AgentApi_Login() returns attributes in the Sm_AgentApi_Attribute_t structure. Call Sm_AgentApi_FreeAttributes() to release the attributes.
On successful login, the Sm_AgentApi_Session_t structure is populated with the session specification. If you allocated memory for this structure, it is your responsibility to deallocate it.
Example
See the example application smagentexample.cpp for an example of this function.
Copyright © 2014 CA.
All rights reserved.
|
|