When you configure an authentication scheme programmatically, you provide information that would otherwise be provided through the Authentication Scheme Properties dialog of the Policy Server UI. You provide this information through the fields in the structure Sm_PolicyApi_Scheme_t.
Note: The following categories of information can be used for different purposes in different authentication schemes. For example, with the TeleID authentication scheme, the shared secret is used to supply the encryption seed.
SiteMinder provides a number of standard authentication scheme types (also known as templates). Each authentication scheme type is configured differently.
Brief description of the authentication scheme.
Protection level values can range from 1 through 1000. The higher the number, the greater the degree of protection provided by the scheme.
An authentication scheme library performs authentication processing for the associated authentication scheme type. Each predefined authentication scheme is shipped with a default library. Optionally, you can use a custom library instead of the default.
Additional information that the authentication scheme requires, such as the URL of an HTML login page. With some authentication schemes, the parameter information is constructed from field values in the Scheme Type Setup tab of the Authentication Scheme Properties dialog. To see how a parameter string is constructed for a given scheme type, open this dialog, select the appropriate scheme type, provide values to the fields in the Scheme Type Setup tab, and view the constructed parameter in the Advanced tab.
Information that is known to both the authentication scheme and the Policy Server. Different authentication schemes use different kinds of secrets. Most schemes use no secret.
A flag that specifies whether the authentication scheme is a template.
Note: Setting an authentication scheme as a template with the C Policy Management API was deprecated in SDK v6.0 SP3.
A flag that specifies whether the authentication scheme can be used to authenticate administrators.
A flag that specifies whether to save the user's credentials.
A flag that specifies whether the scheme can be used with RADIUS agents.
A flag that specifies whether password policies for the scheme are enabled. If True (1), password policies are disabled.
Note: The Ignore password check flag must be set to True for anonymous authentication schemes.
Copyright © 2014 CA.
All rights reserved.
|
|