This authentication scheme is similar to the SiteMinder X.509 certification scheme, but with an eSSO cookie as the authentication credential instead of an X.509 credential.
If this scheme is configured for either cookieorbasic or cookieorforms mode, and both an eSSO cookie and login name and password credentials are passed to it, the eSSO cookie is ignored, and the login name and password are used to authenticate the user to SiteMinder.
When the eSSO cookie is the only credential, the authentication scheme uses the ETWAS API to connect to the configured eSSO Policy Server to validate the cookie and extract the user Distinguished Name (DN) from it.
Use this table when configuring an smauthetsso authentication scheme, which is based on the Custom scheme type. The structure fields referenced in the table are in Sm_PolicyApi_Scheme_t.
Information Type |
Value Assignment and Meaning |
---|---|
Scheme type |
nType=Sm_Api_SchemeType_Custom Uses the Custom scheme type |
Description |
pszDesc=description The description of the authentication scheme. |
Protection level |
nLevel=value A value of 0 through 1000. The higher the number, the greater degree of protection provided by the scheme. Default is 5. |
Library |
pszLib="smauthetsso" The name of the library of this authentication scheme. |
Parameter |
pszParam=param An ordered set of tokens, separated by semi-colons: You can add spaces to make the string easier to read. <Mode> specifies the type of credentials that the authenticaion scheme will accept. The following values are possible:
<Target> is valid only with cookieorforms mode. This is identical to the Target field for standard HTML Forms Authentication Scheme. <Admin> specifies the login ID of an administrator for the eTrust Policy Server. The password for this administrator has been specified in the Shared Secret field. <eTPO_Host> specifies the name of the amchine on which the Policy Server is installed. SiteMinder will authenticate itself as <Admin> to the eTrust Policy Server on the <eTPS_Host> so that SiteMinder can request validation of eTrust SSO cookies. Examples:
|
Shared secret |
pszSecret=secret The password of the eTrust Policy Server administrator named in the Paramter field. |
Is template? |
bIsTemplate=0 Set to false (0) to indicate that the scheme is not a template. Any other value is ignored. |
Is used by administrator? |
bIsUsedbyAdmin=flag Set to true (1) to specify that the scheme can be used to authenticate administrators, or to false (0) to specify that the scheme cannot be used to authenticate administrators. Default is 0. |
Save credentials? |
bAllowSaveCreds=0 Set to false (0) to indicate that user credentials won't be saved. |
Is RADIUS? |
bIsRadius=0 Set to false (0)-scheme is not used with RADIUS agents. |
Ignore password check? |
bIgnorePwCheck=flag Set to true (1) to ignore password checking, or false (0) to check passwords. Default is 0. |
Copyright © 2014 CA.
All rights reserved.
|
|