Policy management consists of creating, deleting, and modifying policy objects within a SiteMinder policy store. Through the Policy Management API, you can perform most of the data manipulations that you can perform through the native Policy Server User Interface. For example, you can write a client application that allows administrators to perform tasks such as:

Creating a policy domain
Creating an Agent object
Creating an Agent configuration object
Creating a host configuration object
Registering a trusted host
Creating a SiteMinder user directory object
Creating an authentication scheme object
Creating an administrator
Creating a realm
Adding a realm to a policy domain
Creating a rule
Creating a response
Creating a policy
Adding a user or group to a policy
Adding a rule to a policy
Setting responses for rules in a policy
Migrating an entire policy store or an individual policy domain remotely

Policy Management Setup

To run applications built with the Policy Management API:

Use the Policy Server Management Console to configure the Policy Server so that it points to the policy store you want to access.
Run your Policy Management application on the same machine as the Policy Server or on a machine that has network access to the Policy Server.

Note: If an application built with the Policy Management API runs on the same machine as the Policy Server, the application must run as the same user who installed the Policy Server (for example, smuser on UNIX platforms).

Required JAR File

The JAR file smjavasdk2.jar is required for building and running Policy Management applications. The JAR file is stored in the following locations:

Windows platforms:
<install_path>\sdk\java
UNIX platforms:
<install_path>/sdk/java

Policy Store Objects

Interface SmPolicyApi is implemented by the class SmPolicyApiImpl. Use this class as the starting point for the Policy Management API. Each policy store object is associated with a class in the Policy Management API. You create and manage policy store objects through the methods in an object’s class.

Policy store objects can be classified according to scope:

Domain objects are visible only within the domain. They cannot be shared between domains.
Global objects are visible across all domains.
Global objects are sometimes called system objects.

Global objects include:

Administrators
Agent types
Agents and agent groups
Agent Configuration objects
Host Configuration objects
Trusted Hosts
Authentication schemes
Authentication/authorization maps
Certificate maps
Domains
ODBC query schemes
Password policies
Registration schemes
User directories

Domain objects include:

Policies
Realms
Responses and response groups
Response attributes
Rules and rule groups
User policies

When you are working in the Policy Server user interface, you will see most of the above objects listed in the System and Domain tabs of the SiteMinder Administration window.

Note: Descriptions in the Javadoc reference specify whether an object has global scope or domain scope.

Write a Policy Management Application

To write a Policy Management application

Establish a Connection to the Policy Server
Obtain a Session Object
Pass in the Session Object
Make Policy Management API Requests
Terminate the Administrator Session

The SiteMinder SDK contains a sample of how to use the classes and methods in the Java Policy Management API.

Establish a Connection to the Policy Server

To establish a connection to the Policy Server, use the SmApiConnection class of the Utilities package. This class holds the Agent API handle through which Java API requests are sent.

There are two types of connection handles in this class:

A default connection handle. A default connection handle:
- Represents a single instance of an Agent API object.
- Is static across the process.
- Allows connections to the Agent API object from both Policy Management and DMS clients.
You can establish multiple connections to the Policy Server through the single Agent API object instance.
A user-defined connection handle. You can create multiple user-defined connection objects; each one can support multiple connections to the Policy Server.

Obtain a Session Object

A session object is obtained when a user or administrator successfully logs in. In this case, an administrator login is required, since only administrators can perform policy management.

To log in a SiteMinder administrator and establish an administrator session, call the login() method in the SmApiSession class of the Utilities package.

Once login is successful, the session object will hold a valid administrator session specification.

Pass in the Session Object

After obtaining a valid session, create a Policy Management API object by passing the session to the constructor of the SmPolicyApiImpl class—for example:

SmPolicyApi policyApi = new SmPolicyApiImpl (apiSession);

In the example, policyApi is the new Policy Management API object and apiSession is the session obtained when the administrator successfully logged in.

Make Policy Management API Requests

After you obtain a session object and create a Policy Management API object, you are ready to make Policy Management requests. Most of the methods in the Policy Management API are categorized according to the SiteMinder object that a given method acts upon—for example, agents, policies, and rules.

There is also a Utilities category for methods that perform services, such as cache and encryption key management. Use these categories to help you find a particular Policy Management API method to use in your custom policy management applications.

Note: The methods in the policyapi package can only be called from a Siteminder administrator session.

Terminate the Administrator Session

When you are finished making Policy Management API requests, log out the administrator by calling the logout() method in the SmApiSession class of the Utilities package.

Important! After you have called the logout() method, the connection handle becomes invalid. Do not reference it again.

Administrator Methods

Unless otherwise specified, the following methods are in the class SmPolicyApiImpl. The following methods act on administrator objects. You create an administrator object by instantiating SmAdmin.

Method	Description
addAdmin()	Adds an administrator object to the policy store.
addAdminToDomain()	Associates an administrator with a domain.
deleteAdmin()	Deletes an administrator.
getAdmin()	Gets the contents of an administrator.
getAdminUserDirs()	Gets a list of user directories that an administrator can manage.
modifyAdmin()	Modifies an administrator.
removeAdminFromDomain()	Disassociates an administrator from a domain.

Agent Methods

Unless otherwise specified, the methods listed in this table are in the class SmPolicyApiImpl. The following methods act on agent objects. You create an agent object by instantiating SmAgent.

Method	Description
addAgent()	Adds an agent object to the policy store.
deleteAgent()	Deletes an agent.
getAgent()	Gets the contents of an agent.
modifyAgent()	Modifies an agent.

Agent Configuration Object Methods

Unless otherwise specified, the methods listed in this table are in the class SmPolicyApiImpl. The following methods act on agent configuration objects. You define an agent configuration object by instantiating SmAgentConfig.

Method	Description
addAgentConfig()	Adds an agent configuration object to the policy store.
deleteAgentConfig()	Deletes an agent configuration object.
getAgentConfig()	Gets the contents of an agent configuration object.
modifyAgentConfig()	Modifies an agent configuration object.

Authentication and Authorization Map Methods

Unless otherwise specified, the methods listed in this table are in the class SmPolicyApiImpl. The following methods act on authentication and authorization directory mapping objects. You create an authentication and authorization directory mapping object by instantiating SmAuthAzMap.

Method	Description
addAuthAzMap()	Adds an authentication and authorization directory mapping object to the policy store.
deleteAuthAzMap()	Deletes an authentication and authorization directory mapping object.
getAuthAzMap()	Gets the contents of an authentication and authorization directory mapping object.
modifyAuthAzMap()	Modifies an authentication and authorization directory mapping object.

Authentication Scheme Methods

Unless otherwise specified, the methods listed in this table are in the class SmPolicyApiImpl. The following methods act on authentication schemes. You create an authentication scheme by instantiating SmScheme.

Method	Description
addScheme()	Adds an authentication scheme to the policy store.
deleteScheme()	Deletes an authentication scheme.
getScheme()	Gets the contents of an authentication scheme.
modifyScheme()	Modifies an authentication scheme.

Certificate Map Methods

Unless otherwise specified, the methods listed in this table are in the class SmPolicyApiImpl. The following methods act on certificate mapping objects. You create certificate mapping objects by instantiating SmCertMap.

Method	Description
addCertMap()	Adds a certificate mapping object to the policy store.
deleteCertMap()	Deletes a certificate mapping object.
getCertMap()	Gets the contents of a certificate mapping object.
modifyCertMap()	Modifies a certificate mapping object.

Domain Methods

Unless otherwise specified, the methods listed in this table are in the class SmPolicyApiImpl. The following methods act on domain objects. You create domain objects by instantiating SmDomain.

Method	Description
addDomain()	Adds a domain object to the policy store.
deleteDomain()	Deletes a domain.
getDomain()	Gets the contents of a domain.
getDomainObject()	Gets a domain object for the specified object name or OID.
getDomainObjectNames()	Gets a list of domain objects within a domain.
isDomainObject()	Indicates whether an object is a domain object. In classes SmObjectImpl, SmDomainObjectImpl.
modifyDomain()	Modifies a domain.

General Object Methods

Unless otherwise specified, the methods listed in this table are in the class SmPolicyApiImpl. The following methods act on multiple types of objects.

Method	Description
getGlobalObjectNames()	Gets a list of global objects.
getObject()	Gets a global object for the specified object name or OID.
getOid()	Retrieves an object identifier for an object. In class SmObjectImpl.
isWriteable()	Specifies whether an object is writeable. In classes SmAgentType, SmDomainObjectImpl, and SmObjectImpl.
renameObject()	Renames an object.

Group Methods

Unless otherwise specified, the methods listed in this table are in the class SmPolicyApiImpl. The following methods act on group objects. Group objects are created with SmAgentGroup (for agent groups), SmResponseGroup (for response groups), or SmRuleGroup (for rule groups).

Method	Description
addGroup()	Adds an agent, response, or rule group to the policy store.
addToGroup()	Adds a group element of type rule, response, or agent to the specified group.
deleteGroup()	Deletes an existing group.
getGroup()	Gets the contents of an existing group.
getGroupMembers()	Get a list of groups of all types.
modifyGroup()	Modify a group.
removeFromGroup()	Removes a group element from a group.

Host Configuration Object Methods

Unless otherwise specified, the methods listed in this table are in the class SmPolicyApiImpl. The following methods act on host configuration objects. You define a host configuration object by instantiating SmHostConfig.

Method	Description
addHostConfig()	Adds a host configuration object to the policy store.
deleteHostConfig()	Deletes a host configuration object.
getHostConfig()	Gets the contents of a host configuration object.
modifyHostConfig()	Modifies a host configuration object.

ODBC Query Scheme Methods

Unless otherwise specified, the methods listed in this table are in the class SmPolicyApiImpl. The following methods act on ODBC Query schemes. You create ODBC Query schemes by instantiating SmODBCQuery.

Method	Description
addODBCQuery()	Adds an ODBC query object to the policy store.
deleteODBCQuery()	Deletes an ODBC query object.
getODBCQuery()	Gets the contents of an ODBC query object.
modifyODBCQuery()	Modifies an ODBC query object.

Password Policy Methods

Unless otherwise specified, the methods listed in this table are in the class SmPolicyApiImpl. The following methods act on password policy objects. You create password policy objects by instantiating SmPasswordPolicy.

Method	Description
addPasswordPolicy()	Adds a password policy object to the policy store.
deletePasswordPolicy()	Deletes a password policy.
getPasswordPolicy()	Gets the contents of a password policy.
isEnabled()	Specifies whether the password policy is enabled. In class SmPasswordPolicy.
isEntireDir()	Specifies whether the password policy applies to the entire directory. In class SmPasswordPolicy.
modifyPasswordPolicy()	Modifies a password policy.

Policy Methods

The following methods act on policy and policy link objects. A policy link is an association of a policy, a rule, and optionally, a response. Unless otherwise specified, these methods are in the class SmPolicyApiImpl.

Policy objects are created with SmPolicy. Policy link objects are created with SmPolicyLink.

Method	Description
addPolicy()	Adds a policy object to the policy store.
addPolicyLink()	Adds a policy link to a policy.
deletePolicy()	Deletes the policy associated with the specified domain.
deletePolicyLink()	Removes a policy link from a policy.
getPolicy()	Gets the contents of a policy.
getPolicyLinks()	Gets all of the policy links for the specified policy and domain.
modifyPolicy()	Modify the policy associated with the specified domain.
modifyPolicyLink()	Modifies the specified policy link.

Realm Methods

The following methods act on realm objects. Realm objects are created with SmRealm.

Method	Description
addRealm(()	Adds a realm object to the policy store.
deleteRealm()	Deletes a realm.
getRealm()	Gets the contents of a realm.
getRealmRules()	Gets all the rules for the specified realm and domain.
getRealmUserPolicies()	Gets a list of user policies that can access a realm.
modifyRealm()	Modifies the specified realm.

Response Methods

The following methods act on response and response attribute objects. Unless otherwise specified, these methods are in the class SmPolicyApiImpl. Response objects are created with SmResponse. Response attribute objects are created with SmResponseAttr.

Method	Description
addResponse()	Adds a response object to the policy store.
addResponseAttr()	Creates a response attribute and associates it with a response.
deleteResponse()	Deletes a response.
deleteResponseAttribute()	Deletes a response attribute.
getResponse()	Gets the contents of a response.
getResponseAttrs()	Gets a list of attributes for the specified response.
modifyResponse()	Modify the specified response.
setResponseInPolicyLink()	Changes the response for the specified policy link.

Root Configuration Methods

The following methods act on root configuration objects. Unless otherwise specified, the methods listed in this table are in the class SmPolicyApiImpl. You create root configuration objects by instantiating SmRootConfig.

Method	Description
addRootConfig()	Adds a root configuration object to the policy store.
deleteRootConfig()	Deletes a root configuration.
getRootConfig()	Gets the contents of a root configuration.
modifyRootConfig()	Modifies a root configuration.

Rule Methods

The following methods act on rule objects. Unless otherwise specified, the methods listed in this table are in the class SmPolicyApiImpl. You create rule objects by instantiating SmRule.

Method	Description
addRule()	Adds a rule object to the policy store.
deleteRule()	Deletes a rule.
getRule()	Gets the contents of a rule.
modifyRule()	Modifies a rule.

Self-Registration Methods

The following methods act on self-registration objects. Unless otherwise specified, the methods listed in this table are in the class SmPolicyApiImpl. You create self-registration objects by instantiating SmSelfReg.

Method	Description
addSelfReg()	Adds a self-registration object to the policy store.
deleteSelfReg()	Deletes a self-registration object.
getSelfReg()	Gets the contents of a self-registration object.
modifySelfReg()	Modifies a self-registration object.

Trusted Host Object Methods

The following methods act on Trusted Host objects. Unless otherwise specified, the methods listed in this table are in the class SmPolicyApiImpl. You define a Trusted Host object by instantiating SmTrustedHost.

Method	Description
addTrustedHost()	Registers a trusted host with the Policy Server.
deleteTrustedHost()	Deletes a trusted host object.

User Directory Methods

User management functionality is provided in the DMS API. However, the Policy Management API provides methods for getting and setting user attributes. These methods are in the SmUserDirectory class.

For example:

To specify which user attribute holds the disabled state of the user, call setDisabledAttr() in SmUserDirectory.
To disable and enable users, use the DMS API.
The following methods act on user directory objects. Unless otherwise specified, the methods listed in this section are in the class SmPolicyApiImpl. You create user directory objects by instantiating SmUserDirectory.

Method	Description
addUserDirectory()	Adds a user directory object to the policy store.
addUserDirToDomain()	Associates an existing user directory with a domain.
deleteUserDirectory()	Deletes a user directory.
getDirectoryContents()	Gets a list of distinguished names and classes for the specified user directory.
getUserDirectory()	Gets the contents of a user directory.
getUserDirSearchOrder()	Retrieves the search order of user directories for a domain by retrieving a vector of user directory names.
lookupDirectory()	Gets a list of distinguished names and classes for the specified user directory and search pattern.
modifyUserDirectory()	Modifies a user directory.
removeUserDirFromDomain()	Disassociates an existing user directory from a domain.
setUserDirSearchOrder()	Sets the search order of user directories in a domain.

User Policy Methods

The following methods act on user policy objects. Unless otherwise specified, the methods listed in this table are in the class SmPolicyApiImpl. You create user policy objects by instantiating SmUserPolicy.

Method	Description
addUserPolicy()	Adds a user policy object to the policy store.
deleteUserPolicy()	Deletes a user policy for a specified domain.
getUserPolicies()	Gets all the user policies for the specified policy and domain.

Utility Methods

The following methods provide a variety of services, including cache and encryption key management. Unless otherwise specified, the methods listed in this table are in the class SmPolicyApiImpl.

Method	Description
changeDynamicKey()	Changes a dynamic encryption key.
changePersistentKey()	Changes the persistent encryption key.
changeSessionKey()	Changes the session encryption key.
flushAll()	Flushes all SiteMinder caches.
flushRealm()	Flushes a realm from the resource cache.
flushRealms()	Flushes all realms from the resource cache.
flushUser()	Flushes a user from the user information cache.
flushUsers()	Flushes all users from the information cache.
search()	Searches the specified object.
setApiSession()	Sets the API session object.

Object Associations

Some objects can be associated with or disassociated from one another—for example, AddAdminToDomain() adds an administrator object to a domain, and RemoveAdminFromDomain() removes an administrator object from a domain. An add-to operation requires that both objects exist prior to the call. After a remove-from operation, both objects still exist, but they are no longer associated with one other.

When you are looking for a method that associates or disassociates two objects, look in the category of the method that you are adding or removing. For example, AddAdminToDomain() and RemoveAdminFromDomain() are both found in Administrator Methods.

Add Objects to the Policy Store

After creating a Policy Management API object, you can create objects to add to the policy store.

To add objects to the policy store

Create an object to be added to the policy store.
For example, if you want to create an agent object:
```
SmAgent agent = new SmAgent();
```

Set the appropriate fields for the object—for example:

agent.setName ("myAgent");
agent.setSecret ("siteminder");
agent.setDescription ("Sample agent");
agent.setAgentType (SmAgentType.DefaultAgentType);

Add the object to the policy store, as follows:
- Call the add... method for the object you just created—for example, addAgent() for an agent object, or addDomain() for a domain object—and pass in the object you want to add to the policy store.
- Returning the result into a result object.
For example:
```
result = policyApi.addAgent(agent);
```
Examine the result.

If the call is successful:

The method returns an SmApiResult object whose isSuccess() method returns true.
The object is added to the SiteMinder policy store.
The Oid field in the corresponding object structure is set to the object identifier.

Retrieve Objects from the Policy Store

To retrieve an object from the policy store

Create an object of the relevant class to store the returned properties. For example, the following code creates an agent object:
```
SmAgent myAgent = new SmAgent();
```
Call the appropriate get... function for the object you just created—for example, getAgent() for an agent object, or getDomain() for a domain object—and pass in the object you just created. For example, if you’re retrieving an agent named myAgent:
```
result = myPolicyApi.getAgent ("myAgent", myAgent);
```

If the method succeeds, it populates myAgent with the properties of the specified agent object. (If a get... method retrieves a list, the list is written to a vector.) If no matching objects are found, the properties of the receiving object retain their initial values.

Delete Objects from the Policy Store

A delete operation deletes an object from the policy store. You can only delete one object at a time from the policy store.

To delete an object, use the object-deletion method for the object you’re deleting—for example, deleteAgent() for an agent object, or deleteDomain() for a domain object

Authentication Scheme Configuration

When you configure an authentication scheme programmatically, you provide information that would otherwise be provided through the Authentication Scheme Properties dialog box of the Policy Server UI.

When you configure an authentication scheme, you use the get... and set... methods in the SmScheme class to provide the following information:

Scheme type
SiteMinder provides a number of standard authentication scheme types (also called templates). Each authentication scheme type is configured differently. The scheme types are descibed in subsequent topics.
Description
Brief description of the authentication scheme.
Protection level
Protection level values can range from 1 through 1000. The higher the number, the greater the degree of protection provided by the scheme.
Library
An authentication scheme library performs authentication processing for the associated authentication scheme type. Each pre-defined authentication scheme is shipped with a default library, which you typically will use. But optionally, you can use a custom library instead of the default.
Parameter
Additional information that the authentication scheme requires, such as the URL of an HTML login page.

With some authentication schemes, the parameter information is constructed from field values in the Scheme Type Setup tab of the Authentication Scheme Properties dialog box. To see how a parameter string might be constructed for a given scheme type, open this dialog box, choose the appropriate scheme type, provide values to the fields in the Scheme Type Setup tab, and view the constructed parameter in the Advanced tab.

For information on providing parameter values for different authentication scheme types, see the chapter on authentication schemes in the Policy Design Guide.
Shared Secret
Information that is known to both the authentication scheme and the Policy Server. Different authentication schemes use different kinds of secrets. Most schemes use no secret.
Is template?
A flag that specifies whether the authentication scheme is a template.
Is used by administrator?
A flag that specifies whether the authentication scheme can be used to authenticate administrators.
Save Credentials?
A flag that specifies whether the user’s credentials will be saved.
Is RADIUS?
A flag that specifies whether the scheme can be used with RADIUS agents.
Ignore password check?
A flag that specifies whether password policies for the scheme are enabled. If True (1), password policies will be disabled.

Note: These categories of information can be used for different purposes in different authentication schemes. For example, with the TeleID authentication scheme, the shared secret is used to supply the encryption seed.

Anonymous Template

Use this table when configuring an authentication scheme based on the scheme type Anonymous. The Java methods referenced in the table are in the class SmScheme.

Information Type	Value Assignment and Meaning
Scheme type	setType(TypeAnonymous) The scheme type Anonymous.
Description	setDescription(description) The description of the authentication scheme.
Protection level	setLevel(0) Set to 0. Not applicable to this scheme type.
Library	setLibrary("smauthanon") The default library for this scheme type.
Parameter	setParameter(param) A string containing the guest DN. Policies associated with the guest DN must apply to anonymous users.
Shared secret	setSecret("") Set to an empty string. Not applicable to this scheme.
Is template?	setIsTemplate(0) Set to false (0) to indicate that the scheme is not a template.
Is used by administrator?	setIsUsedByAdmin(0) Set to false (0)—scheme is not used to authenticate administrators.
Save credentials?	setAllowSaveCreds(0) Set to false (0) to indicate that user credentials won’t be saved.
Is RADIUS?	setIsRadius(0) Set to false (0)—scheme is not used with RADIUS agents.
Ignore password check?	setIgnorePwCheck(1) Set to true (1)—ignore password checking.

Anonymous Template

Use this table when configuring an authentication scheme based on the scheme type Basic. The Java methods referenced in the table are in the class SmScheme.

Information Type	Value Assignment and Meaning
Scheme type	setType(TypeBasic) The scheme type Basic.
Description	setDescription(description) The description of the authentication scheme.
Protection level	setLevel(value) A value of 1 through 1000. The higher the number, the greater degree of protection provided by the scheme. Default is 5.
Library	setLibrary("smauthdir") The default library for this scheme type.
Parameter	setParameter("") Set to an empty string. Not applicable to this scheme.
Shared secret	setSecret("") Set to an empty string. Not applicable to this scheme.
Is template?	setIsTemplate(0) Set to false (0) to indicate that the scheme is not a template.
Is used by administrator?	setIsUsedByAdmin(1) Set to true (1)—scheme can be used to authenticate administrators.
Save credentials?	setAllowSaveCreds(0) Set to false (0) to indicate that user credentials won’t be saved.
Is RADIUS?	setIsRadius(1) Set to true (1)—scheme can be used with RADIUS agents.
Ignore password check?	setIgnorePwCheck(flag) Set to true (1) to ignore password checking, or false (0) to check passwords. Default is 0.

Basic Over SSL Template

Use this table when configuring an authentication scheme based on the scheme type Basic over SSL. The Java methods referenced in the table are in the class SmScheme.

Information Type	Value Assignment and Meaning
Scheme type	setType(TypeBasicOverSSL) The scheme type Basic over SSL.
Description	setDescription(description) The description of the authentication scheme.
Protection level	setLevel(value) A value of 1 through 1000. The higher the number, the greater degree of protection provided by the scheme. Default is 10.
Library	setLibrary("smauthcert") The default library for this scheme type.
Parameter	setParameter(param) A string containing the domain or IP address of the SSL server and the name of the SSL Credentials Collector (SCC). Format: https://server/SCC?basic The following example uses the default SCC: https://my.server.com/siteminderagent/ nocert/smgetcred.scc?basic
Shared secret	setSecret("") Set to an empty string. Not applicable to this scheme.
Is template?	setIsTemplate(0) Set to false (0) to indicate that the scheme is not a template.
Is used by administrator?	setIsUsedByAdmin(0) Set to false (0) for this scheme.
Save credentials?	setAllowSaveCreds(0) Set to false (0) to indicate that user credentials won’t be saved.
Is RADIUS?	setIsRadius(0) Set to false (0)—scheme is not used with RADIUS agents.
Ignore password check?	setIgnorePwCheck(flag) Set to true (1) to ignore password checking, or false (0) to check passwords. Default is 0.

Custom Template

Use this table when configuring an authentication scheme based on the scheme type Custom. You create custom schemes using the C Authentication API. For more information, see the Developer’s Guide for C. The Java methods referenced in the table are in the class SmScheme.

Information Type	Value Assignment and Meaning
Scheme type	setType(TypeCustom) The scheme type Custom.
Description	setDescription(description) The description of the authentication scheme.
Protection level	setLevel(value) A value of 0 through 1000. The higher the number, the greater degree of protection provided by the scheme. Default is 5.
Library	setLibrary(customLibName) The name of the custom shared library you created using the C Authentication API.
Parameter	setParameter(param) Any string of one or more parameters required by your custom authentication scheme. For a custom authentication scheme that uses SSL, you must supply a URL that points to a SiteMinder Web Agent library required for the SSL-based authentication.
Shared secret	setSecret(secret) The shared secret, if any, that your custom authentication scheme uses for encryption of credentials.
Is template?	setIsTemplate(0) Set to false (0) to indicate that the scheme is not a template.
Is used by administrator?	setIsUsedByAdmin(flag) Set to true (1) to specify that the scheme can be used to authenticate administrators, or to false (0) to specify that the scheme cannot be used to authenticate administrators. Default is 0.
Save credentials?	setAllowSaveCreds(0) Set to false (0) to indicate that user credentials won’t be saved.
Is RADIUS?	setIsRadius(0) Set to false (0)—scheme is not used with RADIUS agents.
Ignore password check?	setIgnorePwCheck(flag) Set to true (1) to ignore password checking, or false (0) to check passwords. Default is 0.

HTML Form Template

Use this table when configuring an authentication scheme based on the scheme type HTML Form. The Java methods referenced in the table are in the class SmScheme.

Information Type	Value Assignment and Meaning
Scheme type	setType(TypeHTMLForm) The scheme type HTML Form.
Description	setDescription(description) The description of the authentication scheme.
Protection level	setLevel(value) A value of 1 through 1000. The higher the number, the greater degree of protection provided by the scheme. Default is 5.
Library	setLibrary("smauthhtml") The default library for this scheme type.
Parameter	setParameter(param) A string containing a user attribute list plus the location of the forms credential collector (FCC). The attribute list must begin with AL= and use commas as the list delimiter character, and it must end with a semicolon—for example: AL=Password,SSN,age,zipcode; The complete parameter format is: attr-list;https:/server/fcc The following example uses the default FCC: AL=PASSWORD,SSN,age,zipcode; http://my.server.com/siteminderagent/ forms/login.fcc
Shared secret	setSecret("") Set to an empty string. Not applicable to this scheme.
Is template?	setIsTemplate(0) Set to false (0) to indicate that the scheme is not a template.
Is used by administrator?	setIsUsedByAdmin(0) Set to false (0)—scheme is not used to authenticate administrators.
Save credentials?	setAllowSaveCreds(flag) Set to true (1) to indicate that user credentials should be saved, or false (0) to indicate that user credentials should not be saved. Default is 0.
Is RADIUS?	setIsRadius(0) Set to false (0)—scheme is not used with RADIUS agents.
Ignore password check?	setIgnorePwCheck(flag) Set to true (1) to ignore password checking, or false (0) to check passwords. Default is 0.

Impersonation Template

Use this table when configuring an authentication scheme based on scheme type Impersonation. The Java methods referenced in the table are in the class SmScheme.

Information Type	Value Assignment and Meaning
Scheme type	setType(TypeImpersonation) The scheme type Impersonation.
Description	setDescription(description) The description of the authentication scheme.
Protection level	setLevel(value) A value of 1 through 1000. The higher the number, the greater degree of protection provided by the scheme. Default is 5.
Library	setLibrary("smauthimpersonate") The default library for this scheme type.
Parameter	setParameter(param) A string containing a user attribute list plus the location of the forms credential collector (FCC). The attribute list must begin with AL= and use commas as the list delimiter character, and it must end with a semicolon—for example: AL=Password,SSN,age,zipcode; The complete parameter format is: attr-list;https:/server/fcc The following example uses the default FCC: AL=PASSWORD,SSN,age,zipcode; http://my.server.com/siteminderagent/ forms/imp.fcc
Shared secret	setSecret("") Set to an empty string. Not applicable to this scheme.
Is template?	setIsTemplate(templateFlag) Set to false (0) to indicate that the scheme is not a template.
Is used by administrator?	setIsUsedByAdmin(0) Set to false (0)—scheme is not used to authenticate administrators.
Save credentials?	setAllowSaveCreds(0) Set to false (0) to indicate that user credentials won’t be saved.
Is RADIUS?	setIsRadius(0) Set to false (0)—scheme is not used with RADIUS agents.
Ignore password check?	setIgnorePwCheck(1) Set to true (1)—ignore password checking.

RADIUS CHAP/PAP Template

Use this table when configuring an authentication scheme based on the scheme type RADIUS CHAP/PAP. The Java methods referenced in the table are in the class SmScheme.

Information Type	Value Assignment and Meaning
Scheme type	setType(TypeRadiusChapPap) The scheme type RADIUS CHAP/PAP.
Description	setDescription(description) The description of the authentication scheme.
Protection level	setLevel(value) A value of 1 through 1000. The higher the number, the greater degree of protection provided by the scheme. Default is 5.
Library	setLibrary("smauthchap") The default library for this scheme type.
Parameter	setParameter(param) A string containing the name of a user directory attribute. This attribute is used as the clear text password for authentication.
Shared secret	setSecret("") Set to an empty string. Not applicable to this scheme.
Is template?	setIsTemplate(0) Set to false (0) to indicate that the scheme is not a template.
Is used by administrator?	setIsUsedByAdmin(0) Set to false (0)—scheme is not used to authenticate administrators.
Save credentials?	setAllowSaveCreds(0) Set to false (0) to indicate that user credentials won’t be saved.
Is RADIUS?	setIsRadius(1) Set to true (1)—scheme can be used with RADIUS agents.
Ignore password check?	setIgnorePwCheck(flag) Set to true (1) to ignore password checking, or false (0) to check passwords. Default is 0.

RADIUS Server Template

Use this table when configuring an authentication scheme based on the scheme type RADIUS Server. The Java methods referenced in the table are in the class SmScheme.

Information Type	Value Assignment and Meaning
Scheme type	setType(TypeRadiusServer) The scheme type RADIUS Server.
Description	setDescription(description) The description of the authentication scheme.
Protection level	setLevel(value) A value of 1 through 1000. The higher the number, the greater degree of protection provided by the scheme. Default is 5.
Library	setLibrary("smauthradius") The default library for this scheme type.
Parameter	setParameter(param) A string containing the IP address and port of the RADIUS server—for example: 123.123.12.12:1645 The default UDP port is 1645.
Shared secret	setSecret(secret) The user attribute that the RADIUS Server will use as the clear text password.
Is template?	setIsTemplate(0) Set to false (0) to indicate that the scheme is not a template.
Is used by administrator?	setIsUsedByAdmin(1) Set to true (1)—scheme can be used to authenticate administrators.
Save credentials?	setAllowSaveCreds(0) Set to false (0) to indicate that user credentials won’t be saved.
Is RADIUS?	setIsRadius(1) Set to true (1)—scheme can be used with RADIUS agents..
Ignore password check?	setIgnorePwCheck(flag) Set to true (1) to ignore password checking, or false (0) to check passwords. Default is 0.

SafeWord HTML Form Template

Use this table when configuring an authentication scheme based on the scheme type SafeWord HTML Form. The Java methods referenced in the table are in the class SmScheme.

Information Type	Value Assignment and Meaning
Scheme type	setType(TypeSafeWordHTMLForm) The scheme type SafeWord HTML Form.
Description	setDescription(description) The description of the authentication scheme.
Protection level	setLevel(value) A value of 1 through 1000. The higher the number, the greater degree of protection provided by the scheme. Default is 10.
Library	setLibrary("smauthenigmahtml") The default library for this scheme type.
Parameter	setParameter(param) A string containing the name and location of the forms credentials collector. This example shows the default credentials collector: http://my.server.com/ siteminderagent/forms/safeword.fcc
Shared secret	setSecret("") Set to an empty string. Not applicable to this scheme.
Is template?	setIsTemplate(0) Set to false (0) to indicate that the scheme is not a template.
Is used by administrator?	setIsUsedByAdmin(1) Set to true (1)—scheme can be used to authenticate administrators.
Save credentials?	setAllowSaveCreds(0) Set to false (0) to indicate that user credentials won’t be saved.
Is RADIUS?	setIsRadius(1) Set to true (1)—scheme can be used with RADIUS agents..
Ignore password check?	setIgnorePwCheck(1) Set to true (1)—ignore password checking.

SafeWord Template

Use this table when configuring an authentication scheme based on the scheme type SafeWord. The Java methods referenced in the table are in the class SmScheme.

Information Type	Value Assignment and Meaning
Scheme type	setType(TypeSafeWordServer) The scheme type SafeWord.
Description	setDescription(description) The description of the authentication scheme.
Protection level	setLevel(value) A value of 1 through 1000. The higher the number, the greater degree of protection provided by the scheme. Default is 10.
Library	setLibrary("smauthenigma") The default library for this scheme type.
Parameter	setParameter("") Set to an empty string. Not applicable to this scheme.
Shared secret	setSecret("") Set to an empty string. Not applicable to this scheme.
Is template?	setIsTemplate(0) Set to false (0) to indicate that the scheme is not a template.
Is used by administrator?	setIsUsedByAdmin(1) Set to true (1)—scheme can be used to authenticate administrators.
Save credentials?	setAllowSaveCreds(0) Set to false (0) to indicate that user credentials won’t be saved.
Is RADIUS?	setIsRadius(1) Set to true (1)—scheme can be used with RADIUS agents..
Ignore password check?	setIgnorePwCheck(1) Set to true (1)—ignore password checking.

SAML Artifact Template

Use this table when configuring an authentication scheme based on the SAML Artifact binding. The Java methods referenced in the table are in the class SmScheme.

Information Type	Value Assignment and Meaning
Scheme type	setType(TypeSAMLArtifact) The scheme type SAML Artifact.
Description	setDescription(description) The description of the authentication scheme.
Protection level	setLevel(value) A value of 1 through 1000. The higher the number, the greater degree of protection provided by the scheme. Default is 5.
Library	setLibrary("smauthsaml") The default library for this scheme type.
Parameter	setParameter(param) The following required parameters: Name. The name of the affiliate. RedirectMode. The way in which the SAML Credentials Collector redirects to the target resource. One of the following numeric values: 0. Meaning: 302 No Data. 1. Meaning: 302 Cookie Data. 2. Meaning: Server Redirect. SRCID. The 20-byte source ID for the site that produces the SAML assertion. The ID is located at the SAML producer’s site in the properties file AMAssertionGenerator.properties. AssertionRetrievalURL. The URL for obtaining the assertion from the SAML assertion producer’s site. Audience. The URI of the document that describes the agreement between the portal and the affiliate. This value is compared with the audience value specified in the SAML assertion. Issuer. The SAML issuer specified in the assertion. AttributeXPath. A standard XPath query run against the SAML assertion. The query obtains the data that is substituted in a search specification that looks up a user. attribute. The search string for looking up a user in a user directory of the specified type. Use a percent sign ( % ) to indicate where the value returned from the XPath query should be inserted. For example, if you specify attribute LDAP:uid=%s, and user1 is returned from the query, the search string used for LDAP directories is uid=user1. At least one attribute must be specified. Format of the parameter string is as follows. Separate name/value pairs with semi-colons ( ; ). The format example includes LDAP and ODBC attributes: Name=name;RedirectMode=0\|1\|2;SRCID=srcid; AssertionRetrievalURL=url;Audience=audience; Issuer=issuer;AttributeXpath=XPathQuery; attribute=LDAP:srchSpc;attribute=ODBC:srchSpc
Shared secret	setSecret(secret) The password for the affiliate site.
Is template?	setIsTemplate(templateFlag) Set to false (0) to indicate that the scheme is not a template.
Is used by administrator?	setIsUsedByAdmin(0) Set to false (0)—scheme is not used to authenticate administrators.
Save credentials?	setAllowSaveCreds(0) Set to false (0) to indicate that user credentials won’t be saved.
Is RADIUS?	setIsRadius(0) Set to false (0)—scheme is not used with RADIUS agents.
Ignore password check?	setIgnorePwCheck(1) Set to true (1)—ignore password checking.

SecurID HTML Form Template

Use this table when configuring an authentication scheme based on the scheme type SecurID HTML Form. The Java methods referenced in the table are in the class SmScheme.

Information Type	Value Assignment and Meaning
Scheme type	setType(TypeACEServerHTMLForm) The scheme type SecurID HTML Form.
Description	setDescription(description) The description of the authentication scheme.
Protection level	setLevel(value) A value of 1 through 1000. The higher the number, the greater degree of protection provided by the scheme. Default is 15.
Library	setLibrary("smauthacehtml") The default library for this scheme type.
Parameter	setParameter(param) A string containing the name of the attribute that contains the ACE IDs, the Web server where the forms credential collector (FCC) is installed, and the target executable file required for processing SecurID authentication with forms support. It also specifies whether an SSL connection is required. Format: attr;https://server/target Note: The "s" in "https" is optional, depending on whether you want an SSL connection. The following example uses the default for processing SecurID authentication with forms support: ace_id;https://my.server.com/ siteminderagent/pwcgi/smpwservicescgi.exe
Shared secret	setSecret("") Set to an empty string. Not applicable to this scheme.
Is template?	setIsTemplate(0) Set to false (0) to indicate that the scheme is not a template.
Is used by administrator?	setIsUsedByAdmin(0) Set to false (0)—scheme is not used to authenticate administrators.
Save credentials?	setAllowSaveCreds(0) Set to false (0) to indicate that user credentials won’t be saved.
Is RADIUS?	setIsRadius(0) Set to false (0)—scheme is not used with RADIUS agents.
Ignore password check?	setIgnorePwCheck(1) Set to true (1)—ignore password checking.

SecurID Template

Use this table when configuring an authentication scheme based on the scheme type SecurID. The Java methods referenced in the table are in the class SmScheme.

Information Type	Value Assignment and Meaning
Scheme type	setType(TypeACEServer) The scheme type SecurID.
Description	setDescription(description) The description of the authentication scheme.
Protection level	setLevel(value) A value of 1 through 1000. The higher the number, the greater degree of protection provided by the scheme. Default is 15.
Library	setLibrary("smauthace") The default library for this scheme type.
Parameter	setParameter(param) A string containing the attribute in the authentication user directory that contains the ACE Server user ID.
Shared secret	setSecret("") Set to an empty string. Not applicable to this scheme.
Is template?	setIsTemplate(0) Set to false (0) to indicate that the scheme is not a template.
Is used by administrator?	setIsUsedByAdmin(1) Set to true (1)—scheme can be used to authenticate administrators.
Save credentials?	setAllowSaveCreds(0) Set to false (0) to indicate that user credentials won’t be saved.
Is RADIUS?	setIsRadius(1) Set to true (1)—scheme can be used with RADIUS agents.
Ignore password check?	setIgnorePwCheck(1) Set to true (1)—ignore password checking.

smauthetsso Authentication Scheme

The smauthetsso authentication scheme is similar to the SiteMinder X.509 certification scheme, but with an eSSO cookie as the authentication credential instead of an X.509 credential.

If this scheme is configured for either cookieorbasic or cookieorforms mode, and both an eSSO cookie and login name and password credentials are passed to it, the eSSO cookie is ignored, and the login name and password are used to authenticate the user to SiteMinder.

When the eSSO cookie is the only credential, the authentication scheme uses the ETWAS API to connect to the configured eSSO Policy Server to validate the cookie and extract the user Distinguished Name (DN) from it.

Use this table when configuring an smauthetsso authentication scheme, which is based on the scheme type Custom. The Java methods referenced in the table are in the class SmScheme.

Information Type	Value Assignment and Meaning
Scheme type	setType(TypeCustom) Uses the scheme type Custom.
Description	setDescription(description) The description of the authentication scheme.
Protection level	setLevel(value) A value of 0 through 1000. The higher the number, the greater degree of protection provided by the scheme. Default is 5.
Library	setLibrary("smauthetsso") The name of the library for this authentication scheme.
Parameter	setParameter(param) An ordered set of tokens, separated by semi-colons: <Mode>[; <Target>]; <Admin>; <eTPS_Host> You can add spaces to make the string easier to read. <Mode> specifies the type of credentials that the authenticaion scheme will accept. The following values are possible: cookie -- Only SSO Cookies are acceptable. cookieorbasic -- If an SSO Cookie is not provided, a login name and password are requested by using Basic Authentication. cookieorforms -- If an SSO Cookie is not provided, a login name and password are requested by using Forms Authentication. <Target> is valid only with cookieorforms mode. This is identical to the Target field for standard HTML Forms Authentication Scheme. <Admin> specifies the login ID of an administrator for the Policy Server. The password for this administrator has been specified in the Shared Secret field. <eTPO_Host> specifies the name of the amchine on which the Policy Server is installed. SiteMinder will authenticate itself as <Admin> to the Policy Server on the <eTPS_Host> so that SiteMinder can request validation of SSO cookies. Examples: "cookie; SMPS_sso; myserver.myco.com" "cookieorforms; /siteminderagent/forms/login.fcc; SMPS_sso; myserver.myco.com"
Shared secret	setSecret(secret) The password of the Policy Server administrator named in the Parameter field.
Is template?	setIsTemplate(0) Set to false (0) to indicate that the scheme is not a template.
Is used by administrator?	setIsUsedByAdmin(flag) Set to true (1) to specify that the scheme can be used to authenticate administrators, or to false (0) to specify that the scheme cannot be used to authenticate administrators. Default is 0.
Save credentials?	setAllowSaveCreds(0) Set to false (0) to indicate that user credentials won’t be saved.
Is RADIUS?	setIsRadius(0) Set to false (0)—scheme is not used with RADIUS agents.
Ignore password check?	setIgnorePwCheck(flag) Set to true (1) to ignore password checking, or false (0) to check passwords. Default is 0.

TeleID Template

Use this table when configuring an authentication scheme based on the scheme type TeleID. The Java methods referenced in the table are in the class SmScheme.

Information Type	Value Assignment and Meaning
Scheme type	setType(TypeEncotone) The scheme type TeleID.
Description	setDescription(description) The description of the authentication scheme.
Protection level	setLevel(value) A value of 1 through 1000. The higher the number, the greater degree of protection provided by the scheme. Default is 15.
Library	setLibrary("smauthencotone") The default library for this scheme type.
Parameter	setParameter("") Set to an empty string. Not applicable to this scheme.
Shared secret	setSecret(seed) The encryption seed. SiteMinder uses this value as an encryption seed for initializing hardware tokens.
Is template?	setIsTemplate(0) Set to false (0) to indicate that the scheme is not a template.
Is used by administrator?	setIsUsedByAdmin(1) Set to true (1)—scheme can be used to authenticate administrators.
Save credentials?	setAllowSaveCreds(0) Set to false (0) to indicate that user credentials won’t be saved.
Is RADIUS?	setIsRadius(1) Set to true (1)—scheme can be used with RADIUS agents..
Ignore password check?	setIgnorePwCheck(1) Set to true (1)—ignore password checking.

Windows Authentication Template

Use this table when configuring an Integrated Windows Authentication scheme based on the scheme type Windows Authentication (previously known as NTLM). This scheme type is used to authenticate against WinNT or Active Directory user stores.

An Active Directory can be configured to run in mixed mode or native mode. An Active Directory supports WinNT style authentication when running in mixed mode. In native mode, an Active Directory supports only LDAP style lookups.

This authentication scheme supports either mixed mode or native mode.

The Java methods referenced in the table are in the class SmScheme.

Information Type	Value Assignment and Meaning
Scheme type	setType(TypeNTLM) The scheme type Windows Authentication (NTLM).
Description	setDescription(description) The description of the authentication scheme.
Protection level	setLevel(value) A value of 1 through 1000. The higher the number, the greater degree of protection provided by the scheme. Default is 5.
Library	setLibrary("smauthntlm") The default library for this scheme type.
Parameter	setParameter(param) The value of param determines the style of authentication to perform for this scheme: NTLM authentication (for WinNT or Active Directory running in mixed mode) Format: iis-web-server-url/path-to-ntc-file In the format, iis-web-server-url is the name of the IIS web server that is the target of the redirection, and path-to-ntc-file is the location of the .ntc file that collects the WinNT credentials. For example: http://myiiswebserver.mycompany.com/ siteminderagent/ntlm/creds.ntc A SiteMinder Web Agent must be installed on the specified server. By default, the Web Agent installation creates a virtual directory for NTLM credential collection. Windows Authentication (for Active Directory running in native mode) With this authentication style, param has an LDAP filter added to the beginning of the redirection URL. The filter and URL are separated by a semi-colon (;). For example: cn=%{UID},ou=Users,ou=USA,dc=%{DOMAIN}, dc=mycompany,dc=com;http:// myiiswebserver.mycompany.com/ siteminderagent/ntlm/creds.ntc SiteMinder uses the LDAP filter to map credentials received from the browser/Web Agent to an LDAP DN or search filter.
Shared secret	setSecret("") Set to an empty string. Not applicable to this scheme.
Is template?	setIsTemplate(0) Set to false (0) to indicate that the scheme is not a template.
Is used by administrator?	setIsUsedByAdmin(0) Set to false (0)—scheme is not used to authenticate administrators.
Save credentials?	setAllowSaveCreds(0) Set to false (0) to indicate that user credentials will not be saved.
Is RADIUS?	setIsRadius(0) Set to false (0)—scheme is not used with RADIUS agents.
Ignore password check?	setIgnorePwCheck(flag) For WinNT and for Active Directory running in mixed mode, this property must be true (1)—ignore password checking. For Active Directory running in native mode, set to true (1) to ignore password checking, or false (0) to check passwords. The default is 0.

X.509 Client Cert and Basic Template

Use this table when configuring an authentication scheme based on the scheme type X.509 Client Certificate and Basic. The Java methods referenced in the table are in the class SmScheme.

Information Type	Value Assignment and Meaning
Scheme type	setType(TypeX509ClientCertAndBasic) The scheme type X.509 Client Certificate and Basic.
Description	setDescription(description) The description of the authentication scheme.
Protection level	setLevel(value) A value of 1 through 1000. The higher the number, the greater degree of protection provided by the scheme. Default is 15.
Library	setLibrary("smauthcert") The default library for this scheme type.
Parameter	setParameter(param) A string containing the domain or IP address of the SSL server and the name and path of the SSL Credentials Collector (SCC). The server redirects a user’s X.509 certificate over an SSL connection. Format: https://server:port/SCC?cert+basic The following example uses the default SCC: https://my.server.com:80/siteminderagent/ cert/smgetcred.scc?cert+basic
Shared secret	setSecret("") Set to an empty string. Not applicable to this scheme.
Is template?	setIsTemplate(0) Set to false (0) to indicate that the scheme is not a template.
Is used by administrator?	setIsUsedByAdmin(0) Set to false (0)—scheme is not used to authenticate administrators.
Save credentials?	setAllowSaveCreds(0) Set to false (0) to indicate that user credentials won’t be saved.
Is RADIUS?	setIsRadius(0) Set to false (0)—scheme is not used with RADIUS agents.
Ignore password check?	setIgnorePwCheck(flag) Set to true (1) to ignore password checking, or false (0) to check passwords. Default is 0.

X.509 Client Cert and Form Template

Use this table when configuring an authentication scheme based on the scheme type X.509 Client Certificate and Form. The Java methods referenced in the table are in the class SmScheme.

Information Type	Value Assignment and Meaning
Scheme type	setType(TypeX509ClientCertAndForm) The scheme type X.509 Client Certificate and HTML Form.
Description	setDescription(description) The description of the authentication scheme.
Protection level	setLevel(value) A value of 1 through 1000. The higher the number, the greater degree of protection provided by the scheme. Default is 15.
Library	setLibrary("smauthcert") The default library for this scheme type.
Parameter	setParameter(param) A string containing the domain or IP address of the SSL server and the name and path of the forms credentials collector (FCC). The server redirects a user’s X.509 certificate over an SSL connection. Format: https://server:port/FCC?cert+forms The following example uses the default FCC: https://my.server.com:80/siteminderagent/ certoptional/forms/login.fcc?cert+forms
Shared secret	setSecret("") Set to an empty string. Not applicable to this scheme.
Is template?	setIsTemplate(0) Set to 0 to indicate that the scheme is not a template, or 1 if the scheme is a template. Default is 0.
Is used by administrator?	setIsUsedByAdmin(0) Set to 0—scheme is not used to authenticate administrators.
Save credentials?	setAllowSaveCreds(0) Set to 0 to indicate that user credentials won’t be saved.
Is RADIUS?	setIsRadius(0) Set to 0—scheme is not used with RADIUS agents.
Ignore password check?	setIgnorePwCheck(flag) Set to 1 to ignore password checking, or 0 to check passwords. Default is 0.

X.509 Client Cert or Basic Template

Use this table when configuring an authentication scheme based on the scheme type X.509 Client Certificate or Basic. The Java methods referenced in the table are in the class SmScheme.

Information Type	Value Assignment and Meaning
Scheme type	setType(TypeX509ClientCertOrBasic) The scheme type X.509 Client Certificate or Basic.
Description	setDescription(description) The description of the authentication scheme.
Protection level	setLevel(value) A value of 1 through 1000. The higher the number, the greater degree of protection provided by the scheme. Default is 5.
Library	setLibrary("smauthcert") The default library for this scheme type.
Parameter	setParameter(param) A string containing the following information: Server for establishing an SSL connection. This server redirects a user’s X.509 certificate over an SSL connection. Name and path of the SSL Credentials Collector (SSC). If you are using basic authentication over SSL, also provide the following two pieces of information: The fully qualified name of the SSL server used for establishing an SSL connection for basic authentication. Name and path of the SSL Credentials Collector (SSC). https://SSLserver:port/SCC?certorbasic; [https://BasicServer/SCC]
	The following example uses the default SCC values: https://my.SSLserver.com:80/siteminderagent/ certoptional/smgetcred.scc?certorbasic; https://my.BasicServer.com/ siteminderagent/nocert/smgetcred.scc
Shared secret	setSecret("") Set to an empty string. Not applicable to this scheme.
Is template?	setIsTemplate(0) Set to false (0) to indicate that the scheme is not a template.
Is used by administrator?	setIsUsedByAdmin(0) Set to false (0)—scheme is not used to authenticate administrators.
Save credentials?	setAllowSaveCreds(0) Set to false (0) to indicate that user credentials won’t be saved.
Is RADIUS?	setIsRadius(0) Set to false (0)—scheme is not used with RADIUS agents.
Ignore password check?	setIgnorePwCheck(flag) Set to true (1) to ignore password checking, or false (0) to check passwords. Default is 0.

X.509 Client Cert or Form Template

Use this table when configuring an authentication scheme based on the scheme type X.509 Client Certificate or Form. The Java methods referenced in the table are in the class SmScheme.

Information Type	Value Assignment and Meaning
Scheme type	setType(TypeX509ClientCertOrForm) The scheme type X.509 Client Certificate or HTML Form.
Description	setDescription(description) The description of the authentication scheme.
Protection level	setLevel(value) A value of 1 through 1000. The higher the number, the greater degree of protection provided by the scheme. Default is 5.
Library	setLibrary("smauthcertorform") The default library for this scheme type.
Parameter	setParameter(param) A string containing the following information: Server for establishing an SSL connection. This server redirects a user’s X.509 certificate over an SSL connection. Name and path of the SSL and forms credentials collector (SFCC). If you are using an alternate forms-based authentication over SSL, also provide the following two pieces of information: The fully qualified name of the SSL server used for establishing an SSL connection for authentication. Name and path of the Forms Credentials Collector (FCC). https://SSLserver:port/SFCC?certorform; [https://BasicServer/FCC]
	The following example uses the default SCC values: https://my.SSLserver.com:80/siteminderagent/ certoptional/forms/login.sfcc?certorform; https://my.BasicServer.com/ siteminderagent/forms/login.fcc
Shared secret	setSecret("") Set to an empty string. Not applicable to this scheme.
Is template?	setIsTemplate(0) Set to 0 to indicate that the scheme is not a template, or 1 if the scheme is a template. Default is 0.
Is used by administrator?	setIsUsedByAdmin(0) Set to 0—scheme is not used to authenticate administrators.
Save credentials?	setAllowSaveCreds(0) Set to 0 to indicate that user credentials won’t be saved.
Is RADIUS?	setIsRadius(0) Set to 0—scheme is not used with RADIUS agents.
Ignore password check?	setIgnorePwCheck(flag) Set to 1 to ignore password checking, or 0 to check passwords. Default is 0.

X.509 Client Cert Template

Use this table when configuring an authentication scheme based on the scheme type X.509 Client Certificate. The Java methods referenced in the table are in the class SmScheme.

Information Type	Value Assignment and Meaning
Scheme type	setType(TypeX509ClientCert) The scheme type X.509 Client Certificate.
Description	setDescription(description) The description of the authentication scheme.
Protection level	setLevel(value) A value of 1 through 1000. The higher the number, the greater degree of protection provided by the scheme. Default is 5.
Library	setLibrary("smauthcert") The default library for this scheme type.
Parameter	setParameter(param) A string containing the domain or IP address of the server responsible for establishing the SSL connection and the name and path of the SSL Credentials Collector (SCC). The server redirects a user’s X.509 certificate over an SSL connection. Format: https://server/SCC?cert The following example uses the default SCC value: https://my.server.com/siteminderagent/ cert/smgetcred.scc?cert
Shared secret	setSecret("") Set to an empty string. Not applicable to this scheme.
Is template?	setIsTemplate(0) Set to false (0) to indicate that the scheme is not a template.
Is used by administrator?	setIsUsedByAdmin(0) Set to false (0)—scheme is not used to authenticate administrators.
Save credentials?	setAllowSaveCreds(0) Set to false (0) to indicate that user credentials won’t be saved.
Is RADIUS?	setIsRadius(0) Set to false (0)—scheme is not used with RADIUS agents.
Ignore password check?	setIgnorePwCheck(1) Set to true (1)—ignore password checking.

Performance Consideration

The following properties of the SmRealm object are set to true by default:

PropProcessAuthEvents. When true, authentication event processing occurs.
PropProcessAzEvents. When true, authorization event processing occurs.

Authentication and authorization event processing affect performance. If no rules in the realm are triggered by authentication or authorization events, set the associated property to false.