Scheme type

Type(templateObject)
CreateAuthScheme() param: schemeTemplate

The scheme type SAML Artifact.

Description

Description(schemeDesc)
CreateAuthScheme() param: schemeDesc

The description of the authentication scheme.

Protection level

ProtectionLevel(nLevel)
CreateAuthScheme() param: protLevel

A value of 1 through 1000. The higher the number, the greater degree of protection provided by the scheme. Default is 5.

Library

CustomLib("smauthsaml")
CreateAuthScheme() param: schemeLib

The default library for this scheme type.

Parameter

CustomParam(param)
CreateAuthScheme() param: schemeParam

The following required parameters:

• Name. The name of the affiliate.
• RedirectMode. The way in which the SAML Credentials Collector redirects to the target resource. One of the following numeric values:

0. Meaning: 302 No Data.

1. Meaning: 302 Cookie Data.

2. Meaning: Server Redirect.

3. Meaning: Persist Attributes.

• SRCID. The 20-byte source ID for the site that produces the SAML assertion. The ID is located at the SAML assertion producer's site in the properties file AMAssertionGenerator.properties.
• AssertionRetrievalURL. The URL for obtaining the assertion from the SAML assertion producer's site.
• Audience. The URI of the document that describes the agreement between the assertion producer site and the affiliate. This value is compared with the audience value specified in the SAML assertion.
• Issuer. The SAML issuer specified in the assertion.

Parameter (con't)

• AttributeXPath. A standard XPath query run against the SAML assertion. The query obtains the data that is substituted in a search specification that looks up a user—for example:

//saml:AttributeValue/SM:/SMContent
/SM:Smlogin/SM:Username.text()

This query gets the text of the Username element.

• SAMLVersion. The SAML version in use: 1.0 or 1.1.
• RetrievalMethod. One of these values:

0. Meaning: Basic authentication.

1. Meaning: Client certificate authentication.

• attribute. The search string for looking up a user in a user directory of the specified type. Use a percent sign ( % ) to indicate where the value returned from the XPath query should be inserted. For example, if you specify attribute LDAP:uid=%s, and user1 is returned from the query, the search string used for LDAP directories is uid=user1. At least one attribute must be specified.

Format of the parameter string is as follows. Separate name-value pairs with semi-colons ( ; ). The format example includes LDAP and ODBC attributes:

Name=name;RedirectMode=0|1|2;SRCID=srcid;
AssertionRetrievalURL=url;Audience=audience;
Issuer=issuer;AttributeXpath=XPathQuery;
SAMLVersion=1.0|1.1;RetrievalMethod=0|1;
attribute=LDAP:srchSpc;attribute=ODBC:srchSpc

Shared secret

CustomSecret(secret)

CreateAuthScheme() param: secret

The password for the affiliate site. The password must match the password entered for the affiliate at the site where the SAML assertion is produced.

Is template?

IsTemplate(0)
CreateAuthScheme() param: isTemplate

Set to 0 to indicate that the scheme is not a template. Any other value is ignored.

Is used by administrator?

IsUsedByAdmin(0)
CreateAuthScheme() param: isUsedByAdmin

Set to 0—scheme cannot be used to authenticate administrators.

Save credentials?

SaveCredentials(0)
CreateAuthScheme() param: saveCreds

Set to 0 to indicate that user credentials will not be saved.

Is RADIUS?

IsRadius(0)
CreateAuthScheme() param: isRadius

Set to 0—scheme is not used with RADIUS agents.

Ignore password check?

IgnorePwd(1)
CreateAuthScheme() param: ignorePwd

Set to 1—ignore password checking.