|
|
|
Typically, you configure an authentication scheme when you create the scheme with CreateAuthScheme() or when you modify the scheme with the methods in the PolicyMgtAuthScheme object.
Note: The exception to this rule is an authentication scheme based on the SAML 2.0 Template. You create and configure a SAML 2.0 authentication scheme with the method CreateSAMLAuthScheme().
You can provide the following kinds of configuration information for an authentication scheme. Not every authentication scheme template uses all categories of configuration information:
SiteMinder provides a number of standard authentication scheme types (also known as templates). Each authentication scheme type is configured differently.
Brief description of the authentication scheme.
Protection level values can range from 1 through 1000. The higher the number, the greater the degree of protection provided by the scheme.
An authentication scheme library performs authentication processing for the associated authentication scheme type. Each predefined authentication scheme is shipped with a default library. Optionally, you can use a custom library instead of the default.
Additional information that the authentication scheme requires, such as the URL of an HTML login page.
With some authentication schemes, the parameter information is constructed from field values in the Scheme Type Setup tab of the Authentication Scheme Properties dialog. To see how a parameter string is constructed for a given scheme type, open this dialog, select the appropriate scheme type, provide values to the fields in the Scheme Type Setup tab, and view the constructed parameter in the Advanced tab.
Information that is known to both the authentication scheme and the Policy Server. Different authentication schemes use different kinds of secrets. Most schemes use no secret.
A flag that specifies whether the authentication scheme is a template.
Note: Setting an authentication scheme as a template with the Perl Policy Management API is deprecated in SiteMinder v6.0 SP3.
A flag that specifies whether the authentication scheme can be used to authenticate administrators.
A flag that specifies whether the user's credentials are saved.
A flag that specifies whether the scheme can be used with RADIUS agents.
A flag that specifies whether password policies for the scheme are enabled. If 1, password policies are disabled.
Note: The Ignore password check flag must be set to True for anonymous authentication schemes.
| Copyright © 2010 CA. All rights reserved. | Email CA about this topic |