Programming GuidesProgramming Guide for PerlPolicy Management APIAuthentication Scheme ConfigurationConfiguration Tables › Windows Authentication Template

Previous Topic: TeleID Template

Next Topic: WS-Federation Template
Windows Authentication Template

Use this table when configuring an Integrated Windows Authentication scheme based on the scheme type Windows Authentication (previously known as NTLM). This scheme type is used to authenticate against WinNT or Active Directory user stores.

An Active Directory can be configured to run in mixed mode or native mode. An Active Directory supports WinNT style authentication when running in mixed mode. In native mode, an Active Directory supports only LDAP style lookups.

This authentication scheme supports either mixed mode or native mode.

Information Type

Value Assignment and Meaning

Scheme type

Type(templateObject)
CreateAuthScheme() param: schemeTemplate

The scheme type Windows Authentication (NTLM).

Description

Description(schemeDesc)
CreateAuthScheme() param: schemeDesc

The description of the authentication scheme.

Protection level

ProtectionLevel(nLevel)
CreateAuthScheme() param: protLevel

A value of 1 through 1000. The higher the number, the greater degree of protection provided by the scheme. Default is 5.

Library

CustomLib("smauthntlm")
CreateAuthScheme() param: schemeLib

The default library for this scheme type.

Parameter

CustomParam(param)
CreateAuthScheme() param: schemeParam

The value of param determines the style of authentication to perform for this scheme:

NTLM authentication (for WinNT or Active Directory running in mixed mode)

Format:

iis-web-server-url/path-to-ntc-file

In the format, iis-web-server-url is the name of the IIS web server that is the target of the redirection, and path-to-ntc-file is the location of the .ntc file that collects the WinNT credentials.

For example:

http://myiiswebserver.mycompany.com/
   siteminderagent/ntlm/creds.ntc

A SiteMinder Web Agent must be installed on the specified server. By default, the Web Agent installation creates a virtual directory for NTLM credential collection.

Windows Authentication (for Active Directory running in native mode)

With this authentication style, param has an LDAP filter added to the beginning of the redirection URL. The filter and URL are separated by a semi-colon (;). For example:

cn=%{UID},ou=Users,ou=USA,dc=%{DOMAIN},
   dc=mycompany,dc=com;http://
   myiiswebserver.mycompany.com/
   siteminderagent/ntlm/creds.ntc

SiteMinder uses the LDAP filter to map credentials received from the browser/Web Agent to an LDAP DN or search filter.

Shared secret

CustomSecret("")

CreateAuthScheme() param: secret

Set to an empty string. Not applicable to this scheme.

Is template?

IsTemplate(templateFlag)
CreateAuthScheme() param: isTemplate

Set to 0 to indicate that the scheme is not a template. Any other value is ignored.

Is used by administrator?

IsUsedByAdmin(0)
CreateAuthScheme() param: isUsedByAdmin

Set to 0—scheme is not used to authenticate administrators.

Save credentials?

SaveCredentials(0)
CreateAuthScheme() param: saveCreds

Set to 0 to indicate that user credentials will not be saved.

Is RADIUS?

IsRadius(0)
CreateAuthScheme() param: isRadius

Set to 0—scheme is not used with RADIUS agents.

Ignore password check?

IgnorePwd(flag)
CreateAuthScheme() param: ignorePwd

For WinNT and for Active Directory running in mixed mode, this property must be true (1)—ignore password checking.

For Active Directory running in native mode, set to true (1) to ignore password checking, or false (0) to check passwords. Default is 0.

Copyright © 2010 CA. All rights reserved. Email CA about this topic