smauthetsso Authentication Scheme

Programming Guides › Programming Guide for Perl › Policy Management API › Authentication Scheme Configuration › Configuration Tables › smauthetsso Authentication Scheme

smauthetsso Authentication Scheme

This authentication scheme is similar to the SiteMinder X.509 certification scheme, but with an eSSO cookie as the authentication credential instead of an X.509 credential.

If this scheme is configured for either cookieorbasic or cookieorforms mode, and both an eSSO cookie and login name and password credentials are passed to it, the eSSO cookie is ignored, and the login name and password are used to authenticate the user to SiteMinder.

When the eSSO cookie is the only credential, the authentication scheme uses the ETWAS API to connect to the configured eSSO Policy Server to validate the cookie and extract the user Distinguished Name (DN) from it.

Use this table when configuring an an smauthetsso authentication scheme, which is based on the scheme type Custom. You create custom schemes using the C-language Authentication API, which is available with the SiteMinder SDK.

Information Type	Value Assignment and Meaning
Scheme type	Type(templateObject) CreateAuthScheme() param: schemeTemplate The scheme type Custom.
Description	Description(schemeDesc) CreateAuthScheme() param: schemeDesc The description of the authentication scheme.
Protection level	ProtectionLevel(nLevel) CreateAuthScheme() param: protLevel A value of 0 through 1000. The higher the number, the greater degree of protection provided by the scheme. Default is 5.
Library	CustomLib("smauthetsso") CreateAuthScheme() param: schemeLib The name of the library for this authentication scheme.
Parameter	CustomParam(param) CreateAuthScheme() param: schemeParam An ordered set of tokens, separated by semi-colons: <Mode>[; <Target>]; <Admin>; <eTPS_Host> You can add spaces to make the string easier to read. <Mode> specifies the type of credentials that the authenticaion scheme will accept. The following values are possible: cookie -- Only eTrust SSO Cookies are acceptable cookieorbasic -- If an eTrust SSO Cookie is not provided, a login name and password are requested by using Basic Authentication. cookieorforms -- If an eTrust SSO Cookie is not provided, a login name and password are requested by using Forms Authentication. <Target> is valid only with cookieorforms mode. This is identical to the Target field for standard HTML Forms Authentication Scheme. <Admin> specifies the login ID of an administrator for the Policy Server. The password for this administrator has been specified in the Shared Secret field. <eTPO_Host> specifies the name of the amchine on which the Policy Server is installed. SiteMinder will authenticate itself as <Admin> to the Policy Server on the <eTPS_Host> so that SiteMinder can request validation of eTrust SSO cookies. Examples: "cookie; SMPS_sso; myserver.myco.com" "cookieorforms; /siteminderagent/forms/login.fcc; SMPS_sso; myserver.myco.com"
Shared secret	CustomSecret(secret) CreateAuthScheme() param: secret The password of the Policy Server administrator named in the Parameter field.
Is template?	IsTemplate(templateFlag) CreateAuthScheme() param: isTemplate Set to 0 to indicate that the scheme is not a template. Any other value is ignored.
Is used by administrator?	IsUsedByAdmin(flag) CreateAuthScheme() param: isUsedByAdmin Set to true (1) to specify that the scheme can be used to authenticate administrators, or to false (0) to specify that the scheme cannot be used to authenticate administrators. Default is 0.
Save credentials?	SaveCredentials(0) CreateAuthScheme() param: saveCreds Set to 0 to indicate that user credentials will not be saved.
Is RADIUS?	IsRadius(0) CreateAuthScheme() param: isRadius Set to 0—scheme is not used with RADIUS agents.
Ignore password check?	IgnorePwd(flag) CreateAuthScheme() param: ignorePwd Set to 1 to ignore password checking, or 0 to check passwords. Default is 0.

Email CA about this topic