SAML 2.0 Template

Programming Guides › Programming Guide for C › Policy Management API › Authentication Scheme Configuration › SAML 2.0 Template

SAML 2.0 Template

Use this table when configuring a SAML authentication scheme based on the SAML 2.0 scheme type. A Service Provider uses this authentication scheme to transparently validate a user based on the information in a SAML 2.0 assertion. This transparent validation allows functionality such as single sign-on and single logout.

When you configure a SAML 2.0 authentication scheme, you also define metadata properties for the associated Identity Provider-that is, the Identity Provider that supplies the assertion to the Service Provider.

The properties of the Identity Provider are stored with the authentication scheme object as a separate set of properties. As a result, two structures are used to configure a SAML 2.0 authentication scheme:

The structure fields referenced in the following table are in Sm_PolicyApi_Scheme_t.
The metadata properties for the associated Identity Provider are defined through Sm_PolicyApi_SAMLProviderProp_t.

This authentication scheme requires SiteMinder Federation Security Services. The Federation Security Services feature is licensed separately.

Information Type	Value Assignment and Meaning
Scheme type	nType=Sm_Api_SchemeType_SAML2 The scheme type SAML 2.0.
Description	pszDesc=description The description of the authentication scheme.
Protection level	nLevel=value A value of 1 through 1000. The higher the number, the greater degree of protection provided by the scheme. Default is 5.
Library	pszLib="smauthsaml" The default library for this scheme type.
Parameter	pszParam="" Set to an empty string. SiteMinder assigns a parameter value. The parameter is a reference to the SAML 2.0 metadata properties for the associated Identity Provider. The properties are defined through Sm_PolicyApi_SAMLProviderProp_t.
Shared secret	pszSecret="" Set to an empty string. Not applicable to this scheme.
Is template?	bIsTemplate=0 Set to false (0) to indicate that the scheme is not a template. Any other value is ignored.
Is used by administrator?	bIsUsedbyAdmin=0 Set to false (0)-scheme is not used to authenticate administrators.
Save credentials?	bAllowSaveCreds=0 Set to false (0) to indicate that user credentials won't be saved.
Is RADIUS?	bIsRadius=0 Set to false (0)-scheme is not used with RADIUS agents.
Ignore password check?	bIgnorePwCheck=1 Set to true (1)-ignore password checking.

More Information:

Custom Agents and Single Sign-On

Email CA about this topic