|
|
|
Defines a SAML 2.0 metadata property as a name/value pair.
An Sm_PolicyApi_SAMLProviderProp_t structure consists of a single name/value pair. You define a set of properties for a given SAML 2.0 object through a linked list of Sm_PolicyApi_SAMLProviderProp_t structures.
Use the following structures and function to define a set of properties for a SAML 2.0 Service Provider, affiliation, or authentication scheme and associated Identity Provider:
Syntax
typedef struct Sm_PolicyApi_SAMLProviderProp_s
{
int iStructId;
char pszName[BFSIZE];
char pszValue[BFSIZE];
struct Sm_PolicyApi_SAMLProviderProp_s *next;
} Sm_PolicyApi_SAMLProviderProp_t;
|
Field |
Description |
|---|---|
|
iStructId |
SAML 2.0 properties structure ID, defined in Sm_PolicyApi_Structs_t. |
|
pszName |
The property name. See Property Lists for a list of valid property names. |
|
pszValue |
The value to assign to pszName. |
|
next |
Pointer to the next SAML 2.0 properties structure. |
Example
The following is an example of a helper method that creates an instance of Sm_PolicyApi_SAMLProviderProp_t and assigns it the name/value pair that is passed into it:
Sm_PolicyApi_SAMLProviderProp_t * CreateSAMLProp(
const char *pszName,
const char *pszValue)
{
Sm_PolicyApi_SAMLProviderProp_t * pProp = new
Sm_PolicyApi_SAMLProviderProp_t;
memset(pProp, 0, sizeof(Sm_PolicyApi_SAMLProviderProp_t));
pProp->iStructId = Sm_PolicyApi_SAMLProviderProp_ID;
strncpy(pProp->pszName, pszName, BFSIZE);
strncpy(pProp->pszValue, pszValue, BFSIZE);
return pProp;
}
The following is an example of a helper method that retrieves the value of the property whose name is passed into it:
char * FindSAMLParam(const Sm_PolicyApi_SAMLSP_t *pStructSP,
const char *pszName)
{
for(Sm_PolicyApi_SAMLProviderProp_t *pCurProp=pStructSP->pProps;
pCurProp != NULL;
pCurProp = pCurProp->next)
{
if (0 == strcmp(pCurProp->pszName, pszName))
{
return pCurProp->pszValue;
}
}
return NULL;
}
Property Lists
Each Sm_PolicyApi_SAMLProviderProp_t structure contains a SAML 2.0 metadata property defined as a name/value pair. A complete set of properties for a particular SAML 2.0 object is defined as a linked list of Sm_PolicyApi_SAMLProviderProp_t structures.
The following metadata properties apply to a given type of SAML 2.0 object:
Note: Some properties are used with multiple object types.
Service Provider Properties
A Service Provider object contains information that an Identity Provider needs to produce assertions for the Service Provider. Service Provider properties are stored within an Sm_PolicyApi_SAMLSP_t structure.
The properties of a SAML 2.0 Service Provider object are listed below. Properties are grouped according to the way they are presented on the SAML Service Provider Properties dialog box.
|
Property Name |
Comments |
|---|---|
|
General Properties |
|
|
SAML_NAME |
String, required. |
|
SAML_DESCRIPTION |
String. |
|
SAML_SP_AUTHENTICATION_URL |
String, required. |
|
SAML_ENABLED |
Boolean. Default: SAML_TRUE. |
|
SAML_SP_DOMAIN |
String, required. |
|
Name IDs Tab |
|
|
SAML_SP_NAMEID_FORMAT |
String. Default: Unspecified. |
|
SAML_SP_NAMEID_TYPE |
Integer.
Default: 1. |
|
SAML_SP_NAMEID_STATIC |
String. Required conditionally. |
|
SAML_SP_NAMEID_ATTRNAME |
String. Required conditionally. |
|
SAML_SP_NAMEID_DNSPEC |
String. Required conditionally. |
|
SAML_AFFILIATION |
String. |
|
General Tab |
|
|
SAML_KEY_SPID |
String, required. |
|
|
String, required. |
|
SAML_MAJOR_VERSION |
Integer. Default: 2. |
|
SAML_MINOR_VERSION |
Integer. Default: 0. |
|
SAML_SKEWTIME |
Integer. Default: 30. |
|
SAML_DISABLE_SIGNATURE_ |
Boolean. Default: SAML_FALSE. |
|
SAML_DSIG_VERINFO_ISSUER_DN |
String. Required conditionally. |
|
SAML_DSIG_VERINFO_SERIAL_NUMBER |
String. Required conditionally. |
|
SSO Tab |
|
|
SAML_AUDIENCE |
String, required. |
|
SAML_SP_ASSERTION_CONSUMER_ |
String, required. |
|
SAML_ENABLE_SSO_ARTIFACT_ |
Boolean. Default: SAML_FALSE. |
|
SAML_SP_ARTIFACT_ENCODING |
String. Default: FORM. Applies if no value is provided and SAML_ENABLE_SSO_ |
|
SAML_SP_IDP_SOURCEID |
String. Default: A hex-encoded SHA-1 hash of the SAML_SP_IDPID value. |
|
SAML_SP_PASSWORD |
String. Required conditionally (see page 34). |
|
SAML_ENABLE_SSO_POST_BINDING |
Boolean. Default: SAML_FALSE. |
|
SAML_SSOECPPROFILE |
Boolean. Default: SAML_FALSE. |
|
SAML_SP_REQUIRE_SIGNED_ |
Boolean. Default: SAML_FALSE. |
|
SAML_SP_AUTHENTICATION_LEVEL |
Integer. Default: 5. |
|
SAML_SP_AUTHN_CONTEXT_CLASS_REF |
String. Default: urn:oasis:names:tc:SAML: |
|
SAML_SP_VALIDITY_DURATION |
Integer. Default: 60. |
|
SAML_SP_STARTTIME |
Long. |
|
SAML_SP_ENDTIME |
Long. |
|
SLO Tab |
|
|
SAML_SLO_REDIRECT_BINDING |
Boolean. Default: SAML_FALSE. |
|
SAML_SLO_SERVICE_VALIDITY_ |
Integer. Default: 60. Applies if no value is provided and SAML_SLO_REDIRECT_BINDING is SAML_TRUE. |
|
SAML_SLO_SERVICE_URL |
String. Required conditionally. |
|
SAML_SLO_SERVICE_RESPONSE_URL |
String. |
|
SAML_SLO_SERVICE_CONFIRM_URL |
String. |
|
IPD Tab |
|
|
SAML_SP_ENABLE_IPD |
Boolean. Default: SAML_FALSE. |
|
SAML_SP_IPD_SERVICE_URL |
String. Required conditionally. |
|
SAML_SP_COMMON_DOMAIN |
String. Required conditionally. |
|
SAML_SP_PERSISTENT_COOKIE |
Boolean. Default: SAML_FALSE. |
|
Encryption Tab |
|
|
SAML_SP_ENCRYPT_ID |
Boolean. Default: SAML_FALSE. |
|
SAML_SP_ENCRYPT_ASSERTION |
Boolean. Default: SAML_FALSE. |
|
SAML_SP_ENCRYPT_BLOCK_ALGO |
String.
Default: tripledes. |
|
SAML_SP_ENCRYPT_KEY_ALGO |
String.
Default: rsa-v15. |
|
SAML_SP_ENCRYPT_CERT_ISSUER_DN |
String. Required conditionally. |
|
SAML_SP_ENCRYPT_CERT_SERIAL_ |
String. Required conditionally. |
|
Attribute Service Tab |
|
|
SAML_SP_ATTRSVS_ENABLE |
Boolean. Default: False (0). |
|
SAML_SP_ATTRSVS_VALIDITY_DURATION |
Integer. Default: 60 (seconds) |
|
SAML_SP_ATTRSVS_SIGN_ASSERTION |
Boolean. Default: False (0). |
|
SAML_SP_ATTRSVS_LDAP_SEARCH_SPEC |
String. |
|
SAML_SP_ATTRSVS_ODBC_SEARCH_SPEC |
String. |
|
SAML_SP_ATTRSVS_WINNT_SEARCH_SPEC |
String. |
|
SAML_SP_ATTRSVS_CUSTOM_SEARCH_SPEC |
String. |
|
SAML_SP_ATTRSVS_AD_SEARCH_SPEC |
String. |
|
Advanced Tab |
|
|
SAML_SP_PLUGIN_CLASS |
String. |
|
SAML_SP_PLUGIN_PARAMS |
String. |
SAML Affiliation Properties
The properties of a SAML 2.0 affiliation object are listed below. Properties are grouped according to the way they are presented on the SAML Affiliation Properties dialog box.
SAML affiliation properties are stored within an Sm_PolicyApi_SAMLAffiliation_t structure.
|
Property Name |
Comments |
|
|---|---|---|
|
General Properties |
||
|
SAML_NAME |
String, required. |
|
|
SAML_DESCRIPTION |
String |
|
|
SAML_KEY_AFFILIATION_ID |
String, required. |
|
|
SAML_MAJOR_VERSION |
Integer. Default: 2. |
|
|
SAML_MINOR_VERSION |
Integer. Default: 0. |
|
|
SAML_OID |
String. SiteMinder supplies the object identifier when an affiliation object is created. |
|
|
Name IDs Tab |
||
|
SAML_SP_NAMEID_FORMAT |
String.
Default: Unspecified. |
|
|
SAML_SP_NAMEID_TYPE |
Integer.
Default: 1. |
|
|
SAML_SP_NAMEID_STATIC |
String. Required conditionally. |
|
|
SAML_SP_NAMEID_ATTRNAME |
String. Required conditionally. |
|
|
SAML_SP_NAMEID_DNSPEC |
String. Required conditionally. |
|
|
Users Tab |
||
|
SAML_IDP_XPATH |
String. |
|
|
SAML_IDP_LDAP_SEARCH_SPEC |
String. |
|
|
SAML_IDP_ODBC_SEARCH_SPEC |
String. |
|
|
SAML_IDP_WINNT_SEARCH_SPEC |
String. |
|
|
SAML_IDP_CUSTOM_SEARCH_SPEC |
String. |
|
|
SAML_IDP_AD_SEARCH_SPEC |
String. |
|
SAML 2.0 Authentication Scheme Properties
The properties listed in this section define:
You define a SAML 2.0 authentication scheme to represent an Identity Provider for a particular Service Provider.
The properties of a SAML 2.0 authentication scheme and its associated Identity Provider are listed below. Properties are grouped according to the way they are presented on the SAML Authentication Scheme Properties dialog box for the SAML 2.0 Template.
You define properties for a SAML 2.0 authentication scheme and its associated Identity Provider by calling Sm_PolicyApi_AddSAMLScheme().
|
Property Name |
Comments |
|
|---|---|---|
|
General Properties |
||
|
SAML_NAME |
String, required. |
|
|
SAML_DESCRIPTION |
String |
|
|
Scheme Setup Tab |
||
|
SAML_IDP_SPID |
String, required. |
|
|
SAML_KEY_IDPID |
String, required. |
|
|
SAML_MAJOR_VERSION |
Integer. Default: 2. |
|
|
SAML_MINOR_VERSION |
Integer. Default: 0. |
|
|
SAML_SKEWTIME |
Integer. Default: 30. |
|
|
SAML_DISABLE_SIGNATURE_ |
Boolean. Default: SAML_FALSE. |
|
|
SAML_DSIG_VERINFO_ISSUER_DN |
String. Required conditionally (see page 9). |
|
|
SAML_DSIG_VERINFO_SERIAL_NUMBER |
String. Required conditionally (see page 10). |
|
|
Additional Configuration - Users Tab |
||
|
SAML_IDP_XPATH |
String. |
|
|
SAML_IDP_LDAP_SEARCH_SPEC |
String. |
|
|
SAML_IDP_ODBC_SEARCH_SPEC |
String. |
|
|
SAML_IDP_WINNT_SEARCH_SPEC |
String. |
|
|
SAML_IDP_CUSTOM_SEARCH_SPEC |
String. |
|
|
SAML_IDP_AD_SEARCH_SPEC |
String. |
|
|
SAML_AFFILIATION |
String. |
|
|
Additional Configuration - SSO Tab |
||
|
SAML_IDP_SSO_REDIRECT_MODE |
Integer. Default: 0. |
|
|
SAML_IDP_SSO_DEFAULT_SERVICE |
String, required. |
|
|
SAML_AUDIENCE |
String, required. |
|
|
SAML_IDP_SSO_TARGET |
String. |
|
|
SAML_ENABLE_SSO_ARTIFACT_ |
Boolean. Default: SAML_FALSE. |
|
|
SAML_KEY_IDP_SOURCEID |
String. Default: A hex-encoded SHA-1 hash of the SAML_KEY_IDPID value. |
|
|
SAML_IDP_ARTIFACT_RESOLUTION_ |
String. Required conditionally (see page 12). |
|
|
SAML_IDP_BACKCHANNEL_AUTH_TYPE |
Integer. Default: 0. |
|
|
SAML_IDP_SPNAME |
String. Required conditionally (see page 19). |
|
|
SAML_IDP_PASSWORD |
String. Required conditionally (see page 14). |
|
|
SAML_ENABLE_SSO_POST_BINDING |
Boolean. Default: SAML_FALSE. |
|
|
SAML_IDP_SSO_ENFORCE_SINGLE_ |
Boolean. Default: SAML_TRUE. |
|
|
SAML_SSOECPPROFILE |
Boolean. Default: SAML_FALSE. |
|
|
SAML_IDP_SIGN_AUTHNREQUESTS |
Boolean. Default: SAML_FALSE. |
|
|
Additional Configuration - SLO Tab |
||
|
SAML_SLO_REDIRECT_BINDING |
Boolean. Default: SAML_FALSE. |
|
|
SAML_SLO_SERVICE_VALIDITY_ |
Integer. Default: 60. Applies if no value is provided and SAML_SLO_REDIRECT_BINDING is SAML_TRUE. |
|
|
SAML_SLO_SERVICE_URL |
String. Required conditionally. |
|
|
SAML_SLO_SERVICE_RESPONSE_URL |
String. |
|
|
SAML_SLO_SERVICE_CONFIRM_URL |
String. |
|
|
Additional Configuration - Encryption Tab |
||
|
SAML_IDP_REQUIRE_ENCRYPTED_ |
Boolean. Default: SAML_FALSE. |
|
|
SAML_IDP_REQUIRE_ENCRYPTED_ |
Boolean. Default: SAML_FALSE. |
|
|
Additional Configuration - Attributes Tab |
||
|
SAML_IDP_SAMLREQ_ENABLE |
Boolean. Default: False (0). |
|
|
SAML_IDP_SAMLREQ_REQUIRE_SIGNED_ ASSERTION |
Boolean. Default: False (0). |
|
|
SAML_IDP_SAMLREQ_ATTRIBUTE_SERVICE |
String. |
|
|
Additional Configuration - NameID tab |
||
|
SAML_IDP_SAMLREQ_NAMEID_FORMAT |
String. |
|
|
SAML_IDP_SAMLREQ_NAMEID_TYPE |
Integer. Default: 1 (User Attribute) |
|
|
SAML_IDP_SAMLREQ_NAMEID_STATIC |
String. |
|
|
SAML_IDP_SAMLREQ_NAMEID_ATTR_NAME |
String. |
|
|
SAML_IDP_SAMLREQ_NAMEID_DN_SPEC |
String. |
|
|
SAML_IDP_SAMLREQ_NAMEID_ALLOW_ NESTED |
Boolean. Deafult: False (0). |
|
|
Additional Configuration - Advanced Tab |
||
|
SAML_SP_PLUGIN_CLASS |
String. |
|
|
SAML_SP_PLUGIN_PARAMS |
String. |
|
|
SAML_IDP_REDIRECT_URL_USER_ |
String. |
|
|
SAML_IDP_REDIRECT_MODE_USER_ |
Integer. Default: 0. |
|
|
SAML_IDP_REDIRECT_URL_FAILURE |
String. |
|
|
SAML_IDP_REDIRECT_MODE_FAILURE |
Integer. Default: 0. |
|
|
SAML_IDP_REDIRECT_URL_INVALID |
String. |
|
|
SAML_IDP_REDIRECT_MODE_INVALID |
Integer. Default: 0. |
|
| Copyright © 2010 CA. All rights reserved. | Email CA about this topic |