Programming GuidesProgramming Guide for CPolicy Management APIAuthentication Scheme Configuration › Windows Authentication Template

Previous Topic: TeleID Template

Next Topic: WS-Federation Template
Windows Authentication Template

Use this table when configuring an Integrated Windows Authentication scheme based on the scheme type Windows Authentication (previously known as NTLM). This scheme type is used to authenticate against WinNT or Active Directory user stores.

An Active Directory can be configured to run in mixed mode or native mode. An Active Directory supports WinNT style authentication when running in mixed mode. In native mode, an Active Directory supports only LDAP style lookups.

This authentication scheme supports either mixed mode or native mode.

The structure fields referenced in the table are in Sm_PolicyApi_Scheme_t.

Information Type

Value Assignment and Meaning

Scheme type

nType=Sm_Api_SchemeType_NTLM

The scheme type Windows Authentication (NTLM).

Description

pszDesc=description

The description of the authentication scheme.

Protection level

nLevel=value

A value of 1 through 1000. The higher the number, the greater degree of protection provided by the scheme. Default is 5.

Library

pszLib="smauthntlm"

The default library for this scheme type.

Parameter

pszParam=param

The value of pszParam determines the style of authentication to perform for this scheme:

NTLM authentication (for WinNT or Active Directory running in mixed mode)

Format:

iis-web-server-url/path-to-ntc-file

In the format, iis-web-server-url is the name of the IIS web server that is the target of the redirection, and path-to-ntc-file is the location of the .ntc file that collects the WinNT credentials.

For example:

http://myiiswebserver.mycompany.com/
   siteminderagent/ntlm/creds.ntc

A SiteMinder Web Agent must be installed on the specified server. By default, the Web Agent installation creates a virtual directory for NTLM credential collection.

Windows Authentication (for Active Directory running in native mode)

With this authentication style, pszParam has an LDAP filter added to the beginning of the redirection URL. The filter and URL are separated by a semi-colon (;). For example:

cn=%{UID},ou=Users,ou=USA,dc=%{DOMAIN},
   dc=mycompany,dc=com;http://
   myiiswebserver.mycompany.com/
   siteminderagent/ntlm/creds.ntc

SiteMinder uses the LDAP filter to map credentials received from the browser/Web Agent to an LDAP DN or search filter.

Shared secret

pszSecret=""

Set to an empty string. Not applicable to this scheme.

Is template?

bIsTemplate=0

Set to false (0) to indicate that the scheme is not a template. Any other value is ignored.

Is used by administrator?

bIsUsedbyAdmin=0

Set to false (0)-scheme is not used to authenticate administrators.

Save credentials?

bAllowSaveCreds=0

Set to false (0) to indicate that user credentials won't be saved.

Is RADIUS?

bIsRadius=0

Set to false (0)-scheme is not used with RADIUS agents.

Ignore password check?

bIgnorePwCheck=flag

For WinNT and for Active Directory running in mixed mode, this property must be true (1)-ignore password checking.

For Active Directory running in native mode, set to true (1) to ignore password checking, or false (0) to check passwords. Default is 0.

Copyright © 2010 CA. All rights reserved. Email CA about this topic