Programming GuidesProgramming Guide for CPolicy Management APIAuthentication Scheme Configuration › smauthetsso authentication scheme

Previous Topic: SecurID Template

Next Topic: TeleID Template
smauthetsso authentication scheme

This authentication scheme is similar to the SiteMinder X.509 certification scheme, but with an eSSO cookie as the authentication credential instead of an X.509 credential.

If this scheme is configured for either cookieorbasic or cookieorforms mode, and both an eSSO cookie and login name and password credentials are passed to it, the eSSO cookie is ignored, and the login name and password are used to authenticate the user to SiteMinder.

When the eSSO cookie is the only credential, the authentication scheme uses the ETWAS API to connect to the configured eSSO Policy Server to validate the cookie and extract the user Distinguished Name (DN) from it.

Use this table when configuring an smauthetsso authentication scheme, which is based on the Custom scheme type. The structure fields referenced in the table are in Sm_PolicyApi_Scheme_t.

Information Type

Value Assignment and Meaning

Scheme type

nType=Sm_Api_SchemeType_Custom

Uses the Custom scheme type

Description

pszDesc=description

The description of the authentication scheme.

Protection level

nLevel=value

A value of 0 through 1000. The higher the number, the greater degree of protection provided by the scheme. Default is 5.

Library

pszLib="smauthetsso"

The name of the library of this authentication scheme.

Parameter

pszParam=param

An ordered set of tokens, separated by semi-colons:
<Mode>[; <Target>]; <Admin>; <eTPS_Host>

You can add spaces to make the string easier to read.

<Mode> specifies the type of credentials that the authenticaion scheme will accept. The following values are possible:

  • cookie -- Only eTrust SSO Cookies are acceptable
  • cookieorbasic -- If an eTrust SSO Cookie is not provided, a login name and password are requested by using Basic Authentication.
  • cookieorforms -- If an eTrust SSO Cookie is not provided, a login name and password are requested by using Forms Authentication.

 

<Target> is valid only with cookieorforms mode. This is identical to the Target field for standard HTML Forms Authentication Scheme.

<Admin> specifies the login ID of an administrator for the eTrust Policy Server. The password for this administrator has been specified in the Shared Secret field.

<eTPO_Host> specifies the name of the amchine on which the Policy Server is installed.

SiteMinder will authenticate itself as <Admin> to the eTrust Policy Server on the <eTPS_Host> so that SiteMinder can request validation of eTrust SSO cookies.

Examples:
pszParam="cookie; SMPS_sso; myserver.myco.com"
pszParam="cookieorforms; /siteminderagent/forms/login.fcc; SMPS_sso; myserver.myco.com"

 

Shared secret

pszSecret=secret

The password of the eTrust Policy Server administrator named in the Paramter field.

Is template?

bIsTemplate=0

Set to false (0) to indicate that the scheme is not a template. Any other value is ignored.

Is used by administrator?

bIsUsedbyAdmin=flag

Set to true (1) to specify that the scheme can be used to authenticate administrators, or to false (0) to specify that the scheme cannot be used to authenticate administrators. Default is 0.

Save credentials?

bAllowSaveCreds=0

Set to false (0) to indicate that user credentials won't be saved.

Is RADIUS?

bIsRadius=0

Set to false (0)-scheme is not used with RADIUS agents.

Ignore password check?

bIgnorePwCheck=flag

Set to true (1) to ignore password checking, or false (0) to check passwords. Default is 0.

Copyright © 2010 CA. All rights reserved. Email CA about this topic