WS-Federation Template

Programming Guides › Programming Guide for C › Policy Management API › Authentication Scheme Configuration › WS-Federation Template

WS-Federation Template

Use this table when configuring a WSFED authentication scheme based on the WSFED scheme type. A Resource Partner uses this authentication scheme to transparently validate a user based on the information in a SAML 1.0 assertion. This transparent validation allows functionality such as single sign-on and single logout.

When you configure a WSFED authentication scheme, you also define metadata properties for the associated Account Partner, that is, the Account Partner that supplies the assertion to the Resource Partner.

The properties of the Account Partner are stored with the authentication scheme object as a separate set of properties. As a result, two structures are used to configure a WSFED authentication scheme:

The structure fields referenced in the following table are in Sm_PolicyApi_Scheme_t.
The metadata properties for the associated Account Partner are defined through Sm_PolicyApi_WSFEDProviderProp_t.

This authentication scheme requires SiteMinder Federation Security Services. The Federation Security Services feature is licensed separately.

Information Type	Value Assignment and Meaning
Scheme type	nType=Sm_Api_SchemeType_WSFED The scheme type WSFED.
Description	pszDesc=description The description of the authentication scheme.
Protection level	nLevel=value A value of 1 through 1000. The higher the number, the greater degree of protection provided by the scheme. Default is 5.
Library	pszLib="smauthsaml" The default library for this scheme type.
Parameter	pszParam="" Set to an empty string. SiteMinder assigns a parameter value. The parameter is a reference to the WSFED metadata properties for the associated Account Partner. The properties are defined through Sm_PolicyApi_WSFEDProviderProp_t.
Shared secret	pszSecret="" Set to an empty string. Not applicable to this scheme.
Is template?	bIsTemplate=0 Set to false (0) to indicate that the scheme is not a template. Any other value is ignored.
Is used by administrator?	bIsUsedbyAdmin=0 Set to false (0)-scheme is not used to authenticate administrators.
Save credentials?	bAllowSaveCreds=0 Set to false (0) to indicate that user credentials won't be saved.
Is RADIUS?	bIsRadius=0 Set to false (0)-scheme is not used with RADIUS agents.
Ignore password check?	bIgnorePwCheck=1 Set to true (1)-ignore password checking.

More Information:

WS-Federation

Email CA about this topic