|
|
|
The CreateSAMLAuthScheme method creates a SAML 2.0 authentication scheme object with its properties set to specified values. There are two types of properties associated with the object: authentication scheme properties and metadata properties.
Authentication Scheme Properties
The authentication scheme properties are based on the SAML 2.0 template and have the following initial values:
Default: smauthsaml
Default: FALSE
Default: FALSE
Default: FALSE
Default: FALSE
Default: TRUE
Default: 5
Note: You can modify the default protection level by calling the CreateSAMLAuthScheme method with the optional protLevel parameter set to a new value.
Metadata Properties
The metadata properties are the properties of the Identity Provider associated with the SAML 2.0 authentication scheme and are stored with the authentication scheme. To specify them, pass the reference to the hashtable of metadata properties to the CreateSAMLAuthScheme method in the propsHash_ref parameter. To update the metadata properties of an existing SAML 2.0 authentication scheme, call the method PolicyMgtSession‑>SAMLAuthSchemeProperties.
Syntax
The CreateSAMLAuthScheme method has the following format:
Netegrity::PolicyMgtSession‑>CreateSAMLAuthScheme(schemeName, propsHash_ref[, schemeDesc][, protLevel])
Parameters
The CreateSAMLAuthScheme method accepts the following parameters:
schemeName (string)
Specifies the name of the authentication scheme.
propsHash_ref (hash)
Specifies a reference to a hashtable of metadata properties to associate with the SAML 2.0 authentication scheme.
Example: \%myhash
Note: For a complete list of metadata properties, see Remarks.
schemeDesc (string)
(Optional) Specifies the description of the authentication scheme.
protLevel (int)
(Optional) Specifies the protection level of the authentication scheme.
Return Value
The CreateSAMLAuthScheme method returns one of the following values:
Remarks
The metadata properties associated with the SAML 2.0 authentication scheme are grouped in the FSS Administrative UI as follows:
SAML_NAME
SAML_DESCRIPTION
SAML_IDP_SPID
SAML_KEY_IDPID
SAML_MAJOR_VERSION
SAML_MINOR_VERSION
SAML_SKEWTIME
SAML_DISABLE_SIGNATURE_PROCESSING
SAML_DSIG_VERINFO_ISSUER_DN
SAML_DSIG_VERINFO_SERIAL_NUMBER
SAML_IDP_XPATH
SAML_IDP_LDAP_SEARCH_SPEC
SAML_IDP_ODBC_SEARCH_SPEC
SAML_IDP_WINNT_SEARCH_SPEC
SAML_IDP_CUSTOM_SEARCH_SPEC
SAML_IDP_AD_SEARCH_SPEC
SAML_AFFILIATION
SAML_IDP_SSO_REDIRECT_MODE
SAML_IDP_SSO_DEFAULT_SERVICE
SAML_AUDIENCE
SAML_IDP_SSO_TARGET
SAML_ENABLE_SSO_ARTIFACT_BINDING
SAML_KEY_IDP_SOURCEID
SAML_IDP_ARTIFACT_RESOLUTION_DEFAULT_SERVICE
SAML_IDP_BACKCHANNEL_AUTH_TYPE
SAML_IDP_SPNAME
SAML_IDP_PASSWORD
SAML_ENABLE_SSO_POST_BINDING
SAML_IDP_SSO_ENFORCE_SINGLE_USE_POLICY
SAML_SSOECPPROFILE
SAML_IDP_SIGN_AUTHNREQUESTS
SAML_SLO_REDIRECT_BINDING
SAML_SLO_SERVICE_VALIDITY_DURATION
SAML_SLO_SERVICE_URL
SAML_SLO_SERVICE_RESPONSE_URL
SAML_SLO_SERVICE_CONFIRM_URL
SAML_IDP_REQUIRE_ENCRYPTED_ASSERTION
SAML_IDP_REQUIRE_ENCRYPTED_NAMEID
SAML_IDP_SAMLREQ_ENABLE
SAML_IDP_SAMLREQ_REQUIRE_SIGNED_ASSERTION
SAML_IDP_SAMLREQ_ATTRIBUTE_SERVICE
SAML_IDP_SAMLREQ_GET_ALL_ATTRIBUTES
SAML_IDP_SAMLREQ_NAMEID_FORMAT
SAML_IDP_SAMLREQ_NAMEID_TYPE
SAML_IDP_SAMLREQ_NAMEID_STATIC
SAML_IDP_SAMLREQ_NAMEID_ATTR_NAME
SAML_IDP_SAMLREQ_NAMEID_DN_SPEC
SAML_IDP_SAMLREQ_NAMEID_ALLOW_NESTED
SAML_SP_PLUGIN_CLASS
SAML_SP_PLUGIN_PARAMS
SAML_IDP_REDIRECT_URL_USER_NOT_FOUND
SAML_IDP_REDIRECT_MODE_USER_NOT_FOUND
SAML_IDP_REDIRECT_URL_FAILURE
SAML_IDP_REDIRECT_MODE_FAILURE
SAML_IDP_REDIRECT_URL_INVALID
SAML_IDP_REDIRECT_MODE_INVALID
| Copyright © 2010 CA. All rights reserved. | Email CA about this topic |