Use this table when configuring an authentication scheme based on the scheme type MS Passport. The structure fields referenced in the table are in Sm_PolicyApi_Scheme_t.
Information Type |
Value Assignment and Meaning |
---|---|
Scheme type |
nType=Sm_Api_SchemeType_MSPassport The scheme type MS Passport. |
Description |
pszDesc=description The description of the authentication scheme. |
Protection level |
nLevel=value A value of 1 through 1000. The higher the number, the greater degree of protection provided by the scheme. Default is 1. |
Library |
pszLib="smauthmspp" The default library for this scheme type. |
Parameter |
pszParam=param The following information, separated by semicolons:
anonuser=anonUserDN If you specify an anonymous user DN, the protection level is 0.
attribute=nameSpace:attrib=searchSpec Valid namespaces are LDAP, AD, ODBC, WinNT, and Custom.
registrationurl=URL (custom URL) Example using an LDAP attribute and a custom URL: attribute=LDAP:altSecurityIdentities= |
Shared secret |
pszSecret="" Set to an empty string. Not applicable to this scheme. |
Is template? |
bIsTemplate=0 Set to false (0) to indicate that the scheme is not a template. Any other value is ignored. |
Is used by administrator? |
bIsUsedbyAdmin=0 Set to false (0)-scheme is not used to authenticate administrators. |
Save credentials? |
bAllowSaveCreds=0 Set to false (0) to indicate that user credentials won't be saved. |
Is RADIUS? |
bIsRadius=0 Set to false (0)-scheme is not used with RADIUS agents. |
Ignore password check? |
bIgnorePwCheck=1 Set to true (1)-ignore password checking. |
Use this table when configuring an authentication scheme based on the scheme type RADIUS CHAP/PAP. The structure fields referenced in the table are in Sm_PolicyApi_Scheme_t.
Information Type |
Value Assignment and Meaning |
---|---|
Scheme type |
nType=Sm_Api_SchemeType_RadiusChapPap The scheme type RADIUS CHAP/PAP. |
Description |
pszDesc=description The description of the authentication scheme. |
Protection level |
nLevel=value A value of 1 through 1000. The higher the number, the greater degree of protection provided by the scheme. Default is 5. |
Library |
pszLib="smauthchap" The default library for this scheme type. |
Parameter |
pszParam=param A string containing the name of a user directory attribute. This attribute is used as the clear text password for authentication. |
Shared secret |
pszSecret="" Set to an empty string. Not applicable to this scheme. |
Is template? |
bIsTemplate=0 Set to false (0) to indicate that the scheme is not a template. Any other value is ignored. |
Is used by administrator? |
bIsUsedbyAdmin=0 Set to false (0)-scheme is not used to authenticate administrators. |
Save credentials? |
bAllowSaveCreds=0 Set to false (0) to indicate that user credentials won't be saved. |
Is RADIUS? |
bIsRadius=1 Set to true (1)-scheme can be used with RADIUS agents. |
Ignore password check? |
bIgnorePwCheck=flag Set to true (1) to ignore password checking, or false (0) to check passwords. Default is 0. |
Use this table when configuring an authentication scheme based on the scheme type RADIUS Server. The structure fields referenced in the table are in Sm_PolicyApi_Scheme_t.
Information Type |
Value Assignment and Meaning |
---|---|
Scheme type |
nType=Sm_Api_SchemeType_RadiusServer The scheme type RADIUS Server. |
Description |
pszDesc=description The description of the authentication scheme. |
Protection level |
nLevel=value A value of 1 through 1000. The higher the number, the greater degree of protection provided by the scheme. Default is 5. |
Library |
pszLib="smauthradius" The default library for this scheme type. |
Parameter |
pszParam=param A string containing the IP address and port of the RADIUS server-for example: 123.123.12.12:1645 The default UDP port is 1645. |
Shared secret |
pszSecret=secret The user attribute that the RADIUS Server will use as the clear text password. |
Is template? |
bIsTemplate=0 Set to false (0) to indicate that the scheme is not a template. Any other value is ignored. |
Is used by administrator? |
bIsUsedbyAdmin=1 Set to true (1)-scheme can be used to authenticate administrators. |
Save credentials? |
bAllowSaveCreds=0 Set to false (0) to indicate that user credentials won't be saved. |
Is RADIUS? |
bIsRadius=1 Set to true (1)-scheme can be used with RADIUS agents. |
Ignore password check? |
bIgnorePwCheck=flag Set to true (1) to ignore password checking, or false (0) to check passwords. Default is 0. |
Use this table when configuring an authentication scheme based on the scheme type SafeWord HTML Form. The structure fields referenced in the table are in Sm_PolicyApi_Scheme_t.
Information Type |
Value Assignment and Meaning |
---|---|
Scheme type |
nType=Sm_Api_SchemeType_SafeWordHTMLForm The scheme type SafeWord HTML Form. |
Description |
pszDesc=description The description of the authentication scheme. |
Protection level |
nLevel=value A value of 1 through 1000. The higher the number, the greater degree of protection provided by the scheme. Default is 10. |
Library |
pszLib="smauthenigmahtml" The default library for this scheme type. |
Parameter |
pszParam=param A string containing the name and location of the forms credentials collector. This example shows the default credentials collector: http://my.server.com/ |
Shared secret |
pszSecret="" Set to an empty string. Not applicable to this scheme. |
Is template? |
bIsTemplate=0 Set to false (0) to indicate that the scheme is not a template. Any other value is ignored. |
Is used by administrator? |
bIsUsedbyAdmin=1 Set to true (1)-scheme can be used to authenticate administrators. |
Save credentials? |
bAllowSaveCreds=0 Set to false (0) to indicate that user credentials won't be saved. |
Is RADIUS? |
bIsRadius=1 Set to true (1)-scheme can be used with RADIUS agents. |
Ignore password check? |
bIgnorePwCheck=1 Set to true (1)-ignore password checking. |
Use this table when configuring an authentication scheme based on the scheme type SafeWord. The structure fields referenced in the table are in Sm_PolicyApi_Scheme_t.
Information Type |
Value Assignment and Meaning |
---|---|
Scheme type |
nType=Sm_Api_SchemeType_SafeWordServer The scheme type SafeWord. |
Description |
pszDesc=description The description of the authentication scheme. |
Protection level |
nLevel=value A value of 1 through 1000. The higher the number, the greater degree of protection provided by the scheme. Default is 10. |
Library |
pszLib="smauthenigma" The default library for this scheme type. |
Parameter |
pszParam="" Set to an empty string. Not applicable to this scheme. |
Shared secret |
pszSecret="" Set to an empty string. Not applicable to this scheme. |
Is template? |
bIsTemplate=0 Set to false (0) to indicate that the scheme is not a template. Any other value is ignored. |
Is used by administrator? |
bIsUsedbyAdmin=1 Set to true (1)-scheme can be used to authenticate administrators. |
Save credentials? |
bAllowSaveCreds=0 Set to false (0) to indicate that user credentials won't be saved. |
Is RADIUS? |
bIsRadius=1 Set to true (1)-scheme can be used with RADIUS agents. |
Ignore password check? |
bIgnorePwCheck=1 Set to true (1)-ignore password checking. |
Use this table when configuring a SAML authentication scheme based on the profile type artifact for communicating security assertions. With the artifact profile type, the URL for retrieving the SAML assertion is referenced within the AssertionRetrievalURL portion of the Parameter string.
The structure fields referenced in the table are in Sm_PolicyApi_Scheme_t.
Information Type |
Value Assignment and Meaning |
|
---|---|---|
Scheme type |
nType=Sm_Api_SchemeType_SAMLArtifact The scheme type SAML Artifact. |
|
Description |
pszDesc=description The description of the authentication scheme. |
|
Protection level |
nLevel=value A value of 1 through 1000. The higher the number, the greater degree of protection provided by the scheme. Default is 5. |
|
Library |
pszLib="smauthsaml" The default library for this scheme type. |
|
Parameter
|
pszParam=param The following required parameters:
0. Meaning: 302 No Data. 1. Meaning: 302 Cookie Data. 2. Meaning: Server Redirect. 3. Meaning: Persist Attributes. |
|
|
||
|
//saml:AttributeValue/SM:/SMContent |
|
|
This query gets the text of the Username element.
0. Meaning: Basic authentication. 1. Meaning: Client certificate authentication.
|
|
|
Format of the parameter string is as follows. Separate name/value pairs with semi-colons ( ; ). The format example includes LDAP and ODBC attributes: Name=name;RedirectMode=0|1|2;SRCID=srcid; |
|
Shared secret |
pszSecret=secret The password for the affiliate site. |
|
Is template? |
bIsTemplate=0 Set to false (0) to indicate that the scheme is not a template. Any other value is ignored. |
|
Is used by administrator? |
bIsUsedbyAdmin=0 Set to false (0)-scheme is not used to authenticate administrators. |
|
Save credentials? |
bAllowSaveCreds=0 Set to false (0) to indicate that user credentials won't be saved. |
|
Is RADIUS? |
bIsRadius=0 Set to false (0)-scheme is not used with RADIUS agents. |
|
Ignore password check? |
bIgnorePwCheck=1 Set to true (1)-ignore password checking. |
Use this table when configuring a SAML authentication scheme based on the profile type POST for communicating security assertions. With the POST profile type, the generated SAML assertion is POSTed to the URL specified in the AssertionConsumerURL portion of the Parameter string.
The structure fields referenced in the table are in Sm_PolicyApi_Scheme_t.
Information Type |
Value Assignment and Meaning |
---|---|
Scheme type |
nType=Sm_Api_SchemeType_SAMLPOST The scheme type SAML POST. |
Description |
pszDesc=description The description of the authentication scheme. |
Protection level |
nLevel=value A value of 1 through 1000. The higher the number, the greater degree of protection provided by the scheme. Default is 5. |
Library |
pszLib="smauthsaml" The default library for this scheme type. |
Parameter |
pszParam=param The following required parameters:
0. Meaning: 302 No Data. 1. Meaning: 302 Cookie Data. 2. Meaning: Server Redirect. 3. Meaning: Persist Attributes
|
Parameter (con't) |
//saml:AttributeValue/SM:/SMContent This query gets the text of the Username element.
Format of the parameter string is as follows. Separate name/value pairs with semi-colons ( ; ). The format example includes LDAP and ODBC attributes: Name=name;SAMLProfile=POST; |
Shared secret |
pszSecret="" Set to an empty string. Not applicable to this scheme. |
Is template? |
bIsTemplate=0 Set to false (0) to indicate that the scheme is not a template. Any other value is ignored. |
Is used by administrator? |
bIsUsedbyAdmin=0 Set to false (0)-scheme is not used to authenticate administrators. |
Save credentials? |
bAllowSaveCreds=0 Set to false (0) to indicate that user credentials won't be saved. |
Is RADIUS? |
bIsRadius=0 Set to false (0)-scheme is not used with RADIUS agents. |
Ignore password check? |
bIgnorePwCheck=1 Set to true (1)-ignore password checking. |
Use this table when configuring a SAML authentication scheme based on the SAML 2.0 scheme type. A Service Provider uses this authentication scheme to transparently validate a user based on the information in a SAML 2.0 assertion. This transparent validation allows functionality such as single sign-on and single logout.
When you configure a SAML 2.0 authentication scheme, you also define metadata properties for the associated Identity Provider-that is, the Identity Provider that supplies the assertion to the Service Provider.
The properties of the Identity Provider are stored with the authentication scheme object as a separate set of properties. As a result, two structures are used to configure a SAML 2.0 authentication scheme:
Information Type |
Value Assignment and Meaning |
---|---|
Scheme type |
nType=Sm_Api_SchemeType_SAML2 The scheme type SAML 2.0. |
Description |
pszDesc=description The description of the authentication scheme. |
Protection level |
nLevel=value A value of 1 through 1000. The higher the number, the greater degree of protection provided by the scheme. Default is 5. |
Library |
pszLib="smauthsaml" The default library for this scheme type. |
Parameter |
pszParam="" Set to an empty string. SiteMinder assigns a parameter value. The parameter is a reference to the SAML 2.0 metadata properties for the associated Identity Provider. The properties are defined through Sm_PolicyApi_SAMLProviderProp_t.
|
Shared secret |
pszSecret="" Set to an empty string. Not applicable to this scheme. |
Is template? |
bIsTemplate=0 Set to false (0) to indicate that the scheme is not a template. Any other value is ignored. |
Is used by administrator? |
bIsUsedbyAdmin=0 Set to false (0)-scheme is not used to authenticate administrators. |
Save credentials? |
bAllowSaveCreds=0 Set to false (0) to indicate that user credentials won't be saved. |
Is RADIUS? |
bIsRadius=0 Set to false (0)-scheme is not used with RADIUS agents. |
Ignore password check? |
bIgnorePwCheck=1 Set to true (1)-ignore password checking. |
Use this table when configuring an authentication scheme based on the scheme type SecurID HTML Form. The structure fields referenced in the table are in Sm_PolicyApi_Scheme_t.
Information Type |
Value Assignment and Meaning |
---|---|
Scheme type |
nType=Sm_Api_SchemeType_ACEServerHTMLForm The scheme type SecurID HTML Form. |
Description |
pszDesc=description The description of the authentication scheme. |
Protection level |
nLevel=value A value of 1 through 1000. The higher the number, the greater degree of protection provided by the scheme. Default is 15. |
Library |
pszLib="smauthacehtml" The default library for this scheme type. |
Parameter |
pszParam=param A string containing the name of the attribute that contains the ACE IDs, the Web server where the forms credential collector (FCC) is installed, and the target executable file required for processing SecurID authentication with forms support. It also specifies whether an SSL connection is required. Format: attr;https://server/target Note: The "s" in "https" is optional, depending on whether you want an SSL connection. The following example uses the default for processing SecurID authentication with forms support: ace_id;https://my.server.com/ . |
Shared secret |
pszSecret="" Set to an empty string. Not applicable to this scheme. |
Is template? |
bIsTemplate=0 Set to false (0) to indicate that the scheme is not a template. Any other value is ignored. |
Is used by administrator? |
bIsUsedbyAdmin=0 Set to false (0)-scheme is not used to authenticate administrators. |
Save credentials? |
bAllowSaveCreds=0 Set to false (0) to indicate that user credentials won't be saved. |
Is RADIUS? |
bIsRadius=0 Set to false (0)-scheme is not used with RADIUS agents. |
Ignore password check? |
bIgnorePwCheck=1 Set to true (1)-ignore password checking. |
Use this table when configuring an authentication scheme based on the scheme type SecurID. The structure fields referenced in the table are in Sm_PolicyApi_Scheme_t.
Information Type |
Value Assignment and Meaning |
---|---|
Scheme type |
nType=Sm_Api_SchemeType_ACEServer The scheme type SecurID. |
Description |
pszDesc=description The description of the authentication scheme. |
Protection level |
nLevel=value A value of 1 through 1000. The higher the number, the greater degree of protection provided by the scheme. Default is 15. |
Library |
pszLib="smauthace" The default library for this scheme type. |
Parameter |
pszParam=param A string containing the attribute in the authentication user directory that contains the ACE Server user ID.
|
Shared secret |
pszSecret="" Set to an empty string. Not applicable to this scheme. |
Is template? |
bIsTemplate=0 Set to false (0) to indicate that the scheme is not a template. Any other value is ignored. |
Is used by administrator? |
bIsUsedbyAdmin=1 Set to true (1)-scheme can be used to authenticate administrators. |
Save credentials? |
bAllowSaveCreds=0 Set to false (0) to indicate that user credentials won't be saved. |
Is RADIUS? |
bIsRadius=1 Set to true (1)-scheme can be used with RADIUS agents. |
Ignore password check? |
bIgnorePwCheck=1 Set to true (1)-ignore password checking. |
This authentication scheme is similar to the SiteMinder X.509 certification scheme, but with an eSSO cookie as the authentication credential instead of an X.509 credential.
If this scheme is configured for either cookieorbasic or cookieorforms mode, and both an eSSO cookie and login name and password credentials are passed to it, the eSSO cookie is ignored, and the login name and password are used to authenticate the user to SiteMinder.
When the eSSO cookie is the only credential, the authentication scheme uses the ETWAS API to connect to the configured eSSO Policy Server to validate the cookie and extract the user Distinguished Name (DN) from it.
Use this table when configuring an smauthetsso authentication scheme, which is based on the Custom scheme type. The structure fields referenced in the table are in Sm_PolicyApi_Scheme_t.
Information Type |
Value Assignment and Meaning |
---|---|
Scheme type |
nType=Sm_Api_SchemeType_Custom Uses the Custom scheme type |
Description |
pszDesc=description The description of the authentication scheme. |
Protection level |
nLevel=value A value of 0 through 1000. The higher the number, the greater degree of protection provided by the scheme. Default is 5. |
Library |
pszLib="smauthetsso" The name of the library of this authentication scheme. |
Parameter |
pszParam=param An ordered set of tokens, separated by semi-colons: You can add spaces to make the string easier to read. <Mode> specifies the type of credentials that the authenticaion scheme will accept. The following values are possible:
<Target> is valid only with cookieorforms mode. This is identical to the Target field for standard HTML Forms Authentication Scheme. <Admin> specifies the login ID of an administrator for the eTrust Policy Server. The password for this administrator has been specified in the Shared Secret field. <eTPO_Host> specifies the name of the amchine on which the Policy Server is installed. SiteMinder will authenticate itself as <Admin> to the eTrust Policy Server on the <eTPS_Host> so that SiteMinder can request validation of eTrust SSO cookies. Examples:
|
Shared secret |
pszSecret=secret The password of the eTrust Policy Server administrator named in the Paramter field. |
Is template? |
bIsTemplate=0 Set to false (0) to indicate that the scheme is not a template. Any other value is ignored. |
Is used by administrator? |
bIsUsedbyAdmin=flag Set to true (1) to specify that the scheme can be used to authenticate administrators, or to false (0) to specify that the scheme cannot be used to authenticate administrators. Default is 0. |
Save credentials? |
bAllowSaveCreds=0 Set to false (0) to indicate that user credentials won't be saved. |
Is RADIUS? |
bIsRadius=0 Set to false (0)-scheme is not used with RADIUS agents. |
Ignore password check? |
bIgnorePwCheck=flag Set to true (1) to ignore password checking, or false (0) to check passwords. Default is 0. |
Use this table when configuring an authentication scheme based on the scheme type TeleID. The structure fields referenced in the table are in Sm_PolicyApi_Scheme_t.
Information Type |
Value Assignment and Meaning |
---|---|
Scheme type |
nType=Sm_Api_SchemeType_Encotone The scheme type TeleID. |
Description |
pszDesc=description The description of the authentication scheme. |
Protection level |
nLevel=value A value of 1 through 1000. The higher the number, the greater degree of protection provided by the scheme. Default is 15. |
Library |
pszLib="smauthencotone" The default library for this scheme type. |
Parameter |
pszParam="" Set to an empty string. Not applicable to this scheme. |
Shared secret |
pszSecret=seed The encryption seed. SiteMinder uses this value as an encryption seed for initializing hardware tokens. |
Is template? |
bIsTemplate=0 Set to false (0) to indicate that the scheme is not a template. Any other value is ignored. |
Is used by administrator? |
bIsUsedbyAdmin=1 Set to true (1)-scheme can be used to authenticate administrators. |
Save credentials? |
bAllowSaveCreds=0 Set to false (0) to indicate that user credentials won't be saved. |
Is RADIUS? |
bIsRadius=1 Set to true (1)-scheme can be used with RADIUS agents. |
Ignore password check? |
bIgnorePwCheck=1 Set to true (1)-ignore password checking. |
Use this table when configuring an Integrated Windows Authentication scheme based on the scheme type Windows Authentication (previously known as NTLM). This scheme type is used to authenticate against WinNT or Active Directory user stores.
An Active Directory can be configured to run in mixed mode or native mode. An Active Directory supports WinNT style authentication when running in mixed mode. In native mode, an Active Directory supports only LDAP style lookups.
This authentication scheme supports either mixed mode or native mode.
The structure fields referenced in the table are in Sm_PolicyApi_Scheme_t.
Information Type |
Value Assignment and Meaning |
---|---|
Scheme type |
nType=Sm_Api_SchemeType_NTLM The scheme type Windows Authentication (NTLM). |
Description |
pszDesc=description The description of the authentication scheme. |
Protection level |
nLevel=value A value of 1 through 1000. The higher the number, the greater degree of protection provided by the scheme. Default is 5. |
Library |
pszLib="smauthntlm" The default library for this scheme type. |
Parameter |
pszParam=param The value of pszParam determines the style of authentication to perform for this scheme: NTLM authentication (for WinNT or Active Directory running in mixed mode) Format: iis-web-server-url/path-to-ntc-file In the format, iis-web-server-url is the name of the IIS web server that is the target of the redirection, and path-to-ntc-file is the location of the .ntc file that collects the WinNT credentials. For example: http://myiiswebserver.mycompany.com/ A SiteMinder Web Agent must be installed on the specified server. By default, the Web Agent installation creates a virtual directory for NTLM credential collection. Windows Authentication (for Active Directory running in native mode) With this authentication style, pszParam has an LDAP filter added to the beginning of the redirection URL. The filter and URL are separated by a semi-colon (;). For example: cn=%{UID},ou=Users,ou=USA,dc=%{DOMAIN}, SiteMinder uses the LDAP filter to map credentials received from the browser/Web Agent to an LDAP DN or search filter. |
Shared secret |
pszSecret="" Set to an empty string. Not applicable to this scheme. |
Is template? |
bIsTemplate=0 Set to false (0) to indicate that the scheme is not a template. Any other value is ignored. |
Is used by administrator? |
bIsUsedbyAdmin=0 Set to false (0)-scheme is not used to authenticate administrators. |
Save credentials? |
bAllowSaveCreds=0 Set to false (0) to indicate that user credentials won't be saved. |
Is RADIUS? |
bIsRadius=0 Set to false (0)-scheme is not used with RADIUS agents. |
Ignore password check? |
bIgnorePwCheck=flag For WinNT and for Active Directory running in mixed mode, this property must be true (1)-ignore password checking. For Active Directory running in native mode, set to true (1) to ignore password checking, or false (0) to check passwords. Default is 0. |
Use this table when configuring a WSFED authentication scheme based on the WSFED scheme type. A Resource Partner uses this authentication scheme to transparently validate a user based on the information in a SAML 1.0 assertion. This transparent validation allows functionality such as single sign-on and single logout.
When you configure a WSFED authentication scheme, you also define metadata properties for the associated Account Partner, that is, the Account Partner that supplies the assertion to the Resource Partner.
The properties of the Account Partner are stored with the authentication scheme object as a separate set of properties. As a result, two structures are used to configure a WSFED authentication scheme:
Information Type |
Value Assignment and Meaning |
---|---|
Scheme type |
nType=Sm_Api_SchemeType_WSFED The scheme type WSFED. |
Description |
pszDesc=description The description of the authentication scheme. |
Protection level |
nLevel=value A value of 1 through 1000. The higher the number, the greater degree of protection provided by the scheme. Default is 5. |
Library |
pszLib="smauthsaml" The default library for this scheme type. |
Parameter |
pszParam="" Set to an empty string. SiteMinder assigns a parameter value. The parameter is a reference to the WSFED metadata properties for the associated Account Partner. The properties are defined through Sm_PolicyApi_WSFEDProviderProp_t.
|
Shared secret |
pszSecret="" Set to an empty string. Not applicable to this scheme. |
Is template? |
bIsTemplate=0 Set to false (0) to indicate that the scheme is not a template. Any other value is ignored. |
Is used by administrator? |
bIsUsedbyAdmin=0 Set to false (0)-scheme is not used to authenticate administrators. |
Save credentials? |
bAllowSaveCreds=0 Set to false (0) to indicate that user credentials won't be saved. |
Is RADIUS? |
bIsRadius=0 Set to false (0)-scheme is not used with RADIUS agents. |
Ignore password check? |
bIgnorePwCheck=1 Set to true (1)-ignore password checking. |
Use this table when configuring an authentication scheme based on the scheme type X.509 Client Certificate and Basic. The structure fields referenced in the table are in Sm_PolicyApi_Scheme_t.
Information Type |
Value Assignment and Meaning |
---|---|
Scheme type |
nType= The scheme type X.509 Client Certificate and Basic. |
Description |
pszDesc=description The description of the authentication scheme. |
Protection level |
nLevel=value A value of 1 through 1000. The higher the number, the greater degree of protection provided by the scheme. Default is 15. |
Library |
pszLib="smauthcert" The default library for this scheme type. |
Parameter |
pszParam=param A string containing the domain or IP address of the SSL server and the name and path of the SSL Credentials Collector (SCC). The server redirects a user's X.509 certificate over an SSL connection. Format: https://server:port/SCC?cert+basic The following example uses the default SCC: https://my.server.com:80/siteminderagent/
|
Shared secret |
pszSecret="" Set to an empty string. Not applicable to this scheme. |
Is template? |
bIsTemplate=0 Set to false (0) to indicate that the scheme is not a template. Any other value is ignored. |
Is used by administrator? |
bIsUsedbyAdmin=0 Set to false (0)-scheme is not used to authenticate administrators. |
Save credentials? |
bAllowSaveCreds=0 Set to false (0) to indicate that user credentials won't be saved. |
Is RADIUS? |
bIsRadius=0 Set to false (0)-scheme is not used with RADIUS agents. |
Ignore password check? |
bIgnorePwCheck=flag Set to true (1) to ignore password checking, or false (0) to check passwords. Default is 0. |
Use this table when configuring an authentication scheme based on the scheme type X.509 Client Certificate and Form. The structure fields referenced in the table are in Sm_PolicyApi_Scheme_t.
Information Type |
Value Assignment and Meaning |
---|---|
Scheme type |
nType= The scheme type X.509 Client Certificate and HTML Form. |
Description |
pszDesc=description The description of the authentication scheme. |
Protection level |
nLevel=value A value of 1 through 1000. The higher the number, the greater degree of protection provided by the scheme. Default is 15. |
Library |
pszLib="smauthcert" The default library for this scheme type. |
Parameter |
pszParam=param A string containing the domain or IP address of the SSL server and the name and path of the forms credentials collector (FCC). The server redirects a user's X.509 certificate over an SSL connection. Format: https://server:port/FCC?cert+forms The following example uses the default FCC: https://my.server.com:80/siteminderagent/
|
Shared secret |
pszSecret="" Set to an empty string. Not applicable to this scheme. |
Is template? |
bIsTemplate=0 Set to false (0) to indicate that the scheme is not a template. Any other value is ignored. |
Is used by administrator? |
bIsUsedbyAdmin=0 Set to 0-scheme is not used to authenticate administrators. |
Save credentials? |
bAllowSaveCreds=0 Set to 0 to indicate that user credentials won't be saved. |
Is RADIUS? |
bIsRadius=0 Set to 0-scheme is not used with RADIUS agents. |
Ignore password check? |
bIgnorePwCheck=flag Set to 1 to ignore password checking, or 0 to check passwords. Default is 0. |
Use this table when configuring an authentication scheme based on the scheme type X.509 Client Certificate or Basic. The structure fields referenced in the table are in Sm_PolicyApi_Scheme_t.
Information Type |
Value Assignment and Meaning |
---|---|
Scheme type |
nType= The scheme type X.509 Client Certificate or Basic. |
Description |
pszDesc=description The description of the authentication scheme. |
Protection level |
nLevel=value A value of 1 through 1000. The higher the number, the greater degree of protection provided by the scheme. Default is 5. |
Library |
pszLib="smauthcert" The default library for this scheme type. |
Parameter |
pszParam=param A string containing the following information:
If you are using basic authentication over SSL, also provide the following two pieces of information:
https://SSLserver:port/SCC?certorbasic; The following example uses the default SCC values: https://my.SSLserver.com:80/siteminderagent/
|
Shared secret |
pszSecret="" Set to an empty string. Not applicable to this scheme. |
Is template? |
bIsTemplate=0 Set to false (0) to indicate that the scheme is not a template. Any other value is ignored. |
Is used by administrator? |
bIsUsedbyAdmin=0 Set to false (0)-scheme is not used to authenticate administrators. |
Save credentials? |
bAllowSaveCreds=0 Set to false (0) to indicate that user credentials won't be saved. |
Is RADIUS? |
bIsRadius=0 Set to false (0)-scheme is not used with RADIUS agents. |
Ignore password check? |
bIgnorePwCheck=flag Set to true (1) to ignore password checking, or false (0) to check passwords. Default is 0. |
Use this table when configuring an authentication scheme based on the scheme type X.509 Client Certificate or Form. The structure fields referenced in the table are in Sm_PolicyApi_Scheme_t.
Information Type |
Value Assignment and Meaning |
---|---|
Scheme type |
nType= The scheme type X.509 Client Certificate or HTML Form. |
Description |
pszDesc=description The description of the authentication scheme. |
Protection level |
nLevel=value A value of 1 through 1000. The higher the number, the greater degree of protection provided by the scheme. Default is 5. |
Library |
pszLib="smauthcertorform" The default library for this scheme type. |
Parameter |
CpszParam=param A string containing the following information:
If you are using an alternate forms-based authentication over SSL, also provide the following two pieces of information:
https://SSLserver:port/SFCC?certorform; The following example uses the default SCC values: https://my.SSLserver.com:80/siteminderagent/
|
Shared secret |
pszSecret="" Set to an empty string. Not applicable to this scheme. |
Is template? |
bIsTemplate=0 Set to false (0) to indicate that the scheme is not a template. Any other value is ignored. |
Is used by administrator? |
bIsUsedbyAdmin=0 Set to 0-scheme is not used to authenticate administrators. |
Save credentials? |
bAllowSaveCreds=0 Set to 0 to indicate that user credentials won't be saved. |
Is RADIUS? |
bIsRadius=0 Set to 0-scheme is not used with RADIUS agents. |
Ignore password check? |
bIgnorePwCheck=flag Set to 1 to ignore password checking, or 0 to check passwords. Default is 0. |
Use this table when configuring an authentication scheme based on the scheme type X.509 Client Certificate. The structure fields referenced in the table are in Sm_PolicyApi_Scheme_t.
Information Type |
Value Assignment and Meaning |
---|---|
Scheme type |
nType=Sm_Api_SchemeType_X509ClientCert The scheme type X.509 Client Certificate. |
Description |
pszDesc=description The description of the authentication scheme. |
Protection level |
nLevel=value A value of 1 through 1000. The higher the number, the greater degree of protection provided by the scheme. Default is 5. |
Library |
pszLib="smauthcert" The default library for this scheme type. |
Parameter |
pszParam=param A string containing the domain or IP address of the server responsible for establishing the SSL connection and the name and path of the SSL Credentials Collector (SCC). The server redirects a user's X.509 certificate over an SSL connection. Format: https://server/SCC?cert The following example uses the default SCC value: https://my.server.com/siteminderagent/
|
Shared secret |
pszSecret="" Set to an empty string. Not applicable to this scheme. |
Is template? |
bIsTemplate=0 Set to false (0) to indicate that the scheme is not a template. Any other value is ignored. |
Is used by administrator? |
bIsUsedbyAdmin=0 Set to false (0)-scheme is not used to authenticate administrators. |
Save credentials? |
bAllowSaveCreds=0 Set to false (0) to indicate that user credentials won't be saved. |
Is RADIUS? |
bIsRadius=0 Set to false (0)-scheme is not used with RADIUS agents. |
Ignore password check? |
bIgnorePwCheck=1 Set to true (1)-ignore password checking. |
Copyright © 2012 CA.
All rights reserved.
|
|