MS Passport Template

Programming Guides › Programming Guide for Java › Policy Management API › Policy Migration Methods › MS Passport Template

MS Passport Template

Use this table when configuring an authentication scheme based on scheme type MS Passport. The Java methods referenced in the table are in the class SmScheme.

Information Type	Value Assignment and Meaning
Scheme type	setType(TypeMSPassport) The scheme type MS Passport.
Description	setDescription(description) The description of the authentication scheme.
Protection level	setLevel(value) A value of 1 through 1000. The higher the number, the greater degree of protection provided by the scheme. Default is 1.
Library	setLibrary("smauthmspp") The default library for this scheme type.
Parameter	setParameter(param) The following information, separated by semicolons: A DN for an anonymous user. Format: anonuser=anonUserDN If you specify an anonymous user DN, the protection level is 0. The search string for looking up a user in a user directory of the specified type. Format: attribute=nameSpace:attrib=searchSpec Valid namespaces are LDAP, AD, ODBC, WinNT, and Custom. The registration URL. The URL can be a custom URL or a SiteMinder form. Formats: registrationurl=URL (custom URL) registrationurl=FORM=URL (SiteMinder form) Example using an LDAP attribute and a custom URL: attribute=LDAP:altSecurityIdentities= Kerberos:%s@company.local;registrationurl =http://passport.xanadu.local/registration/passportreg.asp
Shared secret	setSecret("") Set to an empty string. Not applicable to this scheme.
Is template?	setIsTemplate(templateFlag) Set to false (0) to indicate that the scheme is not a template.
Is used by administrator?	setIsUsedByAdmin(0) Set to false (0)—scheme is not used to authenticate administrators.
Save credentials?	setAllowSaveCreds(0) Set to false (0) to indicate that user credentials won’t be saved.
Is RADIUS?	setIsRadius(0) Set to false (0)—scheme is not used with RADIUS agents.
Ignore password check?	setIgnorePwCheck(1) Set to true (1)—ignore password checking.

RADIUS CHAP/PAP Template

Use this table when configuring an authentication scheme based on the scheme type RADIUS CHAP/PAP. The Java methods referenced in the table are in the class SmScheme.

Information Type	Value Assignment and Meaning
Scheme type	setType(TypeRadiusChapPap) The scheme type RADIUS CHAP/PAP.
Description	setDescription(description) The description of the authentication scheme.
Protection level	setLevel(value) A value of 1 through 1000. The higher the number, the greater degree of protection provided by the scheme. Default is 5.
Library	setLibrary("smauthchap") The default library for this scheme type.
Parameter	setParameter(param) A string containing the name of a user directory attribute. This attribute is used as the clear text password for authentication.
Shared secret	setSecret("") Set to an empty string. Not applicable to this scheme.
Is template?	setIsTemplate(0) Set to false (0) to indicate that the scheme is not a template.
Is used by administrator?	setIsUsedByAdmin(0) Set to false (0)—scheme is not used to authenticate administrators.
Save credentials?	setAllowSaveCreds(0) Set to false (0) to indicate that user credentials won’t be saved.
Is RADIUS?	setIsRadius(1) Set to true (1)—scheme can be used with RADIUS agents.
Ignore password check?	setIgnorePwCheck(flag) Set to true (1) to ignore password checking, or false (0) to check passwords. Default is 0.

RADIUS Server Template

Use this table when configuring an authentication scheme based on the scheme type RADIUS Server. The Java methods referenced in the table are in the class SmScheme.

Information Type	Value Assignment and Meaning
Scheme type	setType(TypeRadiusServer) The scheme type RADIUS Server.
Description	setDescription(description) The description of the authentication scheme.
Protection level	setLevel(value) A value of 1 through 1000. The higher the number, the greater degree of protection provided by the scheme. Default is 5.
Library	setLibrary("smauthradius") The default library for this scheme type.
Parameter	setParameter(param) A string containing the IP address and port of the RADIUS server—for example: 123.123.12.12:1645 The default UDP port is 1645.
Shared secret	setSecret(secret) The user attribute that the RADIUS Server will use as the clear text password.
Is template?	setIsTemplate(0) Set to false (0) to indicate that the scheme is not a template.
Is used by administrator?	setIsUsedByAdmin(1) Set to true (1)—scheme can be used to authenticate administrators.
Save credentials?	setAllowSaveCreds(0) Set to false (0) to indicate that user credentials won’t be saved.
Is RADIUS?	setIsRadius(1) Set to true (1)—scheme can be used with RADIUS agents..
Ignore password check?	setIgnorePwCheck(flag) Set to true (1) to ignore password checking, or false (0) to check passwords. Default is 0.

SafeWord HTML Form Template

Use this table when configuring an authentication scheme based on the scheme type SafeWord HTML Form. The Java methods referenced in the table are in the class SmScheme.

Information Type	Value Assignment and Meaning
Scheme type	setType(TypeSafeWordHTMLForm) The scheme type SafeWord HTML Form.
Description	setDescription(description) The description of the authentication scheme.
Protection level	setLevel(value) A value of 1 through 1000. The higher the number, the greater degree of protection provided by the scheme. Default is 10.
Library	setLibrary("smauthenigmahtml") The default library for this scheme type.
Parameter	setParameter(param) A string containing the name and location of the forms credentials collector. This example shows the default credentials collector: http://my.server.com/ siteminderagent/forms/safeword.fcc
Shared secret	setSecret("") Set to an empty string. Not applicable to this scheme.
Is template?	setIsTemplate(0) Set to false (0) to indicate that the scheme is not a template.
Is used by administrator?	setIsUsedByAdmin(1) Set to true (1)—scheme can be used to authenticate administrators.
Save credentials?	setAllowSaveCreds(0) Set to false (0) to indicate that user credentials won’t be saved.
Is RADIUS?	setIsRadius(1) Set to true (1)—scheme can be used with RADIUS agents..
Ignore password check?	setIgnorePwCheck(1) Set to true (1)—ignore password checking.

SafeWord Template

Use this table when configuring an authentication scheme based on the scheme type SafeWord. The Java methods referenced in the table are in the class SmScheme.

Information Type	Value Assignment and Meaning
Scheme type	setType(TypeSafeWordServer) The scheme type SafeWord.
Description	setDescription(description) The description of the authentication scheme.
Protection level	setLevel(value) A value of 1 through 1000. The higher the number, the greater degree of protection provided by the scheme. Default is 10.
Library	setLibrary("smauthenigma") The default library for this scheme type.
Parameter	setParameter("") Set to an empty string. Not applicable to this scheme.
Shared secret	setSecret("") Set to an empty string. Not applicable to this scheme.
Is template?	setIsTemplate(0) Set to false (0) to indicate that the scheme is not a template.
Is used by administrator?	setIsUsedByAdmin(1) Set to true (1)—scheme can be used to authenticate administrators.
Save credentials?	setAllowSaveCreds(0) Set to false (0) to indicate that user credentials won’t be saved.
Is RADIUS?	setIsRadius(1) Set to true (1)—scheme can be used with RADIUS agents..
Ignore password check?	setIgnorePwCheck(1) Set to true (1)—ignore password checking.

SAML Artifact Template

Use this table when configuring an authentication scheme based on the SAML Artifact binding. The Java methods referenced in the table are in the class SmScheme.

Information Type	Value Assignment and Meaning
Scheme type	setType(TypeSAMLArtifact) The scheme type SAML Artifact.
Description	setDescription(description) The description of the authentication scheme.
Protection level	setLevel(value) A value of 1 through 1000. The higher the number, the greater degree of protection provided by the scheme. Default is 5.
Library	setLibrary("smauthsaml") The default library for this scheme type.
Parameter	setParameter(param) The following required parameters: Name. The name of the affiliate. RedirectMode. The way in which the SAML Credentials Collector redirects to the target resource. One of the following numeric values: 0. Meaning: 302 No Data. 1. Meaning: 302 Cookie Data. 2. Meaning: Server Redirect. SRCID. The 20-byte source ID for the site that produces the SAML assertion. The ID is located at the SAML producer’s site in the properties file AMAssertionGenerator.properties. AssertionRetrievalURL. The URL for obtaining the assertion from the SAML assertion producer’s site. Audience. The URI of the document that describes the agreement between the portal and the affiliate. This value is compared with the audience value specified in the SAML assertion. Issuer. The SAML issuer specified in the assertion. AttributeXPath. A standard XPath query run against the SAML assertion. The query obtains the data that is substituted in a search specification that looks up a user. attribute. The search string for looking up a user in a user directory of the specified type. Use a percent sign ( % ) to indicate where the value returned from the XPath query should be inserted. For example, if you specify attribute LDAP:uid=%s, and user1 is returned from the query, the search string used for LDAP directories is uid=user1. At least one attribute must be specified. Format of the parameter string is as follows. Separate name/value pairs with semi-colons ( ; ). The format example includes LDAP and ODBC attributes: Name=name;RedirectMode=0\|1\|2;SRCID=srcid; AssertionRetrievalURL=url;Audience=audience; Issuer=issuer;AttributeXpath=XPathQuery; attribute=LDAP:srchSpc;attribute=ODBC:srchSpc
Shared secret	setSecret(secret) The password for the affiliate site.
Is template?	setIsTemplate(templateFlag) Set to false (0) to indicate that the scheme is not a template.
Is used by administrator?	setIsUsedByAdmin(0) Set to false (0)—scheme is not used to authenticate administrators.
Save credentials?	setAllowSaveCreds(0) Set to false (0) to indicate that user credentials won’t be saved.
Is RADIUS?	setIsRadius(0) Set to false (0)—scheme is not used with RADIUS agents.
Ignore password check?	setIgnorePwCheck(1) Set to true (1)—ignore password checking.

SecurID HTML Form Template

Use this table when configuring an authentication scheme based on the scheme type SecurID HTML Form. The Java methods referenced in the table are in the class SmScheme.

Information Type	Value Assignment and Meaning
Scheme type	setType(TypeACEServerHTMLForm) The scheme type SecurID HTML Form.
Description	setDescription(description) The description of the authentication scheme.
Protection level	setLevel(value) A value of 1 through 1000. The higher the number, the greater degree of protection provided by the scheme. Default is 15.
Library	setLibrary("smauthacehtml") The default library for this scheme type.
Parameter	setParameter(param) A string containing the name of the attribute that contains the ACE IDs, the Web server where the forms credential collector (FCC) is installed, and the target executable file required for processing SecurID authentication with forms support. It also specifies whether an SSL connection is required. Format: attr;https://server/target Note: The "s" in "https" is optional, depending on whether you want an SSL connection. The following example uses the default for processing SecurID authentication with forms support: ace_id;https://my.server.com/ siteminderagent/pwcgi/smpwservicescgi.exe
Shared secret	setSecret("") Set to an empty string. Not applicable to this scheme.
Is template?	setIsTemplate(0) Set to false (0) to indicate that the scheme is not a template.
Is used by administrator?	setIsUsedByAdmin(0) Set to false (0)—scheme is not used to authenticate administrators.
Save credentials?	setAllowSaveCreds(0) Set to false (0) to indicate that user credentials won’t be saved.
Is RADIUS?	setIsRadius(0) Set to false (0)—scheme is not used with RADIUS agents.
Ignore password check?	setIgnorePwCheck(1) Set to true (1)—ignore password checking.

SecurID Template

Use this table when configuring an authentication scheme based on the scheme type SecurID. The Java methods referenced in the table are in the class SmScheme.

Information Type	Value Assignment and Meaning
Scheme type	setType(TypeACEServer) The scheme type SecurID.
Description	setDescription(description) The description of the authentication scheme.
Protection level	setLevel(value) A value of 1 through 1000. The higher the number, the greater degree of protection provided by the scheme. Default is 15.
Library	setLibrary("smauthace") The default library for this scheme type.
Parameter	setParameter(param) A string containing the attribute in the authentication user directory that contains the ACE Server user ID.
Shared secret	setSecret("") Set to an empty string. Not applicable to this scheme.
Is template?	setIsTemplate(0) Set to false (0) to indicate that the scheme is not a template.
Is used by administrator?	setIsUsedByAdmin(1) Set to true (1)—scheme can be used to authenticate administrators.
Save credentials?	setAllowSaveCreds(0) Set to false (0) to indicate that user credentials won’t be saved.
Is RADIUS?	setIsRadius(1) Set to true (1)—scheme can be used with RADIUS agents.
Ignore password check?	setIgnorePwCheck(1) Set to true (1)—ignore password checking.

smauthetsso Authentication Scheme

The smauthetsso authentication scheme is similar to the SiteMinder X.509 certification scheme, but with an eSSO cookie as the authentication credential instead of an X.509 credential.

If this scheme is configured for either cookieorbasic or cookieorforms mode, and both an eSSO cookie and login name and password credentials are passed to it, the eSSO cookie is ignored, and the login name and password are used to authenticate the user to SiteMinder.

When the eSSO cookie is the only credential, the authentication scheme uses the ETWAS API to connect to the configured eSSO Policy Server to validate the cookie and extract the user Distinguished Name (DN) from it.

Use this table when configuring an smauthetsso authentication scheme, which is based on the scheme type Custom. The Java methods referenced in the table are in the class SmScheme.

Information Type	Value Assignment and Meaning
Scheme type	setType(TypeCustom) Uses the scheme type Custom.
Description	setDescription(description) The description of the authentication scheme.
Protection level	setLevel(value) A value of 0 through 1000. The higher the number, the greater degree of protection provided by the scheme. Default is 5.
Library	setLibrary("smauthetsso") The name of the library for this authentication scheme.
Parameter	setParameter(param) An ordered set of tokens, separated by semi-colons: <Mode>[; <Target>]; <Admin>; <eTPS_Host> You can add spaces to make the string easier to read. <Mode> specifies the type of credentials that the authenticaion scheme will accept. The following values are possible: cookie -- Only SSO Cookies are acceptable. cookieorbasic -- If an SSO Cookie is not provided, a login name and password are requested by using Basic Authentication. cookieorforms -- If an SSO Cookie is not provided, a login name and password are requested by using Forms Authentication. <Target> is valid only with cookieorforms mode. This is identical to the Target field for standard HTML Forms Authentication Scheme. <Admin> specifies the login ID of an administrator for the Policy Server. The password for this administrator has been specified in the Shared Secret field. <eTPO_Host> specifies the name of the amchine on which the Policy Server is installed. SiteMinder will authenticate itself as <Admin> to the Policy Server on the <eTPS_Host> so that SiteMinder can request validation of SSO cookies. Examples: "cookie; SMPS_sso; myserver.myco.com" "cookieorforms; /siteminderagent/forms/login.fcc; SMPS_sso; myserver.myco.com"
Shared secret	setSecret(secret) The password of the Policy Server administrator named in the Parameter field.
Is template?	setIsTemplate(0) Set to false (0) to indicate that the scheme is not a template.
Is used by administrator?	setIsUsedByAdmin(flag) Set to true (1) to specify that the scheme can be used to authenticate administrators, or to false (0) to specify that the scheme cannot be used to authenticate administrators. Default is 0.
Save credentials?	setAllowSaveCreds(0) Set to false (0) to indicate that user credentials won’t be saved.
Is RADIUS?	setIsRadius(0) Set to false (0)—scheme is not used with RADIUS agents.
Ignore password check?	setIgnorePwCheck(flag) Set to true (1) to ignore password checking, or false (0) to check passwords. Default is 0.

TeleID Template

Use this table when configuring an authentication scheme based on the scheme type TeleID. The Java methods referenced in the table are in the class SmScheme.

Information Type	Value Assignment and Meaning
Scheme type	setType(TypeEncotone) The scheme type TeleID.
Description	setDescription(description) The description of the authentication scheme.
Protection level	setLevel(value) A value of 1 through 1000. The higher the number, the greater degree of protection provided by the scheme. Default is 15.
Library	setLibrary("smauthencotone") The default library for this scheme type.
Parameter	setParameter("") Set to an empty string. Not applicable to this scheme.
Shared secret	setSecret(seed) The encryption seed. SiteMinder uses this value as an encryption seed for initializing hardware tokens.
Is template?	setIsTemplate(0) Set to false (0) to indicate that the scheme is not a template.
Is used by administrator?	setIsUsedByAdmin(1) Set to true (1)—scheme can be used to authenticate administrators.
Save credentials?	setAllowSaveCreds(0) Set to false (0) to indicate that user credentials won’t be saved.
Is RADIUS?	setIsRadius(1) Set to true (1)—scheme can be used with RADIUS agents..
Ignore password check?	setIgnorePwCheck(1) Set to true (1)—ignore password checking.

Windows Authentication Template

Use this table when configuring an Integrated Windows Authentication scheme based on the scheme type Windows Authentication (previously known as NTLM). This scheme type is used to authenticate against WinNT or Active Directory user stores.

An Active Directory can be configured to run in mixed mode or native mode. An Active Directory supports WinNT style authentication when running in mixed mode. In native mode, an Active Directory supports only LDAP style lookups.

This authentication scheme supports either mixed mode or native mode.

The Java methods referenced in the table are in the class SmScheme.

Information Type	Value Assignment and Meaning
Scheme type	setType(TypeNTLM) The scheme type Windows Authentication (NTLM).
Description	setDescription(description) The description of the authentication scheme.
Protection level	setLevel(value) A value of 1 through 1000. The higher the number, the greater degree of protection provided by the scheme. Default is 5.
Library	setLibrary("smauthntlm") The default library for this scheme type.
Parameter	setParameter(param) The value of param determines the style of authentication to perform for this scheme: NTLM authentication (for WinNT or Active Directory running in mixed mode) Format: iis-web-server-url/path-to-ntc-file In the format, iis-web-server-url is the name of the IIS web server that is the target of the redirection, and path-to-ntc-file is the location of the .ntc file that collects the WinNT credentials. For example: http://myiiswebserver.mycompany.com/ siteminderagent/ntlm/creds.ntc A SiteMinder Web Agent must be installed on the specified server. By default, the Web Agent installation creates a virtual directory for NTLM credential collection. Windows Authentication (for Active Directory running in native mode) With this authentication style, param has an LDAP filter added to the beginning of the redirection URL. The filter and URL are separated by a semi-colon (;). For example: cn=%{UID},ou=Users,ou=USA,dc=%{DOMAIN}, dc=mycompany,dc=com;http:// myiiswebserver.mycompany.com/ siteminderagent/ntlm/creds.ntc SiteMinder uses the LDAP filter to map credentials received from the browser/Web Agent to an LDAP DN or search filter.
Shared secret	setSecret("") Set to an empty string. Not applicable to this scheme.
Is template?	setIsTemplate(0) Set to false (0) to indicate that the scheme is not a template.
Is used by administrator?	setIsUsedByAdmin(0) Set to false (0)—scheme is not used to authenticate administrators.
Save credentials?	setAllowSaveCreds(0) Set to false (0) to indicate that user credentials will not be saved.
Is RADIUS?	setIsRadius(0) Set to false (0)—scheme is not used with RADIUS agents.
Ignore password check?	setIgnorePwCheck(flag) For WinNT and for Active Directory running in mixed mode, this property must be true (1)—ignore password checking. For Active Directory running in native mode, set to true (1) to ignore password checking, or false (0) to check passwords. The default is 0.

X.509 Client Cert and Basic Template

Use this table when configuring an authentication scheme based on the scheme type X.509 Client Certificate and Basic. The Java methods referenced in the table are in the class SmScheme.

Information Type	Value Assignment and Meaning
Scheme type	setType(TypeX509ClientCertAndBasic) The scheme type X.509 Client Certificate and Basic.
Description	setDescription(description) The description of the authentication scheme.
Protection level	setLevel(value) A value of 1 through 1000. The higher the number, the greater degree of protection provided by the scheme. Default is 15.
Library	setLibrary("smauthcert") The default library for this scheme type.
Parameter	setParameter(param) A string containing the domain or IP address of the SSL server and the name and path of the SSL Credentials Collector (SCC). The server redirects a user’s X.509 certificate over an SSL connection. Format: https://server:port/SCC?cert+basic The following example uses the default SCC: https://my.server.com:80/siteminderagent/ cert/smgetcred.scc?cert+basic
Shared secret	setSecret("") Set to an empty string. Not applicable to this scheme.
Is template?	setIsTemplate(0) Set to false (0) to indicate that the scheme is not a template.
Is used by administrator?	setIsUsedByAdmin(0) Set to false (0)—scheme is not used to authenticate administrators.
Save credentials?	setAllowSaveCreds(0) Set to false (0) to indicate that user credentials won’t be saved.
Is RADIUS?	setIsRadius(0) Set to false (0)—scheme is not used with RADIUS agents.
Ignore password check?	setIgnorePwCheck(flag) Set to true (1) to ignore password checking, or false (0) to check passwords. Default is 0.

X.509 Client Cert and Form Template

Use this table when configuring an authentication scheme based on the scheme type X.509 Client Certificate and Form. The Java methods referenced in the table are in the class SmScheme.

Information Type	Value Assignment and Meaning
Scheme type	setType(TypeX509ClientCertAndForm) The scheme type X.509 Client Certificate and HTML Form.
Description	setDescription(description) The description of the authentication scheme.
Protection level	setLevel(value) A value of 1 through 1000. The higher the number, the greater degree of protection provided by the scheme. Default is 15.
Library	setLibrary("smauthcert") The default library for this scheme type.
Parameter	setParameter(param) A string containing the domain or IP address of the SSL server and the name and path of the forms credentials collector (FCC). The server redirects a user’s X.509 certificate over an SSL connection. Format: https://server:port/FCC?cert+forms The following example uses the default FCC: https://my.server.com:80/siteminderagent/ certoptional/forms/login.fcc?cert+forms
Shared secret	setSecret("") Set to an empty string. Not applicable to this scheme.
Is template?	setIsTemplate(0) Set to 0 to indicate that the scheme is not a template, or 1 if the scheme is a template. Default is 0.
Is used by administrator?	setIsUsedByAdmin(0) Set to 0—scheme is not used to authenticate administrators.
Save credentials?	setAllowSaveCreds(0) Set to 0 to indicate that user credentials won’t be saved.
Is RADIUS?	setIsRadius(0) Set to 0—scheme is not used with RADIUS agents.
Ignore password check?	setIgnorePwCheck(flag) Set to 1 to ignore password checking, or 0 to check passwords. Default is 0.

X.509 Client Cert or Basic Template

Use this table when configuring an authentication scheme based on the scheme type X.509 Client Certificate or Basic. The Java methods referenced in the table are in the class SmScheme.

Information Type	Value Assignment and Meaning
Scheme type	setType(TypeX509ClientCertOrBasic) The scheme type X.509 Client Certificate or Basic.
Description	setDescription(description) The description of the authentication scheme.
Protection level	setLevel(value) A value of 1 through 1000. The higher the number, the greater degree of protection provided by the scheme. Default is 5.
Library	setLibrary("smauthcert") The default library for this scheme type.
Parameter	setParameter(param) A string containing the following information: Server for establishing an SSL connection. This server redirects a user’s X.509 certificate over an SSL connection. Name and path of the SSL Credentials Collector (SSC). If you are using basic authentication over SSL, also provide the following two pieces of information: The fully qualified name of the SSL server used for establishing an SSL connection for basic authentication. Name and path of the SSL Credentials Collector (SSC). https://SSLserver:port/SCC?certorbasic; [https://BasicServer/SCC]
	The following example uses the default SCC values: https://my.SSLserver.com:80/siteminderagent/ certoptional/smgetcred.scc?certorbasic; https://my.BasicServer.com/ siteminderagent/nocert/smgetcred.scc
Shared secret	setSecret("") Set to an empty string. Not applicable to this scheme.
Is template?	setIsTemplate(0) Set to false (0) to indicate that the scheme is not a template.
Is used by administrator?	setIsUsedByAdmin(0) Set to false (0)—scheme is not used to authenticate administrators.
Save credentials?	setAllowSaveCreds(0) Set to false (0) to indicate that user credentials won’t be saved.
Is RADIUS?	setIsRadius(0) Set to false (0)—scheme is not used with RADIUS agents.
Ignore password check?	setIgnorePwCheck(flag) Set to true (1) to ignore password checking, or false (0) to check passwords. Default is 0.

X.509 Client Cert or Form Template

Use this table when configuring an authentication scheme based on the scheme type X.509 Client Certificate or Form. The Java methods referenced in the table are in the class SmScheme.

Information Type	Value Assignment and Meaning
Scheme type	setType(TypeX509ClientCertOrForm) The scheme type X.509 Client Certificate or HTML Form.
Description	setDescription(description) The description of the authentication scheme.
Protection level	setLevel(value) A value of 1 through 1000. The higher the number, the greater degree of protection provided by the scheme. Default is 5.
Library	setLibrary("smauthcertorform") The default library for this scheme type.
Parameter	setParameter(param) A string containing the following information: Server for establishing an SSL connection. This server redirects a user’s X.509 certificate over an SSL connection. Name and path of the SSL and forms credentials collector (SFCC). If you are using an alternate forms-based authentication over SSL, also provide the following two pieces of information: The fully qualified name of the SSL server used for establishing an SSL connection for authentication. Name and path of the Forms Credentials Collector (FCC). https://SSLserver:port/SFCC?certorform; [https://BasicServer/FCC]
	The following example uses the default SCC values: https://my.SSLserver.com:80/siteminderagent/ certoptional/forms/login.sfcc?certorform; https://my.BasicServer.com/ siteminderagent/forms/login.fcc
Shared secret	setSecret("") Set to an empty string. Not applicable to this scheme.
Is template?	setIsTemplate(0) Set to 0 to indicate that the scheme is not a template, or 1 if the scheme is a template. Default is 0.
Is used by administrator?	setIsUsedByAdmin(0) Set to 0—scheme is not used to authenticate administrators.
Save credentials?	setAllowSaveCreds(0) Set to 0 to indicate that user credentials won’t be saved.
Is RADIUS?	setIsRadius(0) Set to 0—scheme is not used with RADIUS agents.
Ignore password check?	setIgnorePwCheck(flag) Set to 1 to ignore password checking, or 0 to check passwords. Default is 0.

X.509 Client Cert Template

Use this table when configuring an authentication scheme based on the scheme type X.509 Client Certificate. The Java methods referenced in the table are in the class SmScheme.

Information Type	Value Assignment and Meaning
Scheme type	setType(TypeX509ClientCert) The scheme type X.509 Client Certificate.
Description	setDescription(description) The description of the authentication scheme.
Protection level	setLevel(value) A value of 1 through 1000. The higher the number, the greater degree of protection provided by the scheme. Default is 5.
Library	setLibrary("smauthcert") The default library for this scheme type.
Parameter	setParameter(param) A string containing the domain or IP address of the server responsible for establishing the SSL connection and the name and path of the SSL Credentials Collector (SCC). The server redirects a user’s X.509 certificate over an SSL connection. Format: https://server/SCC?cert The following example uses the default SCC value: https://my.server.com/siteminderagent/ cert/smgetcred.scc?cert
Shared secret	setSecret("") Set to an empty string. Not applicable to this scheme.
Is template?	setIsTemplate(0) Set to false (0) to indicate that the scheme is not a template.
Is used by administrator?	setIsUsedByAdmin(0) Set to false (0)—scheme is not used to authenticate administrators.
Save credentials?	setAllowSaveCreds(0) Set to false (0) to indicate that user credentials won’t be saved.
Is RADIUS?	setIsRadius(0) Set to false (0)—scheme is not used with RADIUS agents.
Ignore password check?	setIgnorePwCheck(1) Set to true (1)—ignore password checking.

Performance Consideration

The following properties of the SmRealm object are set to true by default:

PropProcessAuthEvents. When true, authentication event processing occurs.
PropProcessAzEvents. When true, authorization event processing occurs.

Authentication and authorization event processing affect performance. If no rules in the realm are triggered by authentication or authorization events, set the associated property to false.