|
|
|
You can define multiple instances of a vendor-specific attribute for the same Agent type. When you define multiple instances of a vendor-specific attribute, you can send a different value to the NAS device for each instance of the attribute. For example, for a Cisco Agent, you could define the following vendor-specific attributes, all using the same identifier (26):
The settings that define the number of times an attribute can be used within a response are located on the Properties tab of the Agent Attribute Properties dialog box.
To configure the attribute to be used multiple times, the Access Accept value must be set to Zero or Many.
The type of attribute that you define must match the vendor type of the Agent returning the response. For example, a vendor-specific Cisco attribute can only be returned by a Cisco Agent.
When the response is returned by the Agent, the packet structure of the response reflects the type of RADIUS Agent that sent the response. For example, the packet structure of a response returned by a Cisco Agent would include the vendor ID and the length of the string.
To define an attribute for an Agent type
The Agent Types icon appears in the System Configuration list in the left pane.
The SiteMinder Agent types List appears.
The Agent Type Properties dialog box appears.
The SiteMinder Agent Attribute dialog box appears.
Note: More information about attribute types exists in Attribute Types.
Although it is possible to overwrite the identifier of a Generic RADIUS attribute, you should generally retain the pre-defined Generic RADIUS attribute definitions, which match the RADIUS specification (RFC 2138).
Note: For more information about the attribute identifiers, see your RADIUS vendor documentation.
Provides information used to determine whether or not a user is allowed access to a specific NAS. The Access Request packets also provide information for any special services requested for that user.
Provides specific configuration information necessary to begin delivery of service to the user.
Note: You must set the Access Accept value to Zero or One, Zero or Many, or One and Only One in order to use the attribute in a response.
Sends information if any value of the received Attributes is not acceptable. This code is often used for reply messages.
Sends information if the NAS device has been configured for challenge/response.
Describes the type of service being delivered and the user to whom it is being delivered.
Sends information if the Accounting Request was recorded successfully. A RADIUS Accounting-Response is not required to have any attributes in it.
For each code, you can define one of the following occurrences:
Attribute cannot be used in a response.
One instance or no instances of the attribute can be returned in the same response. If this value is selected, and you use the attribute in a response, the attribute will be removed from the Attribute drop-down list after you have used the attribute in a response.
Multiple instances or no instances of the attribute can be returned in the same response.
One instance of the attribute must be returned in a response. If this value is selected, and you use the attribute in a response, the attribute will be removed from the Attribute drop-down list after you have used the attribute in a response.
Use this tab to define a list of pre-defined values from which the user can choose when configuring the attribute in a response. The values are used in the Response Attribute dialog box, which is used when configuring a response.
By mapping the symbolic names to the values, it is easier to use the attribute in a response, rather than having to remember the actual numeric values.
The attribute is added to the Agent Type Attributes list.
The attribute is added to the properties of the Agent type. When you configure a response for this Agent type, you can use this attribute by selecting it from the Response Editor dialog box shown.
| Copyright © 2011 CA. All rights reserved. | Email CA Technologies about this topic |