Sm_PolicyApi_CertMap_t

Defines a stmndr certification mapping object.
sm1252sp1
Defines a
CA Single Sign-On
certification mapping object.
Syntax
typedef struct Sm_PolicyApi_CertMap_s
{
int iStructId;
char pszOid[BFSIZE];
char pszDesc[BFSIZE];
char pszUserDirOid[BFSIZE];/* Required */
char pszIssuerDN[BFSIZE];/* Required */
char pszCaDN[BFSIZE];
char pszMapAttr[BFSIZE];
Sm_PolicyApi_CertMapFlags_t nFlags;/* Required */
Sm_PolicyApi_CertMapAttrType_t nAttrType;
Sm_PolicyApi_DirType_t nDirType;/* Required */
struct Sm_PolicyApi_CertMap_s *next;
} Sm_PolicyApi_CertMap_t;
Field
Description
iStructId
Certificate mapping data structure ID, defined in Sm_PolicyApi_Structs_t.
pszOid
The object identifier of the certificate mapping object.
pszDesc
Brief description of the certificate mapping object.
pszUserDirOid
Object identifier of the user directory.
pszIssuerDN
DN of the server certificate.
pszCaDN
DN of the issuing Certificate Authority.
pszMapAttr
You can perform single attribute mapping or custom mapping:
Single Attribute Mapping
The format of the attribute is:
%{<attribute name>}
<
attribute name
> is the name of the attribute, matching a single attribute from the subject DN of a user's certificate to a single attribute stored in the user directory to verify the user's identity.
Custom Mapping
Using custom mapping expressions for complex multiple attribute mapping, you can specify multiple user attributes that should be extracted from a user DN to establish a certificate mapping. The syntax for a custom mapping expression is a parsing specification designed to enable full mapping flexibility. It indicates which information to take from the certificate and where it should be applied to in the user directory. The basic syntax is: UserAttribute=%{CertificateAttribute}, UserAttribute2=%{CertificateAttribute}
nFlags
Set one or more of these flags:
Sm_PolicyApi_CertMapFlags_CertRequired
Sm_PolicyApi_CertMapFlags_UseDistributionPoints
Sm_PolicyApi_CertMapFlags_VerifySignature
Sm_PolicyApi_CertMapFlags_CRLCheck
Sm_PolicyApi_CertMapFlags_Cache
nAttrType
This enumeration specifies how the X.509 client certificate maps to the user information in the authentication directory.
Sm_PolicyApi_CertMapAttrType_Single = 1Specify single attribute to make the Policy Server match a single attribute from the subject DN of a user's certificate to a single attribute stored in the user directory to verify the user's identity.
Sm_PolicyApi_CertMapAttrType_Custom = 2You can specify a custom mapping expression to verify the user's identity. Specify this attribute type if the mapping is based on a custom expression.
Sm_PolicyApi_CertMapAttrType_Exact = 3Specify exact attribute type to make the Policy Server match the user's entire DN from the certificate to the entire DN in the authentication directory.
nDirType
The type of directory used to authenticate users. One of these values:
Sm_PolicyApi_DirType_LDAP = 1
Sm_PolicyApi_DirType_WinNT = 2
Sm_PolicyApi_DirType_ODBC = 3
next
Pointer to the next registration scheme structure.