Sm_PolicyApi_CertMap_t
Defines a stmndr certification mapping object.
casso10
Defines a
CA Single Sign-On
certification mapping object.Syntax
typedef struct Sm_PolicyApi_CertMap_s{int iStructId;char pszOid[BFSIZE];char pszDesc[BFSIZE];char pszUserDirOid[BFSIZE];/* Required */char pszIssuerDN[BFSIZE];/* Required */char pszCaDN[BFSIZE];char pszMapAttr[BFSIZE];Sm_PolicyApi_CertMapFlags_t nFlags;/* Required */Sm_PolicyApi_CertMapAttrType_t nAttrType;Sm_PolicyApi_DirType_t nDirType;/* Required */struct Sm_PolicyApi_CertMap_s *next;} Sm_PolicyApi_CertMap_t;
Field | Description |
iStructId
| Certificate mapping data structure ID, defined in Sm_PolicyApi_Structs_t. |
pszOid
| The object identifier of the certificate mapping object. |
pszDesc
| Brief description of the certificate mapping object. |
pszUserDirOid
| Object identifier of the user directory. |
pszIssuerDN
| DN of the server certificate. |
pszCaDN
| DN of the issuing Certificate Authority. |
pszMapAttr
| You can perform single attribute mapping or custom mapping: Single Attribute Mapping The format of the attribute is: %{<attribute name>} < attribute name > is the name of the attribute, matching a single attribute from the subject DN of a user's certificate to a single attribute stored in the user directory to verify the user's identity.Custom Mapping Using custom mapping expressions for complex multiple attribute mapping, you can specify multiple user attributes that should be extracted from a user DN to establish a certificate mapping. The syntax for a custom mapping expression is a parsing specification designed to enable full mapping flexibility. It indicates which information to take from the certificate and where it should be applied to in the user directory. The basic syntax is: UserAttribute=%{CertificateAttribute}, UserAttribute2=%{CertificateAttribute} |
nFlags
| Set one or more of these flags: Sm_PolicyApi_CertMapFlags_CertRequired Sm_PolicyApi_CertMapFlags_UseDistributionPoints Sm_PolicyApi_CertMapFlags_VerifySignature Sm_PolicyApi_CertMapFlags_CRLCheck Sm_PolicyApi_CertMapFlags_Cache |
nAttrType
| This enumeration specifies how the X.509 client certificate maps to the user information in the authentication directory. Sm_PolicyApi_CertMapAttrType_Single = 1Specify single attribute to make the Policy Server match a single attribute from the subject DN of a user's certificate to a single attribute stored in the user directory to verify the user's identity. Sm_PolicyApi_CertMapAttrType_Custom = 2You can specify a custom mapping expression to verify the user's identity. Specify this attribute type if the mapping is based on a custom expression. Sm_PolicyApi_CertMapAttrType_Exact = 3Specify exact attribute type to make the Policy Server match the user's entire DN from the certificate to the entire DN in the authentication directory. |
nDirType
| The type of directory used to authenticate users. One of these values: Sm_PolicyApi_DirType_LDAP = 1 Sm_PolicyApi_DirType_WinNT = 2 Sm_PolicyApi_DirType_ODBC = 3 |
next
| Pointer to the next registration scheme structure. |