Sm_PolicyApi_WSFEDProviderProp_t

Defines a linked list of WS-Federation Provider properties, that is, name/value pairs.
casso10
Defines a linked list of WS-Federation Provider properties, that is, name/value pairs.
An Sm_PolicyApi_WSFEDProviderProp_t structure consists of a single name/value pair. You define a set of properties for a given WS-Federation object through a linked list of Sm_PolicyApi_WSFEDProviderProp_t structures.
Syntax
typedef struct Sm_PolicyApi_WSFEDProviderProp_s
{
    int iStructId;  
    char pszName[BFSIZE];   
    char pszValue[BFSIZE];  
    Sm_PolicyApi_WSFEDProviderProp_t* next; 
} Sm_PolicyApi_WSFEDProviderProp_t;
Parameters
  • iStructId
    ID of the structure in Sm_PolicyAp_Structs_t. Should be set to Sm_PolicyApi_WSFEDProviderProp_ID.
  • pszName
    Name of the WS-Federation Provider property.
  • pszValue
    Value of the WS-Federation Provider property.
  • next
    Pointer to the next WS-Federation Provider property data in the linked list.
Each Sm_PolicyApi_WSFEDProviderProp_t structure contains a WS-Federationmetadata property defined as a name/value pair. A complete set of propertiesfor a particular object is defined as a linked list of Sm_PolicyApi_WSFEDProviderProp_t structures.
The following metadata properties apply to WS-Federation objects types:
  • Common properties
  • Properties for defining a Resource Partner
  • Properties for defining an Account Partner
Optional properties are specified in square brackets.
For Boolean values, a value of 1 denotes true; any other value denotes false.
The Property Name column also includes the corresponidng C Policy Management API macro name.
Common Properties
The following table specifies the metadata properties that are common to defining a Resource Partner or an Account Partner:
Property Name
Type
Description
General
Name
WSFED_NAME
String
Name of the provider.
[Description]
WSFED_DESCRIPTION
String
Brief description of the provider.
[SkewTime]
WSFED_SKEW_TIME
String
The skew time between consumer and producer sides in seconds. This value is used to calculate validity duration of assertions and of SLO requests. The default value is 30.
Versioning
[WSFEDMajorVersion]
WSFED_MAJOR_VERSION
Int
Version of WSFED protocol supported by this provider. The value of this property has to be set to 1.
[WSFEDMinorVersion]
WSFED_MINOR_VERSION
Int
Version of WSFED protocol supported by this provider. The value of this property has to be set to 0.
[WSFEDSAMLMajorVersion]
WSFED_SAML_MAJOR_
VERSION
Int
Version of SAML protocol supported by this provider. The value of this property has to be set to 1.
[WSFEDSAMLMinorVersion]
WSFED_SAML_MINOR_
VERSION
Int
Version of WSFED protocol supported by this provider. The value of this property has to be set to 1.
Resource Partner Properties
The following table lists the metadata properties used to define a Resource Partner:
Property Name
Type
Description
Domain
WSFED_RP_DOMAIN
OID
The Domain OID where this Resource Partner is defined
[Enabled]
WSFED_ENABLED
Bool
Boolean indicating if the provider is enabled. If not provided, defaults to true. This property does not get stored physically to the property collection but is used to enable underlying policy.
NetegrityAffiliateMinderAuthURL
WSFED_RP_AUTHENTICATION_URL
String
The protected URL used to authenticate Resource Partner users.
NameID
[NameIdFormat]
WSFED_RP_NAMEID_FORMAT
String
The URI for a WSFED name identifier.
[NameIdType]
WSFED_RP_NAMEID_TYPE
Int
Represents the type of name identifier:
0 - Static Text
1 - User Attribute
2 - DN Attribute
Defaults to 1
[NameIdStatic]
WSFED_RP_NAMEID_STATIC
String
The static text to be used as the name identifier when the NameIdType == 0. The Policy Management API will return an error if no value is specified for this property and NameIdType==0.
[NameIdAttrName]
WSFED_RP_NAMEID_ATTR_NAME
String
The attribute name (user or DN) which holds the name identifier when NameIdType == 1 or NameIdType == 2. If "NameIdType" is set to "1" or "2", "NameIdAttrName" property should have a value, otherwise the Policy Management API will return an error.
[NameIdDNSpec]
WSFED_RP_NAMEID_DN_SPEC
String
The DN spec used when the NameIdType == 2. If "NameIdType" is set to "2", "NameIdDNSpec" property should have a value, otherwise the Policy Management API will return error.
[NameIdAllowNested]
WSFED_RP_NAMEID_ALLOWED_
NESTED
Bool
Flag indicating whether nested groups are allowed when selecting a DN attribute for the name identifier. Defaults to zero.
General
KEY_RPID
WSFED_KEY_RPID
String
The Resource Partner ID for WSFED Assertion Consumer. Must be a URI less than 1024 characters in length. Also this is the key using which properties associated to a provider can be looked up.
APID
WSFED_APID
String
The Resource Partner ID of the WSFED Assertion Producer.
SSO
[AuthenticationMethod]
WSFED_RP_AUTHENTICATION_METHOD
String
The authentication method to use in the assertion.
[ValidityDuration]
WSFED_RP_VALIDITY_DURATION
Int
An integer number of seconds for which a generated assertion is valid. If not provided during Resource Partner creation, the default is 60 seconds.
AssertionConsumerDefaultURL
WSFED_RP_ASSERTION_CONSUMER_DEFAULT_URL
String
The default WSFED Assertion Consumer to use.
[AuthenticationLevel]
WSFED_RP_AUTHENTICATION_LEVEL
Int
The principal must have authenticated in a realm by an authentication scheme of at least this level or greater. If not supplied during Resrource Partner creation, this will default to 5.
Signout
[SLOEnabled]
WSFED_RP_SLO_ENABLED
Bool
Boolean indicating if Signout is enabled for the Resource Partner.
[SignOutCleanupURL]
WSFED_RP_SIGNOUT_CLEANUP_URL
String
Sign-out cleanup URL of the Resource Partner. This property is mandatory if SLOEnabled is true.
[SignOutConfirmURL]
WSFED_RP_SIGNOUT_CONFIRM_URL
String
URL where the user will be redirected once the Sign-out at Account Partner is complete. (If there are multiple Resource Partners available then Sign-out confirm URL of the last Resource Partner is applicable.)
Advanced
[AssertionPluginClass]
WSFED_RP_ PLUGIN_CLASS
String
The fully qualified Java class name for the Assertion Generator Plugin class to be used.
[AssertionPluginParameters]
WSFED_RP_ PLUGIN_PARAMS
String
The string containing parameters to be passed to the Assertion Generator Plugin.
Account Partner Properties
The following table lists the metadata properties used to define an Account Partner:
Property Name
Type
Description
General
KEY_APID
WSFED_KEY_APID
String
Identifier for the account partner. Among other things this identifier is used to identify assertion issuer. Also this is the key using which properties associated to a Account Partner can be looked up.
RPID
WSFED_RPID
String
Identifier of the Resource Partner.
Signing
[DisableSignatureProcessing]
WSFED_DISABLE_SIGNATURE_
PROCESSING
Bool
Specifies whether signature processing is disabled. This setting is useful during initial setup of a Account Partner. When a provider is up and running, this setting will need to be set to false, to avoid security implications. Default value is zero.
[DsigVerInfoIssuerDN]
WSFED _DSIG_VERINFO_ALIAS
String
Used to locate the certificate of the provider in the key store if it is not provided inline.
Users
[XPath]
WSFED_AP_XPATH
String
XPath query for disambiguating the principal.
[LDAPSearchSpec]
WSFED_AP_LDAP_SEARCH_SPEC
String
Search specification for LDAP directory.
[ODBCSearchSpec]
WSFED_AP_ODBC_SEARCH_SPEC
String
Search specification for ODBC directory.
[WinNTSearchSpec]
WSFED_AP_WINNT_SEARCH_SPEC
String
Search specification for WinNT directory.
[CustomSearchSpec]
WSFED_AP_CUSTOM_SEARCH_SPEC
String
Search specification for a custom directory.
[ADSearchSpec]
WSFED_AP_AD_SEARCH_SPEC
String
Search specification for AD directory.
SSO
[RedirectMode]
WSFED_AP_SSO_REDIRECT_MODE
Int
Redirect mode for assertion attributes. The following values are valid:0—302 No Data 1—302 Cookie Data 2—Server Redirect 3—Persist Attributes The default is zero.
[SSODefaultService]
WSFED_AP_SSO_DEFAULT_SERVICE
String
The default location of the Single Sign-on service.
[Target]
WSFED_AP_SSO_TARGET
String
Target resource at the destination site.
[EnforceSingleUsePolicy]
ENFORCE_SINGLE_USE_POLICY
Bool
If 1, the single use policy for POST assertions will be enforced, if 0, single use policy for POST assertions will not be enforced. Default set to 1.
Signout
[SLOEnabled]
WSFED_AP_SLO_ENABLED
Bool
Boolean indicating if Signout is enabled for the Account Partner. If not supplied during Account Partner creation, this will default to disabled.
[SignOutURL]
WSFED_AP_SIGNOUT_URL
String
Sign-out URL of the Account Partner. This property is mandatory if SLOEnabled is true.
Message Consumer Plug-in
[APPluginClass]
WSFED_AP_ PLUGIN_CLASS
String
Name of a Java class that implements customization of assertion consumption.
[APPluginParameters]
WSFED_AP_ PLUGIN_PARAMS
String
Parameters of the Java class that implements customization of assertion consumption. All parameters are concatenated into one line.
Post Processing URL Support
[UserNotFoundRedirectURL]
WSFED_AP_USER_NOT_FOUND_
REDIRECT_URL
String
Contains an optional redirect URL to be used when
- Auth Scheme cannot obtain a LoginID from the federation Message, given the configured query string- Auth Scheme can not find a user in the specific user directory, given the configured user store search string.
[UserNotFoundRedirectMode]
WSFED_AP_USER_NOT_FOUND_
REDIRECT_MODE
0/1
Default is 0.
0: Http 302 redirect without passing federation messages
1: Http Form Post Redirect
[FailureRedirectURL]
WSFED_AP_FAILURE_REDIRECT_URL
String
Contains an optional redirect URL to be used when assertion processsing has failed.
[FailureRedirectMode]
WSFED_AP_FAILURE_REDIRECT_MODE
0/1
Default is 0.
0: Http 302 redirect without passing federation messages
1: Http Form Post Redirect
[InvalidRedirectURL]
WSFED_AP_INVALID_REDIRECT_URL
String
Contains an optional redirect URL to be used when the assertion is invalid.
[InvalidRedirectMode]
WSFED_AP_INVALID_REDIRECT_MODE
0/1
Default is 0.
0: Http 302 redirect without passing federation messages
1: Http Form Post Redirect