smauthetsso authentication scheme

This authentication scheme is similar to the stmndr X.509 certification scheme, but with an eSSO cookie as the authentication credential instead of an X.509 credential.
casso1283
This authentication scheme is similar to the
SiteMinder
X.509 certification scheme, but with an eSSO cookie as the authentication credential instead of an X.509 credential.
If this scheme is configured for either cookieorbasic or cookieorforms mode, and both an eSSO cookie and login name and password credentials are passed to it, the eSSO cookie is ignored, and the login name and password are used to authenticate the user to
SiteMinder
.
When the eSSO cookie is the only credential, the authentication scheme uses the ETWAS API to connect to the configured eSSO Policy Server to validate the cookie and extract the user Distinguished Name (DN) from it.
Use this table when configuring an smauthetsso authentication scheme, which is based on the Custom schemetype. The structure fields referenced in the table are in Sm_PolicyApi_Scheme_t.
Information Type
Value Assignment and Meaning
Scheme type
nType
=Sm_Api_SchemeType_Custom
Uses the Custom scheme type
Description
pszDesc
=
description
The description of the authentication scheme.
Protection level
nLevel
=
value
A value of 0 through 1000. The higher the number, the greater degree of protection provided by the scheme. Default is 5.
Library
pszLib
="smauthetsso"
The name of the library of this authentication scheme.
Parameter
pszParam
=
param
An ordered set of tokens, separated by semi-colons:<
Mode
>[;
<Target>
]; <
Admin
>; <
eTPS_Host
>
You can add spaces to make the string easier to read.
<
Mode
> specifies the type of credentials that the authenticaion scheme will accept. The following values are possible:
cookie -- Only eTrust SSO Cookies are acceptable
cookieorbasic -- If an eTrust SSO Cookie is not provided, a login name and password are requested by using Basic Authentication.
cookieorforms -- If an eTrust SSO Cookie is not provided, a login name and password are requested by using Forms Authentication.
 
<
Target
> is valid only with cookieorforms mode. This is identical to the Target field for standard HTML Forms Authentication Scheme.
<
Admin
> specifies the login ID of an administrator for the eTrust Policy Server. The password for this administrator has been specified in the Shared Secret field.
<
eTPO_Host
> specifies the name of the amchine on which the Policy Server is installed.
SiteMinder
will authenticate itself as <
Admin
> to the eTrust Policy Server on the <
eTPS_Host
> so that
SiteMinder
can request validation of eTrust SSO cookies.
Examples:pszParam="cookie; SMPS_sso; myserver.myco.com"pszParam="cookieorforms; /siteminderagent/forms/login.fcc; SMPS_sso; myserver.myco.com"
 
Shared secret
pszSecret
=
secret
The password of the eTrust Policy Server administrator named in the Paramter field.
Is template?
bIsTemplate
=0
Set to false (0) to indicate that the scheme is not a template. Any other value is ignored.
Is used by administrator?
bIsUsedbyAdmin
=
flag
Set to true (1) to specify that the scheme can be used to authenticate administrators, or to false (0) to specify that the scheme cannot be used to authenticate administrators. Default is 0.
Save credentials?
bAllowSaveCreds
=0
Set to false (0) to indicate that user credentials won't be saved.
Is RADIUS?
bIsRadius
=0
Set to false (0)-scheme is not used with RADIUS agents.
Ignore password check?
bIgnorePwCheck
=
flag
Set to true (1) to ignore password checking, or false (0) to check passwords. Default is 0.