WS-Federation Template

Use this table when configuring a WSFED authentication scheme based on the WSFED scheme type. A Resource Partner uses this authentication scheme to transparently validate a user based on the information in a SAML 1.0 assertion. This transparent validation allows functionality such as single sign-on and single logout.
casso1283
Use this table when configuring a WSFED authentication scheme based on the WSFED scheme type. A Resource Partner uses this authentication scheme to transparently validate a user based on the information in a SAML 1.0 assertion. This transparent validation allows functionality such as single sign-on and single logout.
When you configure a WSFED authentication scheme, you also define metadata properties for the associated Account Partner, that is, the Account Partner that supplies the assertion to the Resource Partner.
The properties of the Account Partner are stored with the authentication scheme object as a separate set of properties. As a result, two structures are used to configure a WSFED authentication scheme:
  • The structure fields referenced in the following table are in Sm_PolicyApi_Scheme_t.
  • The metadata properties for the associated Account Partner are defined through Sm_PolicyApi_WSFEDProviderProp_t.
Information Type
Value Assignment and Meaning
Scheme type
nType
=Sm_Api_SchemeType_WSFED
The scheme type WSFED.
Description
pszDesc
=
description
The description of the authentication scheme.
Protection level
nLevel
=
value
A value of 1 through 1000. The higher the number, the greater degree of protection provided by the scheme. Default is 5.
Library
pszLib
="smauthsaml"
The default library for this scheme type.
Parameter
pszParam
=""
Set to an empty string.
SiteMinder
assigns a parameter value.
The parameter is a reference to the WSFED metadata properties for the associated Account Partner. The properties are defined through Sm_PolicyApi_WSFEDProviderProp_t.
 
Shared secret
pszSecret
=""
Set to an empty string. Not applicable to this scheme.
Is template?
bIsTemplate
=0
Set to false (0) to indicate that the scheme is not a template. Any other value is ignored.
Is used by administrator?
bIsUsedbyAdmin
=0
Set to false (0)-scheme is not used to authenticate administrators.
Save credentials?
bAllowSaveCreds
=0
Set to false (0) to indicate that user credentials won't be saved.
Is RADIUS?
bIsRadius
=0
Set to false (0)-scheme is not used with RADIUS agents.
Ignore password check?
bIgnorePwCheck
=1
Set to true (1)-ignore password checking.