Class IPS_IEEE8021xSettings
CIM_ManagedElement
CIM_SettingData
CIM_IEEE8021xSettings
IPS_IEEE8021xSettings
class IPS_IEEE8021xSettings
- extends CIM_IEEE8021xSettings
General
Information:
Qualifiers:
-------------
Version=8.0.0
Supported Fields
Summary |
uint8[32]
|
PSK A pre-shared key used
for pre-shared key EAP types such as EAP-PSK, EAP-SIM, and EAP-AKA.
|
string
|
PACPassword
Optional password to extract the PAC (Protected Access
Credential) information from the PAC data.
|
uint8[32]
|
ProtectedAccessCredential
A credential used by the supplicant and AAA server to establish
a mutually authenticated encrypted tunnel for confidential user
authentication.
|
string
|
Domain The domain (also
known as realm) within which Username is unique.
|
string
|
Password A password
associated with the user identified by Username within Domain.
|
string
|
Username Identifies
the user requesting access to the network.
|
uint16
|
ServerCertificateNameComparison
The comparison algorithm that shall be used by the server to
validate the subject name field of the certificate presented by the AAA
server against the value of the ServerCertificateName property.
|
string
|
ServerCertificateName The
name that shall be compared against the subject name field in the
certificate provided by the AAA server . . .
|
string
|
RoamingIdentity
A string presented to the authentication server in 802.1x
protocol exchange . . .
|
uint16
|
AuthenticationProtocol
AuthenticationProtocol shall indicate the desired EAP
(Extensible Authentication Protocol) type. * EAP-TLS (0): shall indicate
that the desired EAP type is the Transport Layer Security EAP type
specified in RFC 2716 . . .
|
string
|
InstanceID Within the scope of the instantiating Namespace,
InstanceID opaquely and uniquely identifies an instance of this class . .
.
|
string
|
ElementName The
user-friendly name for this instance of SettingData . . .
|
uint32
|
PxeTimeout Timeout
in seconds, in which the Intel(R) AMT will hold an authenticated 802.1X
session . . .
|
boolean
|
AvailableInS0
Indicates the activity setting of the 802.1X module in S0 state
. . .
|
uint32
|
Enabled Indicates
whether the 802.1x profile is enabled.
|
Methods Summary |
uint32 |
SetCertificates(REF
ServerCertificateIssuer, REF ClientCertificate) Set the
certificates associated with the 8021X profile.
|
|
Put(Instance) Changes
properties of the selected instance
|
|
Get(Instance) Gets the
representation of the instance
|
|
Pull(EnumerationContext,
MaxElements) Pulls instances of this class, following an
Enumerate operation
|
|
Enumerate()
Enumerates the instances of this class
|
|
Release(EnumerationContext)
Releases an enumeration context
|
PSK
public uint8[32] PSK
- General Information:
A pre-shared key used for pre-shared key
EAP types such as EAP-PSK, EAP-SIM, and
EAP-AKA.
Qualifiers:
-------------
OctetString
MappingStrings={RFC4764.IETF,
RFC4186.IETF, RFC4187.IETF}
PACPassword
public string PACPassword
- General Information:
Optional password to extract the PAC
(Protected Access Credential) information from the PAC
data.
Qualifiers:
-------------
MappingStrings={RFC4851.IETF}
MaxLen=256
ProtectedAccessCredential
public uint8[32] ProtectedAccessCredential
- General Information:
A credential used by the supplicant and AAA
server to establish a mutually authenticated encrypted tunnel for confidential
user authentication.
Product Specific Usage:
Additional
Notes:
1) This field is relevant for EAP-FAST only. It is not required if
the server is configured for "PAC provisioning".
Qualifiers:
-------------
OctetString
MappingStrings={RFC4851.IETF}
Domain
public string Domain
- General Information:
The domain (also known as realm) within
which Username is unique.
Product Specific Usage:
The Domain
string shouldn't contain the suffix, so the user name (Domain\user) will be
correct.
If the Domain string contains a suffix (e.g. Domain = intel.com),
the user trying to authenticate will be of the form intel.com\user (instead of
intel\user) and thus authentication will
fail.
Qualifiers:
-------------
MappingStrings={draft-ietf-pppext-eap-ttls.IETF,
draft-kamath-pppext-peapv0.IETF, draft-josefsson-pppext-eap-tls-eap,
RFC4851.IETF, RFC3748.IETF, RFC4764.IETF, RFC4186.IETF,
RFC4187.IETF}
MaxLen=256
Password
public string Password
- General Information:
A password associated with the user
identified by Username within
Domain.
Qualifiers:
-------------
MappingStrings={draft-ietf-pppext-eap-ttls.IETF,
draft-kamath-pppext-peapv0.IETF, draft-josefsson-pppext-eap-tls-eap,
RFC4851.IETF, RFC3748.IETF}
MaxLen=256
Username
public string Username
- General Information:
Identifies the user requesting access to
the
network.
Qualifiers:
-------------
MappingStrings={RFC2716.IETF,
draft-ietf-pppext-eap-ttls.IETF, draft-kamath-pppext-peapv0.IETF,
draft-josefsson-pppext-eap-tls-eap, RFC4851.IETF, RFC3748.IETF, RFC4764.IETF,
RFC4186.IETF, RFC4187.IETF}
MaxLen=256
ServerCertificateNameComparison
public uint16 ServerCertificateNameComparison
- General Information:
The comparison algorithm that shall be used
by the server to validate the subject name field of the certificate presented
by the AAA server against the value of the ServerCertificateName
property.
Product Specific Usage:
This field is mandatory if
ServerCertificateName is
defined.
Qualifiers:
-------------
ValueMap={1, 2, 3,
..}
Values={Other, FullName, DomainSuffix, DMTF
Reserved}
ModelCorrespondence={CIM_IEEE8021xSettings.ServerCertificateName}
ServerCertificateName
public string ServerCertificateName
- General Information:
The name that shall be compared against the
subject name field in the certificate provided by the AAA server. Shall
contain either the fully qualified domain name of the AAA server, in which
case ServerCertificateNameComparison shall contain "FullName", or the domain
suffix of the AAA server, in which case ServerCertificateNameComparison shall
contain "DomainSuffix".
Product Specific Usage:
This field is
optional. If not defined, the name is not checked. The authenticity of the
certificate is always
verified.
Qualifiers:
-------------
ModelCorrespondence={CIM_IEEE8021xSettings.ServerCertificateNameComparison}
MaxLen=256
RoamingIdentity
public string RoamingIdentity
- General Information:
A string presented to the authentication
server in 802.1x protocol exchange. The AAA server determines the format of
this string. Formats supported by AAA servers include:
<domain>\<username>,
<username>@<domain>.
Product Specific Usage:
This
string, if defined, is sent in response to 802.1x "request identity" as clear
text. If empty, the username is
sent.
Qualifiers:
-------------
MaxLen=256
AuthenticationProtocol
public uint16 AuthenticationProtocol
- General Information:
AuthenticationProtocol shall indicate the
desired EAP (Extensible Authentication Protocol) type.
* EAP-TLS (0): shall
indicate that the desired EAP type is the Transport Layer Security EAP type
specified in RFC 2716. If AuthenticationProtocol contains 0, Username should
not be null, ServerCertificateName and ServerCertificateNameComparison may be
null or not null, and RoamingIdentity, Password, Domain,
ProtectedAccessCredential, PACPassword, and PSK should be null.
*
EAP-TTLS/MSCHAPv2 (1): shall indicate that the desired EAP type is the
Tunneled TLS Authentication Protocol EAP type specified in
draft-ietf-pppext-eap-ttls, with Microsoft PPP CHAP Extensions, Version 2
(MSCHAPv2) as the inner authentication method. If AuthenticationProtocol
contains 1, Username and Password should not be null, RoamingIdentity,
ServerCertificateName, ServerCertificateNameComparison, and Domain may be null
or not null, and ProtectedAccessCredential, PACPassword, and PSK should be
null.
* PEAPv0/EAP-MSCHAPv2 (2): shall indicate that the desired EAP type
is the Protected Extensible Authentication Protocol (PEAP) Version 0 EAP type
specified in draft-kamath-pppext-peapv0, with Microsoft PPP CHAP Extensions,
Version 2 (MSCHAPv2) as the inner authentication method. If
AuthenticationProtocol contains2, Username and Password should not be null,
RoamingIdentity, ServerCertificateName, ServerCertificateNameComparison, and
Domain may be null or not null, and ProtectedAccessCredential, PACPassword,
and PSK should be null.
* PEAPv1/EAP-GTC (3): shall indicate that the
desired EAP type is the Protected Extensible Authentication Protocol (PEAP)
Version 1 EAP type specified in draft-josefsson-pppext-eap-tls-eap, with
Generic Token Card (GTC) as the inner authentication method. If
AuthenticationProtocol contains 3, Username and Password should not be null,
RoamingIdentity, ServerCertificateName, ServerCertificateNameComparison, and
Domain may be null or not null, and ProtectedAccessCredential, PACPassword,
and PSK should be null.
* EAP-FAST/MSCHAPv2 (4): shall indicate that the
desired EAP type is the Flexible Authentication Extensible Authentication
Protocol EAP type specified in IETF RFC 4851, with Microsoft PPP CHAP
Extensions, Version 2 (MSCHAPv2) as the inner authentication method. If
AuthenticationProtocol contains 4, Username and Password should not be null,
RoamingIdentity, ServerCertificateName, ServerCertificateNameComparison,
Domain, ProtectedAccessCredential, and PACPassword may be null or not null,
and PSK should be null.
* EAP-FAST/GTC (5): shall indicate that the desired
EAP type is the Flexible Authentication Extensible Authentication Protocol EAP
type specified in IETF RFC 4851, with Generic Token Card (GTC) as the inner
authentication method. If AuthenticationProtocol contains 5, Username and
Password should not be null, RoamingIdentity, ServerCertificateName,
ServerCertificateNameComparison, Domain, ProtectedAccessCredential, and
PACPassword may be null or not null, and PSK should be null.
* EAP-MD5 (6):
shall indicate that the desired EAP type is the EAP MD5 authentication method,
specified in RFC 3748. If AuthenticationProtocol contains 6, Username and
Password should not be null, Domain may be null or not null, and
RoamingIdentity, ServerCertificateName, ServerCertificateNameComparison,
ProtectedAccessCredential, PACPassword, and PSK should be null.
* EAP-PSK
(7): shall indicate that the desired EAP type is the EAP-PSK (Pre-Shared Key)
EAP type specified in RFC 4764. If AuthenticationProtocol contains 7, Username
and PSK should not be null, Domain and RoamingIdentity may be null or not
null, and Password, ServerCertificateName, ServerCertificateNameComparison,
ProtectedAccessCredential, and PACPassword should be null.
* EAP-SIM (8):
shall indicate that the desired EAP type is the Extensible Authentication
Protocol Method for Global System for Mobile Communications (GSM) Subscriber
Identity Modules (EAP-SIM), specified in RFC 4186. If AuthenticationProtocol
contains 8, Username and PSK should not be null, Domain and RoamingIdentity
may be null or not null, and Password, ServerCertificateName,
ServerCertificateNameComparison, ProtectedAccessCredential, and PACPassword
should be null.
* EAP-AKA (9): shall indicate that the desired EAP type is
the EAP Method for 3rd Generation Authentication and Key Agreement (EAP-AKA),
specified in RFC 4187. If AuthenticationProtocol contains 9, Username and PSK
should not be null, Domain and RoamingIdentity may be null or not null, and
Password, ServerCertificateName, ServerCertificateNameComparison,
ProtectedAccessCredential, and PACPassword should be null.
* EAP-FAST/TLS
(10): shall indicate that the desired EAP type is the Flexible Authentication
EAP type specified in IETF RFC 4851, with TLS as the inner authentication
method. If AuthenticationProtocol contains 10, Username and Password should
not be null, RoamingIdentity, ServerCertificateName,
ServerCertificateNameComparison, Domain, ProtectedAccessCredential, and
PACPassword may be null or not null, and PSK should be null.
Product
Specific Usage:
Note: Actual values of AuthenticationProtocol follow
legacy interface:
ValueMap = [0, 1, 2, 3, 4, 5, 6]
Values = [TLS,
TTLS_MSCHAPv2, PEAP_MSCHAPv2, EAP_GTC, EAPFAST_MSCHAPv2, EAPFAST_GTC,
EAPFAST_TLS]
Qualifiers:
-------------
ValueMap={0,
1, 2, 3, 4, 5, 6, 7, 8, 9, 10, ..}
Values={EAP-TLS, EAP-TTLS/MSCHAPv2,
PEAPv0/EAP-MSCHAPv2, PEAPv1/EAP-GTC, EAP-FAST/MSCHAPv2, EAP-FAST/GTC, EAP-MD5,
EAP-PSK, EAP-SIM, EAP-AKA, EAP-FAST/TLS, DMTF
Reserved}
MappingStrings={RFC4017.IETF, RFC2716.IETF,
draft-ietf-pppext-eap-ttls.IETF, draft-kamath-pppext-peapv0.IETF,
draft-josefsson-pppext-eap-tls-eap, RFC4851.IETF, RFC3748.IETF, RFC4764.IETF,
RFC4186.IETF, RFC4187.IETF}
InstanceID
public string InstanceID
- General Information:
Within the scope of the instantiating
Namespace, InstanceID opaquely and uniquely identifies an instance of this
class. To ensure uniqueness within the NameSpace, the value of InstanceID
should be constructed using the following "preferred" algorithm:
<OrgID>:<LocalID>
Where <OrgID> and <LocalID>
are separated by a colon (:), and where <OrgID> must include a
copyrighted, trademarked, or otherwise unique name that is owned by the
business entity that is creating or defining the InstanceID or that is a
registered ID assigned to the business entity by a recognized global
authority. (This requirement is similar to the <Schema Name>_<Class
Name> structure of Schema class names.) In addition, to ensure uniqueness,
<OrgID> must not contain a colon (:). When using this algorithm, the
first colon to appear in InstanceID must appear between <OrgID> and
<LocalID>.
<LocalID> is chosen by the business entity and
should not be reused to identify different underlying (real-world) elements.
If the above "preferred" algorithm is not used, the defining entity must
assure that the resulting InstanceID is not reused across any InstanceIDs
produced by this or other providers for the NameSpace of this instance.
For DMTF-defined instances, the "preferred" algorithm must be used with
the <OrgID> set to
CIM.
Qualifiers:
-------------
Key
Override=InstanceID
MaxLen=40
ElementName
public string ElementName
- General Information:
The user-friendly name for this instance of
SettingData. In addition, the user-friendly name can be used as an index
property for a search or query. (Note: The name does not have to be unique
within a
namespace.)
Qualifiers:
-------------
Required
Override=ElementName
MaxLen=40
PxeTimeout
public uint32 PxeTimeout
- General Information:
Timeout in seconds, in which the Intel(R)
AMT will hold an authenticated 802.1X session. During the defined period,
Intel(R) AMT manages the 802.1X negotiation while a PXE boot takes place.
After the timeout, control of the negotiation passes to the host.
The
maximum value is 86400 seconds (one day).
A value of 0 disables the
feature.
If this optional value is omitted, Intel(R) AMT sets a default
value of 120 seconds.
AvailableInS0
public boolean AvailableInS0
- General Information:
Indicates the activity setting of the
802.1X module in S0 state. The default value for this property is
'true'.
Product Specific Usage:
Functionality: when FALSE,
AMT is not accessible (over 802.1x enabled port) in case the host is in S0 but
fails to authenticate to the server.
When TRUE, AMT handles the
authentication in this case (but the host still can't be accessed until it
authenticates successfully).
If 802.1X is not configured, this API may
still succeed as the setting may be stored for future use.
The default
factory setting is TRUE.
Enabled
public uint32 Enabled
- General Information:
Indicates whether the 802.1x profile is
enabled.
Qualifiers:
-------------
Required
ValueMap={0..1,
2, 3, 4..5, 6, 7..}
Values={Reserved, Enabled, Disabled, Reserved1, Enabled
Without Certificates, Reserved2}
SetCertificates
public uint32 SetCertificates([IN]REF AMT_PublicKeyCertificate ServerCertificateIssuer, [IN]REF AMT_PublicKeyCertificate ClientCertificate)
- Permission Information:
Permitted realms:
ADMIN_SECURITY_ADMINISTRATION_REALM
General Information:
Set
the certificates associated with the 8021X
profile.
Qualifiers:
-------------
ValueMap={0, 1,
2..}
Values={PT_STATUS_SUCCESS, PT_STATUS_INTERNAL_ERROR,
Reserved}
Parameters:
--------------
- ServerCertificateIssuer
- General Information:
The trusted root CA that should be used
while verifying the server
certificate.
Qualifiers:
-------------
IN
- ClientCertificate
- General Information:
The client certificate that should be
used by the
profile.
Qualifiers:
-------------
IN
Put
public Put([IN]IPS_IEEE8021xSettings Instance)
- Permission Information:
Permitted realms:
ADMIN_SECURITY_ADMINISTRATION_REALM
General
Information:
Changes properties of the selected
instance
Product Specific Usage:
The following properties
must be included in any representation of IPS_IEEE8021xSettings:
InstanceID
ElementName
Get
public Get([OUT]IPS_IEEE8021xSettings Instance)
- Permission Information:
Permitted realms:
ADMIN_SECURITY_ADMINISTRATION_REALM,
ADMIN_SECURITY_GENERAL_INFO_REALM
General Information:
Gets
the representation of the instance
Pull
public Pull([IN]String EnumerationContext, [IN]String MaxElements)
- Permission Information:
All users permitted to use method, only
instances to whom the user has permissions will be returned
General
Information:
Pulls instances of this class, following an Enumerate
operation
Enumerate
public Enumerate()
- Permission Information:
All users permitted to use
method
General Information:
Enumerates the instances of this
class
Release
public Release([IN]String EnumerationContext)
- Permission Information:
All users permitted to use
method
General Information:
Releases an enumeration
context