Class IPS_IEEE8021xSettings

CIM_ManagedElement
   extended by CIM_SettingData
      extended by CIM_IEEE8021xSettings
         extended by IPS_IEEE8021xSettings


class IPS_IEEE8021xSettings
extends CIM_IEEE8021xSettings

General Information:


Qualifiers:
-------------
Version=8.0.0


Supported Fields Summary
 uint8[32] PSK
A pre-shared key used for pre-shared key EAP types such as EAP-PSK, EAP-SIM, and EAP-AKA.
 string PACPassword
Optional password to extract the PAC (Protected Access Credential) information from the PAC data.
 uint8[32] ProtectedAccessCredential
A credential used by the supplicant and AAA server to establish a mutually authenticated encrypted tunnel for confidential user authentication.
 string Domain
The domain (also known as realm) within which Username is unique.
 string Password
A password associated with the user identified by Username within Domain.
 string Username
Identifies the user requesting access to the network.
 uint16 ServerCertificateNameComparison
The comparison algorithm that shall be used by the server to validate the subject name field of the certificate presented by the AAA server against the value of the ServerCertificateName property.
 string ServerCertificateName
The name that shall be compared against the subject name field in the certificate provided by the AAA server . . .
 string RoamingIdentity
A string presented to the authentication server in 802.1x protocol exchange . . .
 uint16 AuthenticationProtocol
AuthenticationProtocol shall indicate the desired EAP (Extensible Authentication Protocol) type. * EAP-TLS (0): shall indicate that the desired EAP type is the Transport Layer Security EAP type specified in RFC 2716 . . .
 string InstanceID Key
Within the scope of the instantiating Namespace, InstanceID opaquely and uniquely identifies an instance of this class . . .
 string ElementName
The user-friendly name for this instance of SettingData . . .
 uint32 PxeTimeout
Timeout in seconds, in which the Intel(R) AMT will hold an authenticated 802.1X session . . .
 boolean AvailableInS0
Indicates the activity setting of the 802.1X module in S0 state . . .
 uint32 Enabled
Indicates whether the 802.1x profile is enabled.

Methods Summary
 uint32 SetCertificates(REF ServerCertificateIssuer, REF ClientCertificate)
Set the certificates associated with the 8021X profile.
  Put(Instance)
Changes properties of the selected instance
  Get(Instance)
Gets the representation of the instance
  Pull(EnumerationContext, MaxElements)
Pulls instances of this class, following an Enumerate operation
  Enumerate()
Enumerates the instances of this class
  Release(EnumerationContext)
Releases an enumeration context

Field Detail

PSK

public uint8[32] PSK
General Information:
A pre-shared key used for pre-shared key EAP types such as EAP-PSK, EAP-SIM, and EAP-AKA.

Qualifiers:
-------------
OctetString
MappingStrings={RFC4764.IETF, RFC4186.IETF, RFC4187.IETF}


PACPassword

public string PACPassword
General Information:
Optional password to extract the PAC (Protected Access Credential) information from the PAC data.

Qualifiers:
-------------
MappingStrings={RFC4851.IETF}
MaxLen=256


ProtectedAccessCredential

public uint8[32] ProtectedAccessCredential
General Information:
A credential used by the supplicant and AAA server to establish a mutually authenticated encrypted tunnel for confidential user authentication.

Product Specific Usage:
Additional Notes:
1) This field is relevant for EAP-FAST only. It is not required if the server is configured for "PAC provisioning".


Qualifiers:
-------------
OctetString
MappingStrings={RFC4851.IETF}


Domain

public string Domain
General Information:
The domain (also known as realm) within which Username is unique.

Product Specific Usage:
The Domain string shouldn't contain the suffix, so the user name (Domain\user) will be correct.
If the Domain string contains a suffix (e.g. Domain = intel.com), the user trying to authenticate will be of the form intel.com\user (instead of intel\user) and thus authentication will fail.

Qualifiers:
-------------
MappingStrings={draft-ietf-pppext-eap-ttls.IETF, draft-kamath-pppext-peapv0.IETF, draft-josefsson-pppext-eap-tls-eap, RFC4851.IETF, RFC3748.IETF, RFC4764.IETF, RFC4186.IETF, RFC4187.IETF}
MaxLen=256


Password

public string Password
General Information:
A password associated with the user identified by Username within Domain.

Qualifiers:
-------------
MappingStrings={draft-ietf-pppext-eap-ttls.IETF, draft-kamath-pppext-peapv0.IETF, draft-josefsson-pppext-eap-tls-eap, RFC4851.IETF, RFC3748.IETF}
MaxLen=256


Username

public string Username
General Information:
Identifies the user requesting access to the network.

Qualifiers:
-------------
MappingStrings={RFC2716.IETF, draft-ietf-pppext-eap-ttls.IETF, draft-kamath-pppext-peapv0.IETF, draft-josefsson-pppext-eap-tls-eap, RFC4851.IETF, RFC3748.IETF, RFC4764.IETF, RFC4186.IETF, RFC4187.IETF}
MaxLen=256


ServerCertificateNameComparison

public uint16 ServerCertificateNameComparison
General Information:
The comparison algorithm that shall be used by the server to validate the subject name field of the certificate presented by the AAA server against the value of the ServerCertificateName property.

Product Specific Usage:
This field is mandatory if ServerCertificateName is defined.

Qualifiers:
-------------
ValueMap={1, 2, 3, ..}
Values={Other, FullName, DomainSuffix, DMTF Reserved}
ModelCorrespondence={CIM_IEEE8021xSettings.ServerCertificateName}


ServerCertificateName

public string ServerCertificateName
General Information:
The name that shall be compared against the subject name field in the certificate provided by the AAA server. Shall contain either the fully qualified domain name of the AAA server, in which case ServerCertificateNameComparison shall contain "FullName", or the domain suffix of the AAA server, in which case ServerCertificateNameComparison shall contain "DomainSuffix".

Product Specific Usage:
This field is optional. If not defined, the name is not checked. The authenticity of the certificate is always verified.

Qualifiers:
-------------
ModelCorrespondence={CIM_IEEE8021xSettings.ServerCertificateNameComparison}
MaxLen=256


RoamingIdentity

public string RoamingIdentity
General Information:
A string presented to the authentication server in 802.1x protocol exchange. The AAA server determines the format of this string. Formats supported by AAA servers include: <domain>\<username>, <username>@<domain>.

Product Specific Usage:
This string, if defined, is sent in response to 802.1x "request identity" as clear text. If empty, the username is sent.

Qualifiers:
-------------
MaxLen=256


AuthenticationProtocol

public uint16 AuthenticationProtocol
General Information:
AuthenticationProtocol shall indicate the desired EAP (Extensible Authentication Protocol) type.
* EAP-TLS (0): shall indicate that the desired EAP type is the Transport Layer Security EAP type specified in RFC 2716. If AuthenticationProtocol contains 0, Username should not be null, ServerCertificateName and ServerCertificateNameComparison may be null or not null, and RoamingIdentity, Password, Domain, ProtectedAccessCredential, PACPassword, and PSK should be null.
* EAP-TTLS/MSCHAPv2 (1): shall indicate that the desired EAP type is the Tunneled TLS Authentication Protocol EAP type specified in draft-ietf-pppext-eap-ttls, with Microsoft PPP CHAP Extensions, Version 2 (MSCHAPv2) as the inner authentication method. If AuthenticationProtocol contains 1, Username and Password should not be null, RoamingIdentity, ServerCertificateName, ServerCertificateNameComparison, and Domain may be null or not null, and ProtectedAccessCredential, PACPassword, and PSK should be null.
* PEAPv0/EAP-MSCHAPv2 (2): shall indicate that the desired EAP type is the Protected Extensible Authentication Protocol (PEAP) Version 0 EAP type specified in draft-kamath-pppext-peapv0, with Microsoft PPP CHAP Extensions, Version 2 (MSCHAPv2) as the inner authentication method. If AuthenticationProtocol contains2, Username and Password should not be null, RoamingIdentity, ServerCertificateName, ServerCertificateNameComparison, and Domain may be null or not null, and ProtectedAccessCredential, PACPassword, and PSK should be null.
* PEAPv1/EAP-GTC (3): shall indicate that the desired EAP type is the Protected Extensible Authentication Protocol (PEAP) Version 1 EAP type specified in draft-josefsson-pppext-eap-tls-eap, with Generic Token Card (GTC) as the inner authentication method. If AuthenticationProtocol contains 3, Username and Password should not be null, RoamingIdentity, ServerCertificateName, ServerCertificateNameComparison, and Domain may be null or not null, and ProtectedAccessCredential, PACPassword, and PSK should be null.
* EAP-FAST/MSCHAPv2 (4): shall indicate that the desired EAP type is the Flexible Authentication Extensible Authentication Protocol EAP type specified in IETF RFC 4851, with Microsoft PPP CHAP Extensions, Version 2 (MSCHAPv2) as the inner authentication method. If AuthenticationProtocol contains 4, Username and Password should not be null, RoamingIdentity, ServerCertificateName, ServerCertificateNameComparison, Domain, ProtectedAccessCredential, and PACPassword may be null or not null, and PSK should be null.
* EAP-FAST/GTC (5): shall indicate that the desired EAP type is the Flexible Authentication Extensible Authentication Protocol EAP type specified in IETF RFC 4851, with Generic Token Card (GTC) as the inner authentication method. If AuthenticationProtocol contains 5, Username and Password should not be null, RoamingIdentity, ServerCertificateName, ServerCertificateNameComparison, Domain, ProtectedAccessCredential, and PACPassword may be null or not null, and PSK should be null.
* EAP-MD5 (6): shall indicate that the desired EAP type is the EAP MD5 authentication method, specified in RFC 3748. If AuthenticationProtocol contains 6, Username and Password should not be null, Domain may be null or not null, and RoamingIdentity, ServerCertificateName, ServerCertificateNameComparison, ProtectedAccessCredential, PACPassword, and PSK should be null.
* EAP-PSK (7): shall indicate that the desired EAP type is the EAP-PSK (Pre-Shared Key) EAP type specified in RFC 4764. If AuthenticationProtocol contains 7, Username and PSK should not be null, Domain and RoamingIdentity may be null or not null, and Password, ServerCertificateName, ServerCertificateNameComparison, ProtectedAccessCredential, and PACPassword should be null.
* EAP-SIM (8): shall indicate that the desired EAP type is the Extensible Authentication Protocol Method for Global System for Mobile Communications (GSM) Subscriber Identity Modules (EAP-SIM), specified in RFC 4186. If AuthenticationProtocol contains 8, Username and PSK should not be null, Domain and RoamingIdentity may be null or not null, and Password, ServerCertificateName, ServerCertificateNameComparison, ProtectedAccessCredential, and PACPassword should be null.
* EAP-AKA (9): shall indicate that the desired EAP type is the EAP Method for 3rd Generation Authentication and Key Agreement (EAP-AKA), specified in RFC 4187. If AuthenticationProtocol contains 9, Username and PSK should not be null, Domain and RoamingIdentity may be null or not null, and Password, ServerCertificateName, ServerCertificateNameComparison, ProtectedAccessCredential, and PACPassword should be null.
* EAP-FAST/TLS (10): shall indicate that the desired EAP type is the Flexible Authentication EAP type specified in IETF RFC 4851, with TLS as the inner authentication method. If AuthenticationProtocol contains 10, Username and Password should not be null, RoamingIdentity, ServerCertificateName, ServerCertificateNameComparison, Domain, ProtectedAccessCredential, and PACPassword may be null or not null, and PSK should be null.

Product Specific Usage:
Note: Actual values of AuthenticationProtocol follow legacy interface:
ValueMap = [0, 1, 2, 3, 4, 5, 6]
Values = [TLS, TTLS_MSCHAPv2, PEAP_MSCHAPv2, EAP_GTC, EAPFAST_MSCHAPv2, EAPFAST_GTC, EAPFAST_TLS]


Qualifiers:
-------------
ValueMap={0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, ..}
Values={EAP-TLS, EAP-TTLS/MSCHAPv2, PEAPv0/EAP-MSCHAPv2, PEAPv1/EAP-GTC, EAP-FAST/MSCHAPv2, EAP-FAST/GTC, EAP-MD5, EAP-PSK, EAP-SIM, EAP-AKA, EAP-FAST/TLS, DMTF Reserved}
MappingStrings={RFC4017.IETF, RFC2716.IETF, draft-ietf-pppext-eap-ttls.IETF, draft-kamath-pppext-peapv0.IETF, draft-josefsson-pppext-eap-tls-eap, RFC4851.IETF, RFC3748.IETF, RFC4764.IETF, RFC4186.IETF, RFC4187.IETF}


InstanceID Key

public string InstanceID
General Information:
Within the scope of the instantiating Namespace, InstanceID opaquely and uniquely identifies an instance of this class. To ensure uniqueness within the NameSpace, the value of InstanceID should be constructed using the following "preferred" algorithm:
<OrgID>:<LocalID>
Where <OrgID> and <LocalID> are separated by a colon (:), and where <OrgID> must include a copyrighted, trademarked, or otherwise unique name that is owned by the business entity that is creating or defining the InstanceID or that is a registered ID assigned to the business entity by a recognized global authority. (This requirement is similar to the <Schema Name>_<Class Name> structure of Schema class names.) In addition, to ensure uniqueness, <OrgID> must not contain a colon (:). When using this algorithm, the first colon to appear in InstanceID must appear between <OrgID> and <LocalID>.
<LocalID> is chosen by the business entity and should not be reused to identify different underlying (real-world) elements. If the above "preferred" algorithm is not used, the defining entity must assure that the resulting InstanceID is not reused across any InstanceIDs produced by this or other providers for the NameSpace of this instance.
For DMTF-defined instances, the "preferred" algorithm must be used with the <OrgID> set to CIM.

Qualifiers:
-------------
Key
Override=InstanceID
MaxLen=40


ElementName

public string ElementName
General Information:
The user-friendly name for this instance of SettingData. In addition, the user-friendly name can be used as an index property for a search or query. (Note: The name does not have to be unique within a namespace.)

Qualifiers:
-------------
Required
Override=ElementName
MaxLen=40


PxeTimeout

public uint32 PxeTimeout
General Information:
Timeout in seconds, in which the Intel(R) AMT will hold an authenticated 802.1X session. During the defined period, Intel(R) AMT manages the 802.1X negotiation while a PXE boot takes place. After the timeout, control of the negotiation passes to the host.
The maximum value is 86400 seconds (one day).
A value of 0 disables the feature.
If this optional value is omitted, Intel(R) AMT sets a default value of 120 seconds.


AvailableInS0

public boolean AvailableInS0
General Information:
Indicates the activity setting of the 802.1X module in S0 state. The default value for this property is 'true'.

Product Specific Usage:
Functionality: when FALSE, AMT is not accessible (over 802.1x enabled port) in case the host is in S0 but fails to authenticate to the server.
When TRUE, AMT handles the authentication in this case (but the host still can't be accessed until it authenticates successfully).
If 802.1X is not configured, this API may still succeed as the setting may be stored for future use.
The default factory setting is TRUE.


Enabled

public uint32 Enabled
General Information:
Indicates whether the 802.1x profile is enabled.

Qualifiers:
-------------
Required
ValueMap={0..1, 2, 3, 4..5, 6, 7..}
Values={Reserved, Enabled, Disabled, Reserved1, Enabled Without Certificates, Reserved2}


Method Detail

SetCertificates

public uint32 SetCertificates([IN]REF AMT_PublicKeyCertificate ServerCertificateIssuer, [IN]REF AMT_PublicKeyCertificate ClientCertificate)
Permission Information:
Permitted realms: ADMIN_SECURITY_ADMINISTRATION_REALM

General Information:
Set the certificates associated with the 8021X profile.

Qualifiers:
-------------
ValueMap={0, 1, 2..}
Values={PT_STATUS_SUCCESS, PT_STATUS_INTERNAL_ERROR, Reserved}


Parameters:
--------------
ServerCertificateIssuer
General Information:
The trusted root CA that should be used while verifying the server certificate.

Qualifiers:
-------------
IN

ClientCertificate
General Information:
The client certificate that should be used by the profile.

Qualifiers:
-------------
IN



Put

public  Put([IN]IPS_IEEE8021xSettings Instance)
Permission Information:
Permitted realms: ADMIN_SECURITY_ADMINISTRATION_REALM

General Information:
Changes properties of the selected instance

Product Specific Usage:
The following properties must be included in any representation of IPS_IEEE8021xSettings:

InstanceID
ElementName


Get

public  Get([OUT]IPS_IEEE8021xSettings Instance)
Permission Information:
Permitted realms: ADMIN_SECURITY_ADMINISTRATION_REALM, ADMIN_SECURITY_GENERAL_INFO_REALM

General Information:
Gets the representation of the instance

Pull

public  Pull([IN]String EnumerationContext, [IN]String MaxElements)
Permission Information:
All users permitted to use method, only instances to whom the user has permissions will be returned

General Information:
Pulls instances of this class, following an Enumerate operation

Enumerate

public  Enumerate()
Permission Information:
All users permitted to use method

General Information:
Enumerates the instances of this class

Release

public  Release([IN]String EnumerationContext)
Permission Information:
All users permitted to use method

General Information:
Releases an enumeration context

Copyright © 2006-2013, Intel Corporation. All rights reserved.