Class AMT_8021XProfile
Used in features: Network Administration ,
Endpoint Access Control
Compatible with the following Intel AMT
Releases: 3.0, 3.2, 4.0, 5.0, 5.1, 6.0, 6.1, 6.2, 7.0, 8.0, 8.1, 9.0, 9.5,
10.0, 11.0
CIM_ManagedElement
CIM_SettingData
AMT_8021XProfile
Also see:
AMT_8021xCredentialContext
class AMT_8021XProfile
- extends CIM_SettingData
General Information:
This class represents a 802.1X profile in the
Intel(R) AMT
system.
Qualifiers:
-------------
Version=4.0.0
Supported Fields
Summary |
string
|
ElementName The
user-friendly name for this instance of SettingData . . .
|
string
|
InstanceID Within the scope of the instantiating Namespace,
InstanceID opaquely and uniquely identifies an instance of this class . .
.
|
boolean
|
Enabled Indicates
whether the 802.1x profile is enabled.
|
boolean
|
ActiveInS0 Indicates
the activity setting of the 802.1X module in H0 state . . .
|
uint16
|
AuthenticationProtocol
Identifies the authentication protocol used to authenticate the
access requestor to the AAA server.
|
string
|
RoamingIdentity
A string presented to the authentication server in 802.1x
protocol exchange . . .
|
string
|
ServerCertificateName The
name compared against the subject name field in the certificate provided
by the AAA server . . .
|
uint16
|
ServerCertificateNameComparison
Determines the comparison algorithm used between the
ServerCertificateName value and the subject name field of the certificate
presented by the AAA server.
|
string
|
Username Within the
domain specified by Domain, Identifies the user that is requesting access
to the network.
|
string
|
Password The password
associated with the user identified by Username and Domain.
|
string
|
Domain The domain within
which Username is unique.
|
uint8[256]
|
ProtectedAccessCredential
A credential used by the supplicant and AAA server to establish
a mutually authenticated encrypted tunnel for confidential user
authentication.
|
string
|
PACPassword
Optional password to extract the PAC (Protected Access
Credential)information from the PAC data.
|
REF
AMT_PublicKeyCertificate |
ClientCertificate
The client certificate that should be used by the
profile.
|
REF
AMT_PublicKeyCertificate |
ServerCertificateIssuer
The trusted root CA that should be used while verifying the
server certificate.
|
uint32
|
PxeTimeout Timeout
in seconds, in which the Intel(R) AMT will hold an authenticated 802.1X
session . . .
|
Methods Summary |
|
Put(Instance) Changes
properties of the selected instance
|
|
Get(Instance) Gets the
representation of the instance
|
|
Pull(EnumerationContext,
MaxElements) Pulls instances of this class, following an
Enumerate operation
|
|
Enumerate()
Enumerates the instances of this class
|
|
Release(EnumerationContext)
Releases an enumeration context
|
ElementName
public string ElementName
- General Information:
The user-friendly name for this instance of
SettingData. In addition, the user-friendly name can be used as an index
property for a search or query. (Note: The name does not have to be unique
within a
namespace.)
Qualifiers:
-------------
Required
Override=ElementName
MaxLen=30
InstanceID
public string InstanceID
- General Information:
Within the scope of the instantiating
Namespace, InstanceID opaquely and uniquely identifies an instance of this
class. To ensure uniqueness within the NameSpace, the value of InstanceID
should be constructed using the following "preferred" algorithm:
<OrgID>:<LocalID>
Where <OrgID> and <LocalID>
are separated by a colon (:), and where <OrgID> must include a
copyrighted, trademarked, or otherwise unique name that is owned by the
business entity that is creating or defining the InstanceID or that is a
registered ID assigned to the business entity by a recognized global
authority. (This requirement is similar to the <Schema Name>_<Class
Name> structure of Schema class names.) In addition, to ensure uniqueness,
<OrgID> must not contain a colon (:). When using this algorithm, the
first colon to appear in InstanceID must appear between <OrgID> and
<LocalID>.
<LocalID> is chosen by the business entity and
should not be reused to identify different underlying (real-world) elements.
If the above "preferred" algorithm is not used, the defining entity must
assure that the resulting InstanceID is not reused across any InstanceIDs
produced by this or other providers for the NameSpace of this instance.
For DMTF-defined instances, the "preferred" algorithm must be used with
the <OrgID> set to
CIM.
Qualifiers:
-------------
Key
Override=InstanceID
MaxLen=256
Enabled
public boolean Enabled
- General Information:
Indicates whether the 802.1x profile is
enabled.
Qualifiers:
-------------
Required
ActiveInS0
public boolean ActiveInS0
- General Information:
Indicates the activity setting of the
802.1X module in H0 state when the LAN driver is active. The default value for this property is
'true'. If the LAN driver is down, this property is not relevant.
Product Specific Usage:
Functionality: when FALSE,
AMT is not accessible (over 802.1x enabled port) in case the host is in S0 but
fails to authenticate to the server.
When TRUE, AMT handles the
authentication in this case (but the host still can't be accessed until it
authenticates successfully).
If 802.1X is not configured, this API may
still succeed as the setting may be stored for future use.
The default
factory setting is TRUE.
AuthenticationProtocol
public uint16 AuthenticationProtocol
- General Information:
Identifies the authentication protocol used
to authenticate the access requestor to the AAA
server.
Qualifiers:
-------------
ValueMap={0, 1, 2, 3, 4,
5, 6}
Values={TLS, TTLS_MSCHAPv2, PEAP_MSCHAPv2, EAP_GTC, EAPFAST_MSCHAPv2,
EAPFAST_GTC, EAPFAST_TLS}
RoamingIdentity
public string RoamingIdentity
- General Information:
A string presented to the authentication
server in 802.1x protocol exchange. The AAA server determines the format of
this string. Formats supported by AAA servers include:
username@domain.
Product Specific Usage:
This string, if
defined, is sent in response to 802.1x "request identity" as clear text. If
empty, the username is
sent.
Qualifiers:
-------------
MaxLen=80
ServerCertificateName
public string ServerCertificateName
- General Information:
The name compared against the subject name
field in the certificate provided by the AAA server. This name is either the
full name of the AAA server, in which case ServerCertificateNameComparison is
set to "FullName", or it is the domain suffix of the AAA server, in which case
ServerCertificateNameComparison is set to "DomainSuffix"
Product
Specific Usage:
This field is optional. If not defined, the name is not
checked. The authenticity of the certificate is always
verified.
Qualifiers:
-------------
MaxLen=80
ServerCertificateNameComparison
public uint16 ServerCertificateNameComparison
- General Information:
Determines the comparison algorithm used
between the ServerCertificateName value and the subject name field of the
certificate presented by the AAA server.
Product Specific
Usage:
This field is mandatory if ServerCertificateName is
defined.
Qualifiers:
-------------
ValueMap={0,
1}
Values={FullName, DomainSuffix}
Username
public string Username
- General Information:
Within the domain specified by Domain,
Identifies the user that is requesting access to the
network.
Product Specific Usage:
Note: in AMT releases prior
to 3.2, 4.2 and 5.2 the maximum length is 32
characters.
Qualifiers:
-------------
MaxLen=128
Password
public string Password
- General Information:
The password associated with the user
identified by Username and
Domain.
Qualifiers:
-------------
MaxLen=32
Domain
public string Domain
- General Information:
The domain within which Username is
unique.
Product Specific Usage:
Note: in AMT releases prior
to 3.2, 4.2 and 5.2 the maximum length is 40 characters.
The Domain
string shouldn't contain the suffix, so the user name (Domain\user) will be
correct.
If the Domain string contains a suffix (e.g. Domain = intel.com),
the user trying to authenticate will be of the form intel.com\user (instead of
intel\user) and thus authentication will fail.
Qualifiers:
-------------
MaxLen=128
ProtectedAccessCredential
public uint8[256] ProtectedAccessCredential
- General Information:
A credential used by the supplicant and AAA
server to establish a mutually authenticated encrypted tunnel for confidential
user authentication.
Product Specific Usage:
Additional
Notes:
1) This field is relevant for EAP-FAST only. It is not required if
the server is configured for "PAC provisioning".
2) 'Array Max Length'
qualifier in Intel AMT Release 3.2 and earlier releases is 'infinite'.
Qualifiers:
-------------
OctetString
MaxLen=256
PACPassword
public string PACPassword
- General Information:
Optional password to extract the PAC
(Protected Access Credential)information from the PAC
data.
Qualifiers:
-------------
MaxLen=256
ClientCertificate
public REF AMT_PublicKeyCertificate ClientCertificate
- General Information:
The client certificate that should be used
by the profile.
Product Specific Usage:
The client
certificate should be specified in the Put request while configuring the
profile. This will delete the existing instance of AMT_8021xCredentialContext
that represents the client certificate, and create a new instance if a client
certificate EPR is provided.
This property will never be returned in Get
response.
ServerCertificateIssuer
public REF AMT_PublicKeyCertificate ServerCertificateIssuer
- General Information:
The trusted root CA that should be used
while verifying the server certificate.
Product Specific
Usage:
The root certificate should be specified in the Put request
while configuring the profile. This will delete the existing instance of
AMT_8021xCredentialContext that represents the trusted root certificate, and
create a new instance if a trusted root certificate EPR is provided.
This
property will never be returned in Get response.
This field is optional.
If not defined, AMT looks for a matching root certidicate in its repository.
PxeTimeout
public uint32 PxeTimeout
- General Information:
Timeout in seconds, in which the Intel(R)
AMT will hold an authenticated 802.1X session. During the defined period,
Intel(R) AMT manages the 802.1X negotiation while a PXE boot takes place.
After the timeout, control of the negotiation passes to the host.
The
maximum value is 86400 seconds (one day).
A value of 0 disables the
feature.
If you do not set a profile, the value of PxeTimeout is 0. If you set a profile without specifying a value for PxeTimeout, the firmware sets it to 120.
Product Specific Usage:
Additional
Notes:
1) 'PxeTimeout' property is not supported in Intel AMT Release 3.0.
Put
public Put([IN]AMT_8021XProfile Instance)
- Permission Information:
Permitted realms:
ADMIN_SECURITY_ADMINISTRATION_REALM
General
Information:
Changes properties of the selected
instance
Product Specific Usage:
The following properties
must be included in any representation of AMT_8021XProfile:
ElementName
InstanceID
Enabled
Get
public Get([OUT]AMT_8021XProfile Instance)
- Permission Information:
Permitted realms:
ADMIN_SECURITY_ADMINISTRATION_REALM,
ADMIN_SECURITY_GENERAL_INFO_REALM
General Information:
Gets
the representation of the instance
Pull
public Pull([IN]String EnumerationContext, [IN]String MaxElements)
- Permission Information:
All users permitted to use method, only
instances to whom the user has permissions will be returned
General
Information:
Pulls instances of this class, following an Enumerate
operation
Enumerate
public Enumerate()
- Permission Information:
All users permitted to use
method
General Information:
Enumerates the instances of this
class
Release
public Release([IN]String EnumerationContext)
- Permission Information:
All users permitted to use
method
General Information:
Releases an enumeration
context