| SUMMARY: NESTED | FIELD | | METHOD |
| DETAIL: FIELD | METHOD |
Class AMT_8021XProfile
Used in features: Network Administration , Endpoint Access ControlCompatible with the following Intel AMT Releases: 3.0, 3.2, 4.0, 5.0, 5.1, 6.0, 6.1, 6.2, 7.0, 8.0, 8.1, 9.0, 9.5, 10.0, 11.0
CIM_ManagedElementCIM_SettingData
AMT_8021xCredentialContext
- extends CIM_SettingData
class AMT_8021XProfile
General Information:
This class represents a 802.1X profile in the
Intel(R) AMT
system.
Qualifiers:
-------------
Version=4.0.0
| Supported Fields Summary | |
|---|---|
string
|
ElementName The user-friendly name for this instance of SettingData . . . |
string
|
InstanceID Within the scope of the instantiating Namespace, InstanceID opaquely and uniquely identifies an instance of this class . . . |
boolean
|
Enabled Indicates whether the 802.1x profile is enabled. |
boolean
|
ActiveInS0 Indicates the activity setting of the 802.1X module in H0 state . . . |
uint16
|
AuthenticationProtocol
Identifies the authentication protocol used to authenticate the access requestor to the AAA server. |
string
|
RoamingIdentity
A string presented to the authentication server in 802.1x protocol exchange . . . |
string
|
ServerCertificateName The name compared against the subject name field in the certificate provided by the AAA server . . . |
uint16
|
ServerCertificateNameComparison
Determines the comparison algorithm used between the ServerCertificateName value and the subject name field of the certificate presented by the AAA server. |
string
|
Username Within the domain specified by Domain, Identifies the user that is requesting access to the network. |
string
|
Password The password associated with the user identified by Username and Domain. |
string
|
Domain The domain within which Username is unique. |
uint8[256]
|
ProtectedAccessCredential
A credential used by the supplicant and AAA server to establish a mutually authenticated encrypted tunnel for confidential user authentication. |
string
|
PACPassword
Optional password to extract the PAC (Protected Access Credential)information from the PAC data. |
REF
AMT_PublicKeyCertificate |
ClientCertificate
The client certificate that should be used by the profile. |
REF
AMT_PublicKeyCertificate |
ServerCertificateIssuer
The trusted root CA that should be used while verifying the server certificate. |
uint32
|
PxeTimeout Timeout in seconds, in which the Intel(R) AMT will hold an authenticated 802.1X session . . . |
| Methods Summary | |
|---|---|
|
Put(Instance) Changes properties of the selected instance |
|
Get(Instance) Gets the representation of the instance |
|
Pull(EnumerationContext,
MaxElements) Pulls instances of this class, following an Enumerate operation |
|
Enumerate()
Enumerates the instances of this class |
|
Release(EnumerationContext)
Releases an enumeration context |
| Field Detail |
|---|
ElementName
public string ElementName
- General Information:
The user-friendly name for this instance of SettingData. In addition, the user-friendly name can be used as an index property for a search or query. (Note: The name does not have to be unique within a namespace.)
Qualifiers:
-------------
Required
Override=ElementName
MaxLen=30
InstanceID 
public string InstanceID
- General Information:
Within the scope of the instantiating Namespace, InstanceID opaquely and uniquely identifies an instance of this class. To ensure uniqueness within the NameSpace, the value of InstanceID should be constructed using the following "preferred" algorithm:
<OrgID>:<LocalID>
Where <OrgID> and <LocalID> are separated by a colon (:), and where <OrgID> must include a copyrighted, trademarked, or otherwise unique name that is owned by the business entity that is creating or defining the InstanceID or that is a registered ID assigned to the business entity by a recognized global authority. (This requirement is similar to the <Schema Name>_<Class Name> structure of Schema class names.) In addition, to ensure uniqueness, <OrgID> must not contain a colon (:). When using this algorithm, the first colon to appear in InstanceID must appear between <OrgID> and <LocalID>.
<LocalID> is chosen by the business entity and should not be reused to identify different underlying (real-world) elements. If the above "preferred" algorithm is not used, the defining entity must assure that the resulting InstanceID is not reused across any InstanceIDs produced by this or other providers for the NameSpace of this instance.
For DMTF-defined instances, the "preferred" algorithm must be used with the <OrgID> set to CIM.
Qualifiers:
-------------
Key
Override=InstanceID
MaxLen=256
Enabled
public boolean Enabled
- General Information:
Indicates whether the 802.1x profile is enabled.
Qualifiers:
-------------
Required
ActiveInS0
public boolean ActiveInS0
- General Information:
Indicates the activity setting of the 802.1X module in H0 state when the LAN driver is active. The default value for this property is 'true'. If the LAN driver is down, this property is not relevant.
Product Specific Usage:
Functionality: when FALSE, AMT is not accessible (over 802.1x enabled port) in case the host is in S0 but fails to authenticate to the server.
When TRUE, AMT handles the authentication in this case (but the host still can't be accessed until it authenticates successfully).
If 802.1X is not configured, this API may still succeed as the setting may be stored for future use.
The default factory setting is TRUE.
AuthenticationProtocol
public uint16 AuthenticationProtocol
- General Information:
Identifies the authentication protocol used to authenticate the access requestor to the AAA server.
Qualifiers:
-------------
ValueMap={0, 1, 2, 3, 4, 5, 6}
Values={TLS, TTLS_MSCHAPv2, PEAP_MSCHAPv2, EAP_GTC, EAPFAST_MSCHAPv2, EAPFAST_GTC, EAPFAST_TLS}
RoamingIdentity
public string RoamingIdentity
- General Information:
A string presented to the authentication server in 802.1x protocol exchange. The AAA server determines the format of this string. Formats supported by AAA servers include: username@domain.
Product Specific Usage:
This string, if defined, is sent in response to 802.1x "request identity" as clear text. If empty, the username is sent.
Qualifiers:
-------------
MaxLen=80
ServerCertificateName
public string ServerCertificateName
- General Information:
The name compared against the subject name field in the certificate provided by the AAA server. This name is either the full name of the AAA server, in which case ServerCertificateNameComparison is set to "FullName", or it is the domain suffix of the AAA server, in which case ServerCertificateNameComparison is set to "DomainSuffix"
Product Specific Usage:
This field is optional. If not defined, the name is not checked. The authenticity of the certificate is always verified.
Qualifiers:
-------------
MaxLen=80
ServerCertificateNameComparison
public uint16 ServerCertificateNameComparison
- General Information:
Determines the comparison algorithm used between the ServerCertificateName value and the subject name field of the certificate presented by the AAA server.
Product Specific Usage:
This field is mandatory if ServerCertificateName is defined.
Qualifiers:
-------------
ValueMap={0, 1}
Values={FullName, DomainSuffix}
Username
public string Username
- General Information:
Within the domain specified by Domain, Identifies the user that is requesting access to the network.
Product Specific Usage:
Note: in AMT releases prior to 3.2, 4.2 and 5.2 the maximum length is 32 characters.
Qualifiers:
-------------
MaxLen=128
Password
public string Password
- General Information:
The password associated with the user identified by Username and Domain.
Qualifiers:
-------------
MaxLen=32
Domain
public string Domain
- General Information:
The domain within which Username is unique.
Product Specific Usage:
Note: in AMT releases prior to 3.2, 4.2 and 5.2 the maximum length is 40 characters.
The Domain string shouldn't contain the suffix, so the user name (Domain\user) will be correct.
If the Domain string contains a suffix (e.g. Domain = intel.com), the user trying to authenticate will be of the form intel.com\user (instead of intel\user) and thus authentication will fail.
Qualifiers:
-------------
MaxLen=128
ProtectedAccessCredential
public uint8[256] ProtectedAccessCredential
- General Information:
A credential used by the supplicant and AAA server to establish a mutually authenticated encrypted tunnel for confidential user authentication.
Product Specific Usage:
Additional Notes:
1) This field is relevant for EAP-FAST only. It is not required if the server is configured for "PAC provisioning".
2) 'Array Max Length' qualifier in Intel AMT Release 3.2 and earlier releases is 'infinite'.
Qualifiers:
-------------
OctetString
MaxLen=256
PACPassword
public string PACPassword
- General Information:
Optional password to extract the PAC (Protected Access Credential)information from the PAC data.
Qualifiers:
-------------
MaxLen=256
ClientCertificate
public REF AMT_PublicKeyCertificate ClientCertificate
- General Information:
The client certificate that should be used by the profile.
Product Specific Usage:
The client certificate should be specified in the Put request while configuring the profile. This will delete the existing instance of AMT_8021xCredentialContext that represents the client certificate, and create a new instance if a client certificate EPR is provided.
This property will never be returned in Get response.
ServerCertificateIssuer
public REF AMT_PublicKeyCertificate ServerCertificateIssuer
- General Information:
The trusted root CA that should be used while verifying the server certificate.
Product Specific Usage:
The root certificate should be specified in the Put request while configuring the profile. This will delete the existing instance of AMT_8021xCredentialContext that represents the trusted root certificate, and create a new instance if a trusted root certificate EPR is provided.
This property will never be returned in Get response.
This field is optional. If not defined, AMT looks for a matching root certidicate in its repository.
PxeTimeout
public uint32 PxeTimeout
- General Information:
Timeout in seconds, in which the Intel(R) AMT will hold an authenticated 802.1X session. During the defined period, Intel(R) AMT manages the 802.1X negotiation while a PXE boot takes place. After the timeout, control of the negotiation passes to the host.
The maximum value is 86400 seconds (one day).
A value of 0 disables the feature.
If you do not set a profile, the value of PxeTimeout is 0. If you set a profile without specifying a value for PxeTimeout, the firmware sets it to 120.
Product Specific Usage:
Additional Notes:
1) 'PxeTimeout' property is not supported in Intel AMT Release 3.0.
| Method Detail |
|---|
Put
public Put([IN]AMT_8021XProfile Instance)
- Permission Information:
Permitted realms: ADMIN_SECURITY_ADMINISTRATION_REALM
General Information:
Changes properties of the selected instance
Product Specific Usage:
The following properties must be included in any representation of AMT_8021XProfile:
ElementName
InstanceID
Enabled
Get
public Get([OUT]AMT_8021XProfile Instance)
- Permission Information:
Permitted realms: ADMIN_SECURITY_ADMINISTRATION_REALM, ADMIN_SECURITY_GENERAL_INFO_REALM
General Information:
Gets the representation of the instance
Pull
public Pull([IN]String EnumerationContext, [IN]String MaxElements)
- Permission Information:
All users permitted to use method, only instances to whom the user has permissions will be returned
General Information:
Pulls instances of this class, following an Enumerate operation
Enumerate
public Enumerate()
- Permission Information:
All users permitted to use method
General Information:
Enumerates the instances of this class
Release
public Release([IN]String EnumerationContext)
- Permission Information:
All users permitted to use method
General Information:
Releases an enumeration context
| SUMMARY: NESTED | FIELD | METHOD |
| DETAIL: FIELD | METHOD |
|
Copyright © 2006-2022, Intel Corporation. All rights reserved. |