2.2.61 FW_AUTH_SUITE_FLAGS

This enumeration describes bitmask flags that can be set on authentication proposals.

 typedef  enum _tag_FW_AUTH_SUITE_FLAGS
 {
   FW_AUTH_SUITE_FLAGS_NONE = 0x0000,
   FW_AUTH_SUITE_FLAGS_CERT_EXCLUDE_CA_NAME = 0x0001,
   FW_AUTH_SUITE_FLAGS_HEALTH_CERT = 0x0002,
   FW_AUTH_SUITE_FLAGS_PERFORM_CERT_ACCOUNT_MAPPING = 0x0004,
   FW_AUTH_SUITE_FLAGS_CERT_SIGNING_ECDSA256 = 0x0008,
   FW_AUTH_SUITE_FLAGS_CERT_SIGNING_ECDSA384 = 0x0010,
   FW_AUTH_SUITE_FLAGS_INTERMEDIATE_CA = 0x0020,
   FW_AUTH_SUITE_FLAGS_ALLOW_PROXY = 0x0040,
   FW_AUTH_SUITE_FLAGS_MAX = 0x0080,
   FW_AUTH_SUITE_FLAGS_MAX_V2_1 = 0x0020
 } FW_AUTH_SUITE_FLAGS;

FW_AUTH_SUITE_FLAGS_NONE:  This value means that none of the following flags are set. This value is defined for simplicity in writing IDL definitions and code.

FW_AUTH_SUITE_FLAGS_CERT_EXCLUDE_CA_NAME:  If this flag is set, certificate authority (CA) names are excluded. This flag MUST be set only on first authentications.

FW_AUTH_SUITE_FLAGS_HEALTH_CERT:  This flag specifies that the certificate in use is a health certificate. On second authentications, if the authentication method is using a machine certificate, this flag MUST be specified. Also on second authentications, if the authentication method is using a user certificate, this flag MUST NOT be specified.

FW_AUTH_SUITE_FLAGS_PERFORM_CERT_ACCOUNT_MAPPING:  This flag specifies that the certificate that is used maps to an account.

FW_AUTH_SUITE_FLAGS_CERT_SIGNING_ECDSA256:  This flag specifies that the default certificate signing algorithm of RSA MUST be replaced by the Elliptic Curve Digital Signature Algorithm (ECDSA) using curves with a 256-bit prime moduli.

FW_AUTH_SUITE_FLAGS_CERT_SIGNING_ECDSA384:  This flag specifies that the default certificate signing algorithm of RSA MUST be replaced by the Elliptic Curve Digital Signature Algorithm using curves with a 384-bit prime moduli.

FW_AUTH_SUITE_FLAGS_INTERMEDIATE_CA:  This flag specifies that the certificate used is not from a root certificate authority but from an intermediate authority in the chain.

FW_AUTH_SUITE_FLAGS_ALLOW_PROXY:  This flag specifies that the host machine MUST use a proxy server to communicate with the Key Distribution Center (KDC) when performing Kerberos authentication. For schema versions 0x0200, 0x0201, and 0x020A, this value is invalid and MUST NOT be used.

FW_AUTH_SUITE_FLAGS_MAX:  This value and values that exceed this value are not valid and MUST NOT be used. It is defined for simplicity in writing IDL definitions and code. This symbolic constant has a value of 0x0080.

FW_AUTH_SUITE_FLAGS_MAX_V2_1:  This value and values that exceed this value are not valid and MUST NOT be used by servers and clients with schema version 0x0201 and earlier. It is defined for simplicity in writing IDL definitions and code. This symbolic constant has a value of 0x0020.