ictxDelegateAuthContext()--Delegate Authentication Context

Syntax

 #include <ictx.h>;

 int ictxDelegateAuthContext
 (
  ictxIdContext_t       *  inAuthContext,
  ictxAuthContextInfo_t *  delegateInfo,
  ictxOptions_t         *  options,
  ictxIdContext_t      **  authContext,
  ictxError_t           *  errorInfo
 )

Threadsafe: Yes

See eServer Implementation Notes for details on platform-specific details for this API.

The ictxDelegateAuthContext() function validates the authentication context represented by the input authentication context, and adds another context manifest to the authentication context. The new context manifest will contain the information specified in the contextInfo parameter and is dependent on the Authentication Context Type (OID). The new authentication context is returned to the caller.

Parameters

inAuthContext (Input): The authentication context to delegate. The identity context OID indicates the type of authentication context that is being delegated and returned. This OID should match the OID in the identity context. For the format of the structure, see the ictxIdContext structure in the ictxIdContext--Identity Context Parameter.
delegateInfo (Input): The information to be added to the authentication context. This information is dependent on the type of authentication context that is to be built. For the format of the structure, see the ictxAuthContextInfo structure in the ictxAuthContextInfo--Authentication Context Information Parameter.
options (Input): The options that can be specified for the identity context reference. This parameter may be NULL. If this parameter is NULL, the default values will be used for the options. For the format of the structure, see ictxOptions--Identity Context Options Parameter.
authContext (Output): Return pointer to an authentication context object. When this context is no longer needed, it must be freed using the Free Identity Context (ictxFreeIdContext) API. For the format of the structure, see the ictxIdContext structure in the ictxIdContext--Identity Context Parameter.
errorInfo (Output): The structure in which to return error code information. If the return value is not 0, errorInfo is set with additional information. This parameter may be NULL. For the format of the structure, see ictxError--Identity Context Return Code Parameter.

Return Value

The return value from the API.

0: Request was successful.
ICTXERR_PARM_REQ (1): Missing required parameter. Please check API documentation.
ICTXERR_NOMEM (2): No memory available. Unable to allocate required space.
ICTXERR_IDCONTEXT_INVALID (4): Identity context parameter is not valid. The OID and identity context are required. The identity context length must be greater than 0.
ICTXERR_OPTIONS_NOT_SUPPORTED (6): Options are not supported.
ICTXERR_TIMEOUT_INVALID (7): Timeout value in options is not valid.
ICTXERR_AUTH_CTX_TYPE_NOT_SUPPORTED (10): Authentication Context Type is not supported.
ICTXERR_CTXINFO_FORMAT_NOT_SUPPORTED (11): Format for ictxAuthContextInfo is not supported for this authentication context type.
ICTXERR_DATA_CONVERSION (14): Error occurred when converting data between code pages.
ICTXERR_APPINFO_FORMAT_NOT_SUPPORTED (15): Format for ictxAppInfo is not supported for this authentication context type.
ICTXERR_APPINFO_INVALID (16): Error occurred with the ictxAppInfo parameter. May be missing required field for this authentication context type.
ICTXERR_AUTH_CONTEXT_INVALID (17): Error occurred parsing the authentication context.
ICTXERR_OID_MISMATCH (18): The authentication type requested does not the authentication context type found in the context.
ICTXERR_CTX_EXPIRED (19): The authentication context has expired.
ICTXERR_CTX_LEN_MISMATCH (20): Error occurred parsing the authentication context. Input length not correct.
ICTXERR_APPINFO_VERSION_NOT_SUPPORTED (22): Error occurred with the ictxAppInfo parameter. The requested version is not supported.
ICTXERR_PREMAPPEDINFO_VERSION_NOT_SUPPORTED (23): Error occurred with the ictxPremappedInfo parameter. The requested version is not supported.
ICTXERR_PREMAPPEDINFO_FORMAT_NOT_SUPPORTED (24): Format for ictxPremappedInfo is not supported for this authentication context type.
ICTXERR_PREMAPPEDINFO_INVALID (25): Error occurred with the ictxPremappedInfo parameter. May be missing required field for this authentication context type.
ICTXERR_CTX_NOT_YET_VALID (26): The authentication context is not yet valid.
ICTXERR_CTXINFO_INVALID (27): Error occurred with the ictxAuthContextInfo parameter. May be missing required field for this authentication context type.

eServer Implementation Notes

AIX implementation details:
- Authority: None
Linux implementation details:
- Authority: None
i5/OS implementation details:
- Service Program Name: QSYS/QSYICTX
- Authority: Default public authority *USE
Windows implementation details:
- Authority: Users must have administrative privilege to install and work with the APIs.
z/OS implementation details:
- Authority: The caller of the API must be APF-authorized.

Related Information

ictxBuildAuthContext() --Build Authentication Context
ictxParseAuthContext() --Parse Authentication Context
ictxFreeIdContext() --Free Identity Context Storage
ictxFreeParseInfo() --Free Authentication Context Parse Info Storage

Example

The following example delegates an authentication context. Note: Read the Code example disclaimer for important legal information.

#include <ictx.h>
#include <string.h>
	

int delegateAuthContext(ictxIdContext_t   * contextToDelegate,
                        ictxIdContext_t  ** authContext)
{
    int rc;

    ictxAppInfo_t sendBlock;
    ictxApplicationInfo_t sender;
    
    ictxAppInfo_t recvBlock;
    ictxApplicationInfo_t receiver;

    ictxAuthContextInfo_t ctxInfo;

    ictxOptions_t options;


    ictxError_t errorInfo;

    /*----------------------------------------------------------------*/
    /*  Set up sender application information                         */
    /*----------------------------------------------------------------*/
    sender.appid = "Back end App";
    sender.instance = "hostess with the mostest";
    sender.implemSpecific = NULL;
    
    sendBlock.format = ICTX_APP_INFO_FORMAT_0;
    sendBlock.appInfo.format0.version = 0;
    sendBlock.appInfo.format0.appInfo = &sender;

    /*----------------------------------------------------------------*/
    /*  Set up receiver application information                       */
    /*----------------------------------------------------------------*/
    receiver.appid = "On the road again";
    receiver.instance = "Nelson";
    receiver.implemSpecific = NULL;
    
    recvBlock.format = ICTX_APP_INFO_FORMAT_0;
    recvBlock.appInfo.format0.version = 0;
    recvBlock.appInfo.format0.appInfo = &receiver;
    
    /*----------------------------------------------------------------*/
    /*  Now combine all for the context information                   */
    /*----------------------------------------------------------------*/
    ctxInfo.format = ICTX_AUTHCTX_INFO_FORMAT_1;
    ctxInfo.contextInfo.format1.sender = &sendBlock;
    ctxInfo.contextInfo.format1.receiver = &recvBlock;
    ctxInfo.contextInfo.format1.premappedUser = NULL;

    /*----------------------------------------------------------------*/
    /*  Set up options                                                */
    /*----------------------------------------------------------------*/
    options.format = ICTX_OPTIONS_FORMAT_0;
    options.options.format0.timeout = 600;

    /*----------------------------------------------------------------*/
    /*  Delegate authentication context                               */
    /*----------------------------------------------------------------*/
    if (0 != (rc = ictxDelegateAuthContext(contextToDelegate,
                                        &ctxInfo,
                                        &options,
                                        authContext,
                                        &errorInfo)))
    {
	.
	.
	.
        return -1;
    }
    
    return 0;
}

Top | Security APIs | APIs by category