NTLM Class
Properties Methods Events Config Settings Errors
The NTLM class provides a simple API to create the required tokens for NTLM authentication.
Class Name
IPWorksAuth_NTLM
Procedural Interface
ipworksauth_ntlm_open(); ipworksauth_ntlm_close($res); ipworksauth_ntlm_register_callback($res, $id, $function); ipworksauth_ntlm_get_last_error($res); ipworksauth_ntlm_get_last_error_code($res); ipworksauth_ntlm_set($res, $id, $index, $value); ipworksauth_ntlm_get($res, $id, $index); ipworksauth_ntlm_do_config($res, $configurationstring); ipworksauth_ntlm_do_createauthtoken($res); ipworksauth_ntlm_do_createnegotiatetoken($res); ipworksauth_ntlm_do_reset($res);
Remarks
This class provides a simple API to create the required tokens for NTLM authentication.
The NTLM authentication process is a challenge-response scheme which consists of three messages. These three messages are the negotiation, challenge, and authentication. This class implements only the client side of NTLM and will create the negotiation and authentication tokens. The class does not transmit any data, it simply prepares the tokens for use in other transport protocols such as HTTP. The following steps describe how the component is used.
Create the Negotiate Token
To begin first set User and Password. The user value may contain domain information in the format "DOMAIN\User" or "user@domain".
Next call CreateNegotiateToken to populate NegotiateToken. This token may then be transmitted separately. For instance in HTTP
this would be sent in a request within the Authorization header:
HTTPHeader = "Authorization: NTLM " + NegotiateToken
Create the Auth Token
After sending the negotiate token over the chosen transport protocol, the server will respond with a challenge token. Set ChallengeToken to the token received from the server. For instance, in HTTP the server will respond with the challenge token in the WWW-Authenticate header:
WWW-Authenticate: NTLM <ChallengeToken>After setting User, Password, and ChallengeToken call CreateAuthToken. This will populate AuthToken with the created token. This token may then be transmitted separately. For instance in HTTP this would be sent in the request within the Authorization header:
HTTPHeader = "Authorization: NTLM " + AuthToken
Note: If the server requires EPA (Extended Protection for Authentication), then SSLServerCert must be set to the server's public certificate before calling CreateAuthToken.
Property List
The following is the full list of the properties of the class with short descriptions. Click on the links for further details.
AuthToken | The authentication token. |
ChallengeToken | The challenge token. |
NegotiateToken | The negotiate token. |
NTLMVersion | The NTLM version. |
Password | The user's password. |
SSLServerCertEffectiveDate | The date on which this certificate becomes valid. |
SSLServerCertExpirationDate | The date on which the certificate expires. |
SSLServerCertExtendedKeyUsage | A comma-delimited list of extended key usage identifiers. |
SSLServerCertFingerprint | The hex-encoded, 16-byte MD5 fingerprint of the certificate. |
SSLServerCertFingerprintSHA1 | The hex-encoded, 20-byte SHA-1 fingerprint of the certificate. |
SSLServerCertFingerprintSHA256 | The hex-encoded, 32-byte SHA-256 fingerprint of the certificate. |
SSLServerCertIssuer | The issuer of the certificate. |
SSLServerCertPrivateKey | The private key of the certificate (if available). |
SSLServerCertPrivateKeyAvailable | Whether a PrivateKey is available for the selected certificate. |
SSLServerCertPrivateKeyContainer | The name of the PrivateKey container for the certificate (if available). |
SSLServerCertPublicKey | The public key of the certificate. |
SSLServerCertPublicKeyAlgorithm | The textual description of the certificate's public key algorithm. |
SSLServerCertPublicKeyLength | The length of the certificate's public key (in bits). |
SSLServerCertSerialNumber | The serial number of the certificate encoded as a string. |
SSLServerCertSignatureAlgorithm | The text description of the certificate's signature algorithm. |
SSLServerCertStore | The name of the certificate store for the client certificate. |
SSLServerCertStorePassword | If the type of certificate store requires a password, this property is used to specify the password needed to open the certificate store. |
SSLServerCertStoreType | The type of certificate store for this certificate. |
SSLServerCertSubjectAltNames | Comma-separated lists of alternative subject names for the certificate. |
SSLServerCertThumbprintMD5 | The MD5 hash of the certificate. |
SSLServerCertThumbprintSHA1 | The SHA-1 hash of the certificate. |
SSLServerCertThumbprintSHA256 | The SHA-256 hash of the certificate. |
SSLServerCertUsage | The text description of UsageFlags . |
SSLServerCertUsageFlags | The flags that show intended use for the certificate. |
SSLServerCertVersion | The certificate's version number. |
SSLServerCertSubject | The subject of the certificate used for client authentication. |
SSLServerCertEncoded | The certificate (PEM/Base64 encoded). |
User | The user. |
Method List
The following is the full list of the methods of the class with short descriptions. Click on the links for further details.
Config | Sets or retrieves a configuration setting. |
CreateAuthToken | Creates the authentication token. |
CreateNegotiateToken | Creates the negotiate token. |
Reset | Resets the class. |
Event List
The following is the full list of the events fired by the class with short descriptions. Click on the links for further details.
Error | Fired when information is available about errors during data delivery. |
Config Settings
The following is a list of config settings for the class with short descriptions. Click on the links for further details.
DecodeToken | Whether to Base64 encode the token. |
EncodeToken | Whether to Base64 encode the token. |
UsePlatformNTLMAPI | Whether to use the platform NTLM API. |
Workstation | The workstation name. |
BuildInfo | Information about the product's build. |
CodePage | The system code page used for Unicode to Multibyte translations. |
LicenseInfo | Information about the current license. |
MaskSensitiveData | Whether sensitive data is masked in log messages. |
ProcessIdleEvents | Whether the class uses its internal event loop to process events when the main thread is idle. |
SelectWaitMillis | The length of time in milliseconds the class will wait when DoEvents is called if there are no events to process. |
UseFIPSCompliantAPI | Tells the class whether or not to use FIPS certified APIs. |
UseInternalSecurityAPI | Whether or not to use the system security libraries or an internal implementation. |
AuthToken Property (IPWorksAuth_NTLM Class)
The authentication token.
Object Oriented Interface
public function getAuthToken();
Procedural Interface
ipworksauth_ntlm_get($res, 1 );
Default Value
''
Remarks
This property holds the created authentication token. This property is populated after calling CreateAuthToken.
Note: By default this value is Base64 encoded. Set EncodeToken to False before calling CreateAuthToken to obtain the raw value.
This property is read-only.
Data Type
Binary String
ChallengeToken Property (IPWorksAuth_NTLM Class)
The challenge token.
Object Oriented Interface
public function getChallengeToken(); public function setChallengeToken($value);
Procedural Interface
ipworksauth_ntlm_get($res, 2 ); ipworksauth_ntlm_set($res, 2, $value );
Default Value
''
Remarks
This property specifies the challenge token. This must be set to the challenge token received from the server before calling CreateAuthToken.
Note: By default the class expects the token to be Base64 encoded. To provide a raw value to this property first set DecodeToken to False.
Data Type
Binary String
NegotiateToken Property (IPWorksAuth_NTLM Class)
The negotiate token.
Object Oriented Interface
public function getNegotiateToken();
Procedural Interface
ipworksauth_ntlm_get($res, 3 );
Default Value
''
Remarks
This property is populated after calling CreateNegotiateToken. By default the value is Base64 encoded. To obtain the raw value set EncodeToken to False before calling CreateNegotiateToken.
This property is read-only.
Data Type
Binary String
NTLMVersion Property (IPWorksAuth_NTLM Class)
The NTLM version.
Object Oriented Interface
public function getNTLMVersion(); public function setNTLMVersion($value);
Procedural Interface
ipworksauth_ntlm_get($res, 4 ); ipworksauth_ntlm_set($res, 4, $value );
Default Value
1
Remarks
This property specifies the NTLM version to use. Possible values are:
- 1 (ntNTLMv1 - default)
- 2 (ntNTLMv2)
Note: If the server requires EPA (Extended Protection for Authentication) this property must be set to 2 (ntNTLMv2).
Data Type
Integer
Password Property (IPWorksAuth_NTLM Class)
The user's password.
Object Oriented Interface
public function getPassword(); public function setPassword($value);
Procedural Interface
ipworksauth_ntlm_get($res, 5 ); ipworksauth_ntlm_set($res, 5, $value );
Default Value
''
Remarks
This property specifies the user's password.
Data Type
String
SSLServerCertEffectiveDate Property (IPWorksAuth_NTLM Class)
The date on which this certificate becomes valid.
Object Oriented Interface
public function getSSLServerCertEffectiveDate();
Procedural Interface
ipworksauth_ntlm_get($res, 6 );
Default Value
''
Remarks
The date on which this certificate becomes valid. Before this date, it is not valid. The date is localized to the system's time zone. The following example illustrates the format of an encoded date:
23-Jan-2000 15:00:00.
This property is read-only.
Data Type
String
SSLServerCertExpirationDate Property (IPWorksAuth_NTLM Class)
The date on which the certificate expires.
Object Oriented Interface
public function getSSLServerCertExpirationDate();
Procedural Interface
ipworksauth_ntlm_get($res, 7 );
Default Value
''
Remarks
The date on which the certificate expires. After this date, the certificate will no longer be valid. The date is localized to the system's time zone. The following example illustrates the format of an encoded date:
23-Jan-2001 15:00:00.
This property is read-only.
Data Type
String
SSLServerCertExtendedKeyUsage Property (IPWorksAuth_NTLM Class)
A comma-delimited list of extended key usage identifiers.
Object Oriented Interface
public function getSSLServerCertExtendedKeyUsage();
Procedural Interface
ipworksauth_ntlm_get($res, 8 );
Default Value
''
Remarks
A comma-delimited list of extended key usage identifiers. These are the same as ASN.1 object identifiers (OIDs).
This property is read-only.
Data Type
String
SSLServerCertFingerprint Property (IPWorksAuth_NTLM Class)
The hex-encoded, 16-byte MD5 fingerprint of the certificate.
Object Oriented Interface
public function getSSLServerCertFingerprint();
Procedural Interface
ipworksauth_ntlm_get($res, 9 );
Default Value
''
Remarks
The hex-encoded, 16-byte MD5 fingerprint of the certificate. This property is primarily used for keys which do not have a corresponding X.509 public certificate, such as PEM keys that only contain a private key. It is commonly used for SSH keys.
The following example illustrates the format: bc:2a:72:af:fe:58:17:43:7a:5f:ba:5a:7c:90:f7:02
This property is read-only.
Data Type
String
SSLServerCertFingerprintSHA1 Property (IPWorksAuth_NTLM Class)
The hex-encoded, 20-byte SHA-1 fingerprint of the certificate.
Object Oriented Interface
public function getSSLServerCertFingerprintSHA1();
Procedural Interface
ipworksauth_ntlm_get($res, 10 );
Default Value
''
Remarks
The hex-encoded, 20-byte SHA-1 fingerprint of the certificate. This property is primarily used for keys which do not have a corresponding X.509 public certificate, such as PEM keys that only contain a private key. It is commonly used for SSH keys.
The following example illustrates the format: 30:7b:fa:38:65:83:ff:da:b4:4e:07:3f:17:b8:a4:ed:80:be:ff:84
This property is read-only.
Data Type
String
SSLServerCertFingerprintSHA256 Property (IPWorksAuth_NTLM Class)
The hex-encoded, 32-byte SHA-256 fingerprint of the certificate.
Object Oriented Interface
public function getSSLServerCertFingerprintSHA256();
Procedural Interface
ipworksauth_ntlm_get($res, 11 );
Default Value
''
Remarks
The hex-encoded, 32-byte SHA-256 fingerprint of the certificate. This property is primarily used for keys which do not have a corresponding X.509 public certificate, such as PEM keys that only contain a private key. It is commonly used for SSH keys.
The following example illustrates the format: 6a:80:5c:33:a9:43:ea:b0:96:12:8a:64:96:30:ef:4a:8a:96:86:ce:f4:c7:be:10:24:8e:2b:60:9e:f3:59:53
This property is read-only.
Data Type
String
SSLServerCertIssuer Property (IPWorksAuth_NTLM Class)
The issuer of the certificate.
Object Oriented Interface
public function getSSLServerCertIssuer();
Procedural Interface
ipworksauth_ntlm_get($res, 12 );
Default Value
''
Remarks
The issuer of the certificate. This property contains a string representation of the name of the issuing authority for the certificate.
This property is read-only.
Data Type
String
SSLServerCertPrivateKey Property (IPWorksAuth_NTLM Class)
The private key of the certificate (if available).
Object Oriented Interface
public function getSSLServerCertPrivateKey();
Procedural Interface
ipworksauth_ntlm_get($res, 13 );
Default Value
''
Remarks
The private key of the certificate (if available). The key is provided as PEM/Base64-encoded data.
Note: The SSLServerCertPrivateKey may be available but not exportable. In this case, SSLServerCertPrivateKey returns an empty string.
This property is read-only.
Data Type
String
SSLServerCertPrivateKeyAvailable Property (IPWorksAuth_NTLM Class)
Whether a PrivateKey is available for the selected certificate.
Object Oriented Interface
public function getSSLServerCertPrivateKeyAvailable();
Procedural Interface
ipworksauth_ntlm_get($res, 14 );
Default Value
false
Remarks
Whether a SSLServerCertPrivateKey is available for the selected certificate. If SSLServerCertPrivateKeyAvailable is True, the certificate may be used for authentication purposes (e.g., server authentication).
This property is read-only.
Data Type
Boolean
SSLServerCertPrivateKeyContainer Property (IPWorksAuth_NTLM Class)
The name of the PrivateKey container for the certificate (if available).
Object Oriented Interface
public function getSSLServerCertPrivateKeyContainer();
Procedural Interface
ipworksauth_ntlm_get($res, 15 );
Default Value
''
Remarks
The name of the SSLServerCertPrivateKey container for the certificate (if available). This functionality is available only on Windows platforms.
This property is read-only.
Data Type
String
SSLServerCertPublicKey Property (IPWorksAuth_NTLM Class)
The public key of the certificate.
Object Oriented Interface
public function getSSLServerCertPublicKey();
Procedural Interface
ipworksauth_ntlm_get($res, 16 );
Default Value
''
Remarks
The public key of the certificate. The key is provided as PEM/Base64-encoded data.
This property is read-only.
Data Type
String
SSLServerCertPublicKeyAlgorithm Property (IPWorksAuth_NTLM Class)
The textual description of the certificate's public key algorithm.
Object Oriented Interface
public function getSSLServerCertPublicKeyAlgorithm();
Procedural Interface
ipworksauth_ntlm_get($res, 17 );
Default Value
''
Remarks
The textual description of the certificate's public key algorithm. The property contains either the name of the algorithm (e.g., "RSA" or "RSA_DH") or an object identifier (OID) string representing the algorithm.
This property is read-only.
Data Type
String
SSLServerCertPublicKeyLength Property (IPWorksAuth_NTLM Class)
The length of the certificate's public key (in bits).
Object Oriented Interface
public function getSSLServerCertPublicKeyLength();
Procedural Interface
ipworksauth_ntlm_get($res, 18 );
Default Value
0
Remarks
The length of the certificate's public key (in bits). Common values are 512, 1024, and 2048.
This property is read-only.
Data Type
Integer
SSLServerCertSerialNumber Property (IPWorksAuth_NTLM Class)
The serial number of the certificate encoded as a string.
Object Oriented Interface
public function getSSLServerCertSerialNumber();
Procedural Interface
ipworksauth_ntlm_get($res, 19 );
Default Value
''
Remarks
The serial number of the certificate encoded as a string. The number is encoded as a series of hexadecimal digits, with each pair representing a byte of the serial number.
This property is read-only.
Data Type
String
SSLServerCertSignatureAlgorithm Property (IPWorksAuth_NTLM Class)
The text description of the certificate's signature algorithm.
Object Oriented Interface
public function getSSLServerCertSignatureAlgorithm();
Procedural Interface
ipworksauth_ntlm_get($res, 20 );
Default Value
''
Remarks
The text description of the certificate's signature algorithm. The property contains either the name of the algorithm (e.g., "RSA" or "RSA_MD5RSA") or an object identifier (OID) string representing the algorithm.
This property is read-only.
Data Type
String
SSLServerCertStore Property (IPWorksAuth_NTLM Class)
The name of the certificate store for the client certificate.
Object Oriented Interface
public function getSSLServerCertStore(); public function setSSLServerCertStore($value);
Procedural Interface
ipworksauth_ntlm_get($res, 21 ); ipworksauth_ntlm_set($res, 21, $value );
Default Value
'MY'
Remarks
The name of the certificate store for the client certificate.
The SSLServerCertStoreType property denotes the type of the certificate store specified by SSLServerCertStore. If the store is password-protected, specify the password in SSLServerCertStorePassword.
SSLServerCertStore is used in conjunction with the SSLServerCertSubject property to specify client certificates. If SSLServerCertStore has a value, and SSLServerCertSubject or SSLServerCertEncoded is set, a search for a certificate is initiated. Please see the SSLServerCertSubject property for details.
Designations of certificate stores are platform dependent.
The following designations are the most common User and Machine certificate stores in Windows:
MY | A certificate store holding personal certificates with their associated private keys. |
CA | Certifying authority certificates. |
ROOT | Root certificates. |
When the certificate store type is cstPFXFile, this property must be set to the name of the file. When the type is cstPFXBlob, the property must be set to the binary contents of a PFX file (i.e., PKCS#12 certificate store).
Data Type
Binary String
SSLServerCertStorePassword Property (IPWorksAuth_NTLM Class)
If the type of certificate store requires a password, this property is used to specify the password needed to open the certificate store.
Object Oriented Interface
public function getSSLServerCertStorePassword(); public function setSSLServerCertStorePassword($value);
Procedural Interface
ipworksauth_ntlm_get($res, 22 ); ipworksauth_ntlm_set($res, 22, $value );
Default Value
''
Remarks
If the type of certificate store requires a password, this property is used to specify the password needed to open the certificate store.
Data Type
String
SSLServerCertStoreType Property (IPWorksAuth_NTLM Class)
The type of certificate store for this certificate.
Object Oriented Interface
public function getSSLServerCertStoreType(); public function setSSLServerCertStoreType($value);
Procedural Interface
ipworksauth_ntlm_get($res, 23 ); ipworksauth_ntlm_set($res, 23, $value );
Default Value
0
Remarks
The type of certificate store for this certificate.
The class supports both public and private keys in a variety of formats. When the cstAuto value is used, the class will automatically determine the type. This property can take one of the following values:
0 (cstUser - default) | For Windows, this specifies that the certificate store is a certificate store owned by the current user.
Note: This store type is not available in Java. |
1 (cstMachine) | For Windows, this specifies that the certificate store is a machine store.
Note: This store type is not available in Java. |
2 (cstPFXFile) | The certificate store is the name of a PFX (PKCS#12) file containing certificates. |
3 (cstPFXBlob) | The certificate store is a string (binary or Base64-encoded) representing a certificate store in PFX (PKCS#12) format. |
4 (cstJKSFile) | The certificate store is the name of a Java Key Store (JKS) file containing certificates.
Note: This store type is only available in Java. |
5 (cstJKSBlob) | The certificate store is a string (binary or Base64-encoded) representing a certificate store in Java Key Store (JKS) format.
Note: This store type is only available in Java. |
6 (cstPEMKeyFile) | The certificate store is the name of a PEM-encoded file that contains a private key and an optional certificate. |
7 (cstPEMKeyBlob) | The certificate store is a string (binary or Base64-encoded) that contains a private key and an optional certificate. |
8 (cstPublicKeyFile) | The certificate store is the name of a file that contains a PEM- or DER-encoded public key certificate. |
9 (cstPublicKeyBlob) | The certificate store is a string (binary or Base64-encoded) that contains a PEM- or DER-encoded public key certificate. |
10 (cstSSHPublicKeyBlob) | The certificate store is a string (binary or Base64-encoded) that contains an SSH-style public key. |
11 (cstP7BFile) | The certificate store is the name of a PKCS#7 file containing certificates. |
12 (cstP7BBlob) | The certificate store is a string (binary) representing a certificate store in PKCS#7 format. |
13 (cstSSHPublicKeyFile) | The certificate store is the name of a file that contains an SSH-style public key. |
14 (cstPPKFile) | The certificate store is the name of a file that contains a PPK (PuTTY Private Key). |
15 (cstPPKBlob) | The certificate store is a string (binary) that contains a PPK (PuTTY Private Key). |
16 (cstXMLFile) | The certificate store is the name of a file that contains a certificate in XML format. |
17 (cstXMLBlob) | The certificate store is a string that contains a certificate in XML format. |
18 (cstJWKFile) | The certificate store is the name of a file that contains a JWK (JSON Web Key). |
19 (cstJWKBlob) | The certificate store is a string that contains a JWK (JSON Web Key). |
21 (cstBCFKSFile) | The certificate store is the name of a file that contains a BCFKS (Bouncy Castle FIPS Key Store).
Note: This store type is only available in Java and .NET. |
22 (cstBCFKSBlob) | The certificate store is a string (binary or Base64-encoded) representing a certificate store in BCFKS (Bouncy Castle FIPS Key Store) format.
Note: This store type is only available in Java and .NET. |
23 (cstPKCS11) | The certificate is present on a physical security key accessible via a PKCS#11 interface.
To use a security key, the necessary data must first be collected using the CertMgr class. The ListStoreCertificates method may be called after setting CertStoreType to cstPKCS11, CertStorePassword to the PIN, and CertStore to the full path of the PKCS#11 DLL. The certificate information returned in the CertList event's CertEncoded parameter may be saved for later use. When using a certificate, pass the previously saved security key information as the SSLServerCertStore and set SSLServerCertStorePassword to the PIN. Code Example. SSH Authentication with Security Key:
|
99 (cstAuto) | The store type is automatically detected from the input data. This setting may be used with both public and private keys and can detect any of the supported formats automatically. |
Data Type
Integer
SSLServerCertSubjectAltNames Property (IPWorksAuth_NTLM Class)
Comma-separated lists of alternative subject names for the certificate.
Object Oriented Interface
public function getSSLServerCertSubjectAltNames();
Procedural Interface
ipworksauth_ntlm_get($res, 24 );
Default Value
''
Remarks
Comma-separated lists of alternative subject names for the certificate.
This property is read-only.
Data Type
String
SSLServerCertThumbprintMD5 Property (IPWorksAuth_NTLM Class)
The MD5 hash of the certificate.
Object Oriented Interface
public function getSSLServerCertThumbprintMD5();
Procedural Interface
ipworksauth_ntlm_get($res, 25 );
Default Value
''
Remarks
The MD5 hash of the certificate. It is primarily used for X.509 certificates. If the hash does not already exist, it is automatically computed.
This property is read-only.
Data Type
String
SSLServerCertThumbprintSHA1 Property (IPWorksAuth_NTLM Class)
The SHA-1 hash of the certificate.
Object Oriented Interface
public function getSSLServerCertThumbprintSHA1();
Procedural Interface
ipworksauth_ntlm_get($res, 26 );
Default Value
''
Remarks
The SHA-1 hash of the certificate. It is primarily used for X.509 certificates. If the hash does not already exist, it is automatically computed.
This property is read-only.
Data Type
String
SSLServerCertThumbprintSHA256 Property (IPWorksAuth_NTLM Class)
The SHA-256 hash of the certificate.
Object Oriented Interface
public function getSSLServerCertThumbprintSHA256();
Procedural Interface
ipworksauth_ntlm_get($res, 27 );
Default Value
''
Remarks
The SHA-256 hash of the certificate. It is primarily used for X.509 certificates. If the hash does not already exist, it is automatically computed.
This property is read-only.
Data Type
String
SSLServerCertUsage Property (IPWorksAuth_NTLM Class)
The text description of UsageFlags .
Object Oriented Interface
public function getSSLServerCertUsage();
Procedural Interface
ipworksauth_ntlm_get($res, 28 );
Default Value
''
Remarks
The text description of SSLServerCertUsageFlags.
This value will be one or more of the following strings and will be separated by commas:
- Digital Signature
- Non-Repudiation
- Key Encipherment
- Data Encipherment
- Key Agreement
- Certificate Signing
- CRL Signing
- Encipher Only
If the provider is OpenSSL, the value is a comma-separated list of X.509 certificate extension names.
This property is read-only.
Data Type
String
SSLServerCertUsageFlags Property (IPWorksAuth_NTLM Class)
The flags that show intended use for the certificate.
Object Oriented Interface
public function getSSLServerCertUsageFlags();
Procedural Interface
ipworksauth_ntlm_get($res, 29 );
Default Value
0
Remarks
The flags that show intended use for the certificate. The value of SSLServerCertUsageFlags is a combination of the following flags:
0x80 | Digital Signature |
0x40 | Non-Repudiation |
0x20 | Key Encipherment |
0x10 | Data Encipherment |
0x08 | Key Agreement |
0x04 | Certificate Signing |
0x02 | CRL Signing |
0x01 | Encipher Only |
Please see the SSLServerCertUsage property for a text representation of SSLServerCertUsageFlags.
This functionality currently is not available when the provider is OpenSSL.
This property is read-only.
Data Type
Integer
SSLServerCertVersion Property (IPWorksAuth_NTLM Class)
The certificate's version number.
Object Oriented Interface
public function getSSLServerCertVersion();
Procedural Interface
ipworksauth_ntlm_get($res, 30 );
Default Value
''
Remarks
The certificate's version number. The possible values are the strings "V1", "V2", and "V3".
This property is read-only.
Data Type
String
SSLServerCertSubject Property (IPWorksAuth_NTLM Class)
The subject of the certificate used for client authentication.
Object Oriented Interface
public function getSSLServerCertSubject(); public function setSSLServerCertSubject($value);
Procedural Interface
ipworksauth_ntlm_get($res, 31 ); ipworksauth_ntlm_set($res, 31, $value );
Default Value
''
Remarks
The subject of the certificate used for client authentication.
This property must be set after all other certificate properties are set. When this property is set, a search is performed in the current certificate store to locate a certificate with a matching subject.
If a matching certificate is found, the property is set to the full subject of the matching certificate.
If an exact match is not found, the store is searched for subjects containing the value of the property.
If a match is still not found, the property is set to an empty string, and no certificate is selected.
The special value "*" picks a random certificate in the certificate store.
The certificate subject is a comma-separated list of distinguished name fields and values. For instance, "CN=www.server.com, OU=test, C=US, E=support@nsoftware.com". Common fields and their meanings are as follows:
Field | Meaning |
CN | Common Name. This is commonly a hostname like www.server.com. |
O | Organization |
OU | Organizational Unit |
L | Locality |
S | State |
C | Country |
E | Email Address |
If a field value contains a comma, it must be quoted.
Data Type
String
SSLServerCertEncoded Property (IPWorksAuth_NTLM Class)
The certificate (PEM/Base64 encoded).
Object Oriented Interface
public function getSSLServerCertEncoded(); public function setSSLServerCertEncoded($value);
Procedural Interface
ipworksauth_ntlm_get($res, 32 ); ipworksauth_ntlm_set($res, 32, $value );
Default Value
''
Remarks
The certificate (PEM/Base64 encoded). This property is used to assign a specific certificate. The SSLServerCertStore and SSLServerCertSubject properties also may be used to specify a certificate.
When SSLServerCertEncoded is set, a search is initiated in the current SSLServerCertStore for the private key of the certificate. If the key is found, SSLServerCertSubject is updated to reflect the full subject of the selected certificate; otherwise, SSLServerCertSubject is set to an empty string.
This property is not available at design time.
Data Type
Binary String
User Property (IPWorksAuth_NTLM Class)
The user.
Object Oriented Interface
public function getUser(); public function setUser($value);
Procedural Interface
ipworksauth_ntlm_get($res, 33 ); ipworksauth_ntlm_set($res, 33, $value );
Default Value
''
Remarks
This property specifies the name and realm/domain of the user. The value specified must be in one of the following formats:
- user
- domain/user
Data Type
String
Config Method (IPWorksAuth_NTLM Class)
Sets or retrieves a configuration setting.
Object Oriented Interface
public function doConfig($configurationstring);
Procedural Interface
ipworksauth_ntlm_do_config($res, $configurationstring);
Remarks
Config is a generic method available in every class. It is used to set and retrieve configuration settings for the class.
These settings are similar in functionality to properties, but they are rarely used. In order to avoid "polluting" the property namespace of the class, access to these internal properties is provided through the Config method.
To set a configuration setting named PROPERTY, you must call Config("PROPERTY=VALUE"), where VALUE is the value of the setting expressed as a string. For boolean values, use the strings "True", "False", "0", "1", "Yes", or "No" (case does not matter).
To read (query) the value of a configuration setting, you must call Config("PROPERTY"). The value will be returned as a string.
CreateAuthToken Method (IPWorksAuth_NTLM Class)
Creates the authentication token.
Object Oriented Interface
public function doCreateAuthToken();
Procedural Interface
ipworksauth_ntlm_do_createauthtoken($res);
Remarks
This method creates the authentication token. After calling this method the AuthToken property will be populated. The following properties are applicable when calling this method:
- User (required)
- Password (required)
- ChallengeToken (required)
- SSLServerCert
- NTLMVersion
Note: SSLServerCert must be set to the server's public certificate if the server requires EPA (Extended Protection for Authentication).
CreateNegotiateToken Method (IPWorksAuth_NTLM Class)
Creates the negotiate token.
Object Oriented Interface
public function doCreateNegotiateToken();
Procedural Interface
ipworksauth_ntlm_do_createnegotiatetoken($res);
Remarks
This method creates the negotiate token. After calling this method the NegotiateToken property is populated. The following properties are applicable when calling this method:
- User (required)
- Password (required)
- NTLMVersion
Reset Method (IPWorksAuth_NTLM Class)
Resets the class.
Object Oriented Interface
public function doReset();
Procedural Interface
ipworksauth_ntlm_do_reset($res);
Remarks
When called, the class will reset all of its properties to their default values.
Error Event (IPWorksAuth_NTLM Class)
Fired when information is available about errors during data delivery.
Object Oriented Interface
public function fireError($param);
Procedural Interface
ipworksauth_ntlm_register_callback($res, 1, array($this, 'fireError'));
Parameter List
'errorcode'
'description'
Remarks
The Error event is fired in case of exceptional conditions during message processing. Normally the class fails with an error.
The ErrorCode parameter contains an error code, and the Description parameter contains a textual description of the error. For a list of valid error codes and their descriptions, please refer to the Error Codes section.
Config Settings (NTLM Class)
The class accepts one or more of the following configuration settings. Configuration settings are similar in functionality to properties, but they are rarely used. In order to avoid "polluting" the property namespace of the class, access to these internal properties is provided through the Config method.NTLM Config Settings
Note: This setting is not applicable when UsePlatformNTLMAPI is True. The platform NTLM API will always use the current workstation's name.
Base Config Settings
The following is a list of valid code page identifiers:
Identifier | Name |
037 | IBM EBCDIC - U.S./Canada |
437 | OEM - United States |
500 | IBM EBCDIC - International |
708 | Arabic - ASMO 708 |
709 | Arabic - ASMO 449+, BCON V4 |
710 | Arabic - Transparent Arabic |
720 | Arabic - Transparent ASMO |
737 | OEM - Greek (formerly 437G) |
775 | OEM - Baltic |
850 | OEM - Multilingual Latin I |
852 | OEM - Latin II |
855 | OEM - Cyrillic (primarily Russian) |
857 | OEM - Turkish |
858 | OEM - Multilingual Latin I + Euro symbol |
860 | OEM - Portuguese |
861 | OEM - Icelandic |
862 | OEM - Hebrew |
863 | OEM - Canadian-French |
864 | OEM - Arabic |
865 | OEM - Nordic |
866 | OEM - Russian |
869 | OEM - Modern Greek |
870 | IBM EBCDIC - Multilingual/ROECE (Latin-2) |
874 | ANSI/OEM - Thai (same as 28605, ISO 8859-15) |
875 | IBM EBCDIC - Modern Greek |
932 | ANSI/OEM - Japanese, Shift-JIS |
936 | ANSI/OEM - Simplified Chinese (PRC, Singapore) |
949 | ANSI/OEM - Korean (Unified Hangul Code) |
950 | ANSI/OEM - Traditional Chinese (Taiwan; Hong Kong SAR, PRC) |
1026 | IBM EBCDIC - Turkish (Latin-5) |
1047 | IBM EBCDIC - Latin 1/Open System |
1140 | IBM EBCDIC - U.S./Canada (037 + Euro symbol) |
1141 | IBM EBCDIC - Germany (20273 + Euro symbol) |
1142 | IBM EBCDIC - Denmark/Norway (20277 + Euro symbol) |
1143 | IBM EBCDIC - Finland/Sweden (20278 + Euro symbol) |
1144 | IBM EBCDIC - Italy (20280 + Euro symbol) |
1145 | IBM EBCDIC - Latin America/Spain (20284 + Euro symbol) |
1146 | IBM EBCDIC - United Kingdom (20285 + Euro symbol) |
1147 | IBM EBCDIC - France (20297 + Euro symbol) |
1148 | IBM EBCDIC - International (500 + Euro symbol) |
1149 | IBM EBCDIC - Icelandic (20871 + Euro symbol) |
1200 | Unicode UCS-2 Little-Endian (BMP of ISO 10646) |
1201 | Unicode UCS-2 Big-Endian |
1250 | ANSI - Central European |
1251 | ANSI - Cyrillic |
1252 | ANSI - Latin I |
1253 | ANSI - Greek |
1254 | ANSI - Turkish |
1255 | ANSI - Hebrew |
1256 | ANSI - Arabic |
1257 | ANSI - Baltic |
1258 | ANSI/OEM - Vietnamese |
1361 | Korean (Johab) |
10000 | MAC - Roman |
10001 | MAC - Japanese |
10002 | MAC - Traditional Chinese (Big5) |
10003 | MAC - Korean |
10004 | MAC - Arabic |
10005 | MAC - Hebrew |
10006 | MAC - Greek I |
10007 | MAC - Cyrillic |
10008 | MAC - Simplified Chinese (GB 2312) |
10010 | MAC - Romania |
10017 | MAC - Ukraine |
10021 | MAC - Thai |
10029 | MAC - Latin II |
10079 | MAC - Icelandic |
10081 | MAC - Turkish |
10082 | MAC - Croatia |
12000 | Unicode UCS-4 Little-Endian |
12001 | Unicode UCS-4 Big-Endian |
20000 | CNS - Taiwan |
20001 | TCA - Taiwan |
20002 | Eten - Taiwan |
20003 | IBM5550 - Taiwan |
20004 | TeleText - Taiwan |
20005 | Wang - Taiwan |
20105 | IA5 IRV International Alphabet No. 5 (7-bit) |
20106 | IA5 German (7-bit) |
20107 | IA5 Swedish (7-bit) |
20108 | IA5 Norwegian (7-bit) |
20127 | US-ASCII (7-bit) |
20261 | T.61 |
20269 | ISO 6937 Non-Spacing Accent |
20273 | IBM EBCDIC - Germany |
20277 | IBM EBCDIC - Denmark/Norway |
20278 | IBM EBCDIC - Finland/Sweden |
20280 | IBM EBCDIC - Italy |
20284 | IBM EBCDIC - Latin America/Spain |
20285 | IBM EBCDIC - United Kingdom |
20290 | IBM EBCDIC - Japanese Katakana Extended |
20297 | IBM EBCDIC - France |
20420 | IBM EBCDIC - Arabic |
20423 | IBM EBCDIC - Greek |
20424 | IBM EBCDIC - Hebrew |
20833 | IBM EBCDIC - Korean Extended |
20838 | IBM EBCDIC - Thai |
20866 | Russian - KOI8-R |
20871 | IBM EBCDIC - Icelandic |
20880 | IBM EBCDIC - Cyrillic (Russian) |
20905 | IBM EBCDIC - Turkish |
20924 | IBM EBCDIC - Latin-1/Open System (1047 + Euro symbol) |
20932 | JIS X 0208-1990 & 0121-1990 |
20936 | Simplified Chinese (GB2312) |
21025 | IBM EBCDIC - Cyrillic (Serbian, Bulgarian) |
21027 | Extended Alpha Lowercase |
21866 | Ukrainian (KOI8-U) |
28591 | ISO 8859-1 Latin I |
28592 | ISO 8859-2 Central Europe |
28593 | ISO 8859-3 Latin 3 |
28594 | ISO 8859-4 Baltic |
28595 | ISO 8859-5 Cyrillic |
28596 | ISO 8859-6 Arabic |
28597 | ISO 8859-7 Greek |
28598 | ISO 8859-8 Hebrew |
28599 | ISO 8859-9 Latin 5 |
28605 | ISO 8859-15 Latin 9 |
29001 | Europa 3 |
38598 | ISO 8859-8 Hebrew |
50220 | ISO 2022 Japanese with no halfwidth Katakana |
50221 | ISO 2022 Japanese with halfwidth Katakana |
50222 | ISO 2022 Japanese JIS X 0201-1989 |
50225 | ISO 2022 Korean |
50227 | ISO 2022 Simplified Chinese |
50229 | ISO 2022 Traditional Chinese |
50930 | Japanese (Katakana) Extended |
50931 | US/Canada and Japanese |
50933 | Korean Extended and Korean |
50935 | Simplified Chinese Extended and Simplified Chinese |
50936 | Simplified Chinese |
50937 | US/Canada and Traditional Chinese |
50939 | Japanese (Latin) Extended and Japanese |
51932 | EUC - Japanese |
51936 | EUC - Simplified Chinese |
51949 | EUC - Korean |
51950 | EUC - Traditional Chinese |
52936 | HZ-GB2312 Simplified Chinese |
54936 | Windows XP: GB18030 Simplified Chinese (4 Byte) |
57002 | ISCII Devanagari |
57003 | ISCII Bengali |
57004 | ISCII Tamil |
57005 | ISCII Telugu |
57006 | ISCII Assamese |
57007 | ISCII Oriya |
57008 | ISCII Kannada |
57009 | ISCII Malayalam |
57010 | ISCII Gujarati |
57011 | ISCII Punjabi |
65000 | Unicode UTF-7 |
65001 | Unicode UTF-8 |
Identifier | Name |
1 | ASCII |
2 | NEXTSTEP |
3 | JapaneseEUC |
4 | UTF8 |
5 | ISOLatin1 |
6 | Symbol |
7 | NonLossyASCII |
8 | ShiftJIS |
9 | ISOLatin2 |
10 | Unicode |
11 | WindowsCP1251 |
12 | WindowsCP1252 |
13 | WindowsCP1253 |
14 | WindowsCP1254 |
15 | WindowsCP1250 |
21 | ISO2022JP |
30 | MacOSRoman |
10 | UTF16String |
0x90000100 | UTF16BigEndian |
0x94000100 | UTF16LittleEndian |
0x8c000100 | UTF32String |
0x98000100 | UTF32BigEndian |
0x9c000100 | UTF32LittleEndian |
65536 | Proprietary |
- Product: The product the license is for.
- Product Key: The key the license was generated from.
- License Source: Where the license was found (e.g., RuntimeLicense, License File).
- License Type: The type of license installed (e.g., Royalty Free, Single Server).
- Last Valid Build: The last valid build number for which the license will work.
This setting only works on these classes: AS3Receiver, AS3Sender, Atom, Client(3DS), FTP, FTPServer, IMAP, OFTPClient, SSHClient, SCP, Server(3DS), Sexec, SFTP, SFTPServer, SSHServer, TCPClient, TCPServer.
FIPS mode can be enabled by setting the UseFIPSCompliantAPI configuration setting to true. This is a static setting that applies to all instances of all classes of the toolkit within the process. It is recommended to enable or disable this setting once before the component has been used to establish a connection. Enabling FIPS while an instance of the component is active and connected may result in unexpected behavior.
For more details, please see the FIPS 140-2 Compliance article.
Note: This setting is applicable only on Windows.
Note: Enabling FIPS compliance requires a special license; please contact sales@nsoftware.com for details.
Setting this configuration setting to true tells the class to use the internal implementation instead of using the system security libraries.
On Windows, this setting is set to false by default. On Linux/macOS, this setting is set to true by default.
To use the system security libraries for Linux, OpenSSL support must be enabled. For more information on how to enable OpenSSL, please refer to the OpenSSL Notes section.
Trappable Errors (NTLM Class)
NTLM Errors
101 | Component is busy. |
102 | Username and password must be specified. |
103 | ChallengeToken must be specified. |