Product Documentation

Namespace Elements

May 11, 2015

All Single Sign-on custom elements used in SPML commands are members of the namespace. This namespace is also referred to as ctxs prefix. There are three top-level elements in this namespace that occur in SPML commands: authentication-token, application, and credential.

Authentication-Token Element - ctxs:authentication-token

The authentication-token element is used as a container for the authentication token (AuthToken). This element is mandatory, but is not used. There are no child elements of the authentication-token element.


<ctxs:authentication-token xmlns:ctxs=''> 

Application Element - ctxs:application

The application element may occur as a top-level element or as a child of the credential element.

The application element is used both to describe an application definition (see lookupApplicationRequest) and to describe details of a credential (see addRequest).


<ctxs:application xmlns:ctxs=''> 
   <ctxs:description>description from app-def 
   <ctxs:group password-sharing='true'>Domain</ctxs:group> 
      <ctxs:custom-field index='1' label='Domain'/> 
      <ctxs:custom-field index='2' label='Exchange Server'/> 
Note: None of the children of the fields element contain character data in this sample.


ctxsID (mandatory) The GUID assigned to the application definition when it is created in the console
name The administrator-defined name for the application definition
description The administrator-defined description for the application definition
group (mandatory if password sharing is used) The application group this definition is assigned to in the console. The password-sharing attribute is a boolean value used to indicate if this group has been configured to share passwords. For more information, see addRequest.
fields (mandatory)

Lists the data fields to be configured for credentials using this application definition. Any subset of the fields listed may be defined for any particular application definition.

Children of the fields element:
  • userID corresponds to the user id
  • password corresponds to the user's password
  • custom-field corresponds to the custom fields that may be included in a definition; the index attribute indicates the particular field (either '1' or '2') and the label attribute contains the optional label text.

See ctxs:credential for an example of an application element as a child of a credential element.

Credential Element - ctxs:credential

The credential element is used to describe a single secondary credential. Most credentials are associated with a particular application definition; this is expressed by a child application element. Credentials that users enter manually do not contain an application element.


<ctxs:credential xmlns:ctxs='' 
ctxs:status='available' ctxs:pendingAction='delete'> 
   <ctxs:name>Credential Name</ctxs:name> 
   <ctxs:description>user visible description 
   <ctxs:provision-description>optional-RA provided-description 
         <ctxs:custom-field index='1'>mydomain 


status (mandatory) The status attribute of the credential element indicates the state of this credential from the Single Sign-on Plug-in's perspective. The status is either active or queued. A value of active means that the credential is currently available for the Single Sign-on Plug-in to use. A value of queued means that a command to add the credential has been queued but the Single Sign-on Plug-in has not yet processed that command.
pendingAction The pendingAction attribute of the credential element indicates if there are any queued commands that affects this credential. The pendingAction values are add, modify, and delete. A value of delete indicates that a delete command has been queued for this credential. A value of modify indicates that a modify command has been queued for this credential. This attribute is optional and is omitted if no commands are queued for the credential.
name The name attribute of the credential element is the value displayed by the Single Sign-on Plug-in in the Manage Passwords window (formerly known as Logon Manager). This value can be edited by the user using the property page of the credential.
description The description value of the credential element is the value displayed by the Single Sign-on Plug-in in the Manage Passwords window (formerly known as Logon Manager). This value can be edited by the user using the property page of the credential.
provision-description The provision-description is administrator data that cannot be viewed or edited by the Single Sign-on Plug-in. This is provided solely for the convenience of the Provisioning Administrator.
application The application element indicates the id of the application definition and the character data for the userID, password, and custom-field elements provides the user's details for this credential.