Policy management consists of creating, deleting, and modifying policy objects within a SiteMinder policy store. Through the Policy Management API, you can perform most of the data manipulations that you can perform through the native Policy Server User Interface. For example, you can write a client application that allows administrators to perform tasks such as:

Creating a policy domain
Creating an Agent object
Creating an Agent configuration object
Creating a host configuration object
Registering a trusted host
Creating a SiteMinder user directory object
Creating an authentication scheme object
Creating an administrator
Creating a realm
Adding a realm to a policy domain
Creating a rule
Creating a response
Creating a policy
Adding a user or group to a policy
Adding a rule to a policy
Setting responses for rules in a policy
Migrating an entire policy store or an individual policy domain remotely

Policy Management Setup

To run applications built with the Policy Management API:

Use the Policy Server Management Console to configure the Policy Server so that it points to the policy store you want to access.
Run your Policy Management application on the same machine as the Policy Server or on a machine that has network access to the Policy Server.

Note: If an application built with the Policy Management API runs on the same machine as the Policy Server, the application must run as the same user who installed the Policy Server (for example, smuser on UNIX platforms).

Required JAR File

The JAR file smjavasdk2.jar is required for building and running Policy Management applications. The JAR file is stored in the following locations:

Windows platforms:
<install_path>\sdk\java
UNIX platforms:
<install_path>/sdk/java

Policy Store Objects

Interface SmPolicyApi is implemented by the class SmPolicyApiImpl. Use this class as the starting point for the Policy Management API. Each policy store object is associated with a class in the Policy Management API. You create and manage policy store objects through the methods in an object’s class.

Policy store objects can be classified according to scope:

Domain objects are visible only within the domain. They cannot be shared between domains.
Global objects are visible across all domains.
Global objects are sometimes called system objects.

Global objects include:

Administrators
Agent types
Agents and agent groups
Agent Configuration objects
Host Configuration objects
Trusted Hosts
Authentication schemes
Authentication/authorization maps
Certificate maps
Domains
ODBC query schemes
Password policies
Registration schemes
User directories

Domain objects include:

Policies
Realms
Responses and response groups
Response attributes
Rules and rule groups
User policies

When you are working in the Policy Server user interface, you will see most of the above objects listed in the System and Domain tabs of the SiteMinder Administration window.

Note: Descriptions in the Javadoc reference specify whether an object has global scope or domain scope.