Programming Guides › Programming Guide for Perl › CLI Policy Management Methods › CLI Domain Methods

CLI Domain Methods

AddAdmin Method—Adds an Administrator to the Domain

The AddAdmin method adds an administrator to the domain.

Syntax

The AddAdmin method has the following format:

Netegrity::PolicyMgtDomain‑>AddAdmin(admin)

Parameters

The AddAdmin method accepts the following parameter:

admin (type)

Specifies the administrator to add to the domain.

Return Value

The AddAdmin method returns one of the following values:

• 0 on success
• -1 if the call was unsuccessful

Remarks

Administrators can create, edit, and delete SiteMinder objects within the domain.

You cannot use the Policy Management API to create an administrator for a particular domain. However, if you use the Administrative UI to create an administrator for a domain, you can add that administrator to another domain by calling the PolicyMgtAffDomain‑>AddAdmin method.

AddUserDir Method—Associates a User Directory with the Domain

The AddUserDir method associates a user directory with the domain.

Syntax

The AddUserDir method has the following format:

Netegrity::PolicyMgtDomain‑>AddUserDir(userDir)

Parameters

The AddUserDir method accepts the following parameter:

userDir (PolicyMgtUserDir)

Specifies the user directory to associate with the domain.

Return Value

The AddUserDir method returns one of the following values:

• 0 on success
• -1 if the call was unsuccessful

Remarks

During user authentication, the user's supplied credentials are checked against the credentials stored in this user directory.

The directory object is appended to the end of the search order. To change the search order, call the PolicyMgtAffDomain‑>SetUserDirSearchOrder method.

CreatePolicy Method—Creates and Configures a Policy in the Domain

The CreatePolicy method creates and configures a policy in the domain.

Syntax

The CreatePolicy method has the following format:

Netegrity::PolicyMgtDomain‑>CreatePolicy(policyName [, policyDesc] [, enableFlag] [, activeExpr])

Parameters

The CreatePolicy method accepts the following parameters:

policyName (string)

Specifies the name of the policy.

policyDesc (string)

(Optional) Specifies the description of the policy.

enableFlag (int)

(Optional) Specifies whether to enable (1) or disable (0) the policy. Default is enabled.

activeExpr (string)

(Optional) Specifies the active expression of the policy.

Return Value

The CreatePolicy method returns one of the following values:

• A PolicyMgtPolicy object
• undef if the call was unsuccessful

CreateRealm Method—Creates and Configures a Top-level Realm in the Domain

The CreateRealm method creates and configures a top-level realm in the domain.

Syntax

The CreateRealm method has the following format:

Netegrity::PolicyMgtDomain‑>CreateRealm(realmName, agent, authScheme [, realmDesc] [, resFilter] [, procAuthEvents] [, procAzEvents] [, protectAll] [, maxTimeout] [, idleTimeout] [, syncAudit] [, azUserDir] [, regScheme])

Parameters

The CreateRealm method accepts the following parameters:

realmName (string)

Specifies the name of the realm.

agent (PolicyMgtAgent)

Specifies the agent or agent group that protects the realm.

authScheme (PolicyMgtAuthScheme)

Specifies the authentication scheme to associate with the realm.

realmDesc (string)

(Optional) Specifies the realm description.

resFilter (string)

(Optional) Specifies the resource filter for the realm.

procAuthEvents (int)

(Optional) Specifies whether to process authentication events -- 1 to enable or 0 to disable. Default is enabled. Authentication event processing affects performance. If no rules in the realm are to be triggered by authentication events, set this flag to 0.

procAzEvents (int)

(Optional) Specifies whether to process authorization events -- 1 to enable or 0 to disable. Default is enabled. Authorization event processing affects performance. If no rules in the realm are to be triggered by authorization events, set this flag to 0.

protectAll (int)

(Optional) Specifies whether to activate default resource protection -- 1 to enable or 0 to disable. Default is enabled.

maxTimeout (int)

(Optional) Specifies the maximum time, in seconds, a user can access the realm before re-authentication is required. Default is 7200 (2 hours).

idleTimeout (int)

(Optional) Specifies the maximum time, in seconds, a user can remain inactive in the realm before re-authentication is required. Default is 3600 (1 hour).

syncAudit (int)

(Optional) Specifies lag for enabling synchronous auditing -- 1 to enable or 0 to disable. When this flag is enabled, SiteMinder logs Policy Server and agent actions before it allows access to resources. Default is disabled.

azUserDir (PolicyMgtUserDir)

(Optional) Specifies The directory where users in the realm will be authorized. Default is the default directory.

regScheme (type)

(Optional) Specifies the registration scheme used to register new users accessing resources in the realm.

Return Value

The CreateRealm method returns one of the following values:

• A PolicyMgtRealm object
• undef if the call was unsuccessful

Remarks

This method creates a realm that is configured for non-persistent sessions. To configure the realm for SiteMinder 5.0 persistent sessions, edit the realm in the Administrative UI.

Note: The Policy Management API only manipulates realms that are direct descendants of the object whose method has been called, as follows:

• For a realm under a domain, you can only manipulate the top-level realms in a domain object.
• For a realm under a realm, you can only manipulate realms that are directly under the parent realm.

CreateResponse Method—Creates a Response

The CreateResponse method creates a response.

Syntax

The CreateResponse method has the following format:

Netegrity::PolicyMgtDomain‑>CreateResponse(resName, agentType [, resDesc])

Parameters

The CreateResponse method accepts the following parameters:

resName (string)

Specifies the name of the response.

agentType (PolicyMgtAgentType)

Specifies the agent type associated with the response. Call the PolicyMgtSession‑>GetAgentType method to get the agent type object.

resDesc (string)

(Optional) Specifies the description of the response.

Return Value

The CreateResponse method returns one of the following values:

• A PolicyMgtResponse object
• undef if the call was unsuccessful

Remarks

The agent returns responses based on certain events. For example, if an unauthorized user attempts to access a protected Web page, a response can redirect the user to an HTML page that displays an appropriate message.

CreateResponseGroup Method—Creates a Response Group for the Domain

The CreateResponseGroup method creates a response group for the domain.

Syntax

The CreateResponseGroup method has the following format:

Netegrity::PolicyMgtDomain‑>CreateResponseGroup(groupName, agentType, [, groupDesc])

Parameters

The CreateResponseGroup method accepts the following parameters:

groupName (string)

Specifies the name of the group.

agentType (PolicyMgtAgentType)

Specifies the agent type associated with this response group. Call the PolicyMgtSession‑>GetAgentType method to get the agent type object.

groupDesc (string)

(Optional) Specifies the description of the group.

Return Value

The CreateResponseGroup method returns one of the following values:

• A PolicyMgtGroup object
• undef if the call was unsuccessful

CreateRuleGroup Method—Creates a Rule Group for the Domain

The CreateRuleGroup method creates a rule group for the domain.

Syntax

The CreateRuleGroup method has the following format:

Netegrity::PolicyMgtDomain‑>CreateRuleGroup(groupName, agentType [, groupDesc])

Parameters

The CreateRuleGroup method accepts the following parameters:

groupName (string)

Specifies the name of the group.

agentType (PolicyMgtAgentType)

Specifies the agent type associated with this rule group. Call the PolicyMgtSession‑>GetAgentType method to get the agent type object.

groupDesc (string)

(Optional) Specifies the description of the group.

Return Value

The CreateRuleGroup method returns one of the following values:

• A PolicyMgtGroup object
• undef if the call was unsuccessful

DeleteGroup Method—Deletes a Group from the Domain

The DeleteGroup method deletes the specified group in the domain.

Syntax

The DeleteGroup method has the following format:

Netegrity::PolicyManagementDomain‑>DeleteGroup(group)

Parameters

The DeleteGroup method accepts the following parameter:

group (PolicyMgrGroup)

Specifies the group to delete.

Return Value

The DeleteGroup method returns one of the following values:

• 0 on success, or the group was not found
• -1 if the call failed

DeletePolicy Method—Deletes a Policy

The DeletePolicy method deletes a policy.

Syntax

The DeletePolicy method has the following format:

Netegrity::PolicyMgtDomain‑>DeletePolicy(policy)

Parameters

The DeletePolicy method accepts the following parameter:

policy (PolicyMgtPolicy)

Specifies the policy to delete.

Return Value

The DeletePolicy method returns one of the following values:

• 0 on success
• -1 if the call failed

DeleteRealm Method—Deletes a Realm in the Domain

The DeleteRealm method deletes a top-level realm in the domain.

Syntax

The DeleteRealm method has the following format:

Netegrity::PolicyMgtDomain‑>DeleteRealm(realm)

Parameters

The DeleteRealm method accepts the following parameter:

realm (PolicyMgtRealm)

Specifies the realm to delete.

Return Value

The DeleteRealm method returns one of the following values:

• 0 on success, or if the real was not found
• -1 if the call failed

DeleteResponse Method—Deletes a Response

The DeleteResponse method deletes a response.

Syntax

The DeleteResponse method has the following format:

Netegrity::PolicyMgtDomain‑>DeleteResponse(response)

Parameters

The DeleteResponse method accepts the following parameter:

response (PolicyMgtResponse)

Specifies the response to delete.

Return Value

The DeleteResponse method returns one of the following values:

• 0 on success
• -1 if the call failed

Description Method—Sets or Retrieves the Description of the Domain

The Description method sets or retrieves the description of the domain.

Syntax

The Description method has the following format:

Netegrity::PolicyMgtDomain‑>Description([domainDesc])

Parameters

The Description method accepts the following parameter:

domainDesc (string)

(Optional) Specifies the description to set.

Return Value

The Description method returns one of the following values:

• A new or existing domain description
• An empty string if unsuccessful

GetAllPolicies Method—Retrieves All Policies Associated with the Domain

The GetAllPolicies method retrieves all policies associated the domain.

Syntax

The GetAllPolicies method has the following format:

Netegrity::PolicyMgtDomain‑>GetAllPolicies( )

Parameters

The GetAllPolicies method accepts no parameters.

Return Value

The GetAllPolicies method returns one of the following values

• An array of PolicyMgtPolicy objects
• undef if unsuccessful

GetAllRealms Method—Retrieves All Top-level Realms in the Domain

The GetAllRealms method Retrieves all top-level realms in the domain.

Syntax

The GetAllRealms method has the following format:

Netegrity::PolicyMgtDomain‑>GetAllRealms( )

Parameters

The GetAllRealms method accepts no parameters.

Return Value

The GetAllRealms method returns one of the following values

• An array of PolicyMgtRealm objects
• undef if unsuccessful

Remarks

To retrieve all top-level realms under a realm, call the PolicyMgtRealm‑>GetAllChildRealms method.

GetAllResponseGroups Method—Retrieves All the Response Groups Associated with the Domain

The GetAllResponseGroups method retrieves all of the response groups associated with the domain.

Syntax

The GetAllResponseGroups method has the following format:

Netegrity::PolicyMgtDomain‑>GetAllResponseGroups( )

Parameters

The GetAllResponseGroups method accepts no parameters.

Return Value

The GetAllResponseGroups method returns one of the following values

• An array of PolicyMgtGroup objects
• undef if unsuccessful

GetAllResponses Method—Retrieves All Responses Associated with the Domain

The GetAllResponses method retrieves all responses associated with the domain.

Syntax

The GetAllResponses method has the following format:

Netegrity::PolicyMgtDomain‑>GetAllResponses()

Parameters

The GetAllResponses method accepts no parameters.

Return Value

The GetAllResponses method returns one of the following values

• An array of PolicyMgtResponse objects
• undef if the call was unsuccessful

GetAllRuleGroups Method—Retrieves All Rule Groups Associated with the Domain

The GetAllRuleGroups method retrieves all rule groups associated with the domain.

Syntax

The GetAllRuleGroups method has the following format:

Netegrity::PolicyMgtDomain‑>GetAllRuleGroups( )

Parameters

The GetAllRuleGroups method accepts no parameters.

Return Value

The GetAllRuleGroups method returns one of the following values:

• An array of PolicyMgtGroup objects
• undef if the call was unsuccessful

GetPolicy Method—Retrieves a Policy in the Domain

The GetPolicy method retrieves a policy in the domain.

Syntax

The GetPolicy method has the following format:

Netegrity::PolicyMgtDomain‑>GetPolicy(policyName)

Parameters

The GetPolicy method accepts the following parameter:

policyName (string)

Specifies the policy to retrieve.

Return Value

The GetPolicy method returns one of the following values

• A PolicyMgtPolicy object
• undef if the call fails, or if the specified policy does not exist

GetRealm Method—Retrieves a Top-level Realm in the Domain

The GetRealm method retrieves a top-level realm in the domain.

Syntax

The GetRealm method has the following format:

Netegrity::PolicyMgtDomain‑>GetRealm(realmName)

Parameters

The GetRealm method accepts the following parameter:

realmName (string)

Specifies the realm to retrieve.

Return Value

The GetRealm method returns one of the following values:

• A PolicyMgtRealm object
• undef if the call failed, or if the specified realm does not exist

GetResponse Method—Retrieves a Response Associated with the Domain

The GetResponse method retrieves a response associated with the domain.

Syntax

The GetResponse method has the following format:

Netegrity::PolicyMgtDomain‑>GetResponse(resName)

Parameters

The GetResponse method accepts the following parameter:

resName (string)

Specifies the response to retrieve.

Return Value

The GetResponse method returns one of the following values:

• A PolicyMgtResponse object
• undef if the call was unsuccessful, or if the specified response does not exist

GetResponseGroup Method—Retrieves the Specified Response Group

The GetResponseGroup method retrieves the specified response group.

Syntax

The GetResponseGroup method has the following format:

Netegrity::PolicyMgtDomain‑>GetResponseGroup(groupName)

Parameters

The GetResponseGroup method accepts the following parameter:

groupName (string)

Specifies the name of the response group to retrieve.

Return Value

The GetResponseGroup method returns one of the following values:

• A PolicyMgtGroup object
• undef if the call was unsuccessful

GetRuleGroup Method—Retrieves the Specified Rule Group

The GetRuleGroup method retrieves the specified rule group.

Syntax

The GetRuleGroup method has the following format:

Netegrity::PolicyMgtDomain‑>GetRuleGroup(groupName)

Parameters

The GetRuleGroup method accepts the following parameter:

groupName (string)

Specifies the name of the group to retrieve.

Return Value

The GetRuleGroup method returns one of the following values:

• A PolicyMgtGroup object
• undef if the call was unsuccessful

GetUserDirSearchOrder Method—Retrieves User Directory Objects Associated with the Domain

The GetUserDirSearchOrder method retrieves user directory objects associated with the domain.

Syntax

The GetUserDirSearchOrder method has the following format:

Netegrity::PolicyMgtDomain‑>GetUserDirSearchOrder( )

Parameters

The GetUserDirSearchOrder method accepts no parameters:

Return Value

The GetUserDirSearchOrder method returns one of the following values:

• An PolicyMgtUserDir objects
• undef if the call was unsuccessful

Remarks

The order of the returned objects is the same order that SiteMinder uses when querying the directories. To change the search order, call the PolicyMgtAffDomain‑>SetUserDirSearchOrder method.

GlobalPoliciesApply Method—Determines whether the Domain Is Enabled for Global Policies

The GlobalPoliciesApply method sets or retrieves the flag indicating whether the domain is enabled for global policies. If the domain is enabled for global policies, both global and domain-specific policies can apply to the domain.

Syntax

The GlobalPoliciesApply method has the following format:

Netegrity::PolicyMgtDomain‑>GlobalPoliciesApply([globalFlag])

Parameters

The GlobalPoliciesApply method accepts the following parameter:

globalFlag (int)

(Optional) Specifies whether to enable the domain for global polices:

• 1 specifies that global policies should be enable
• 0 specifies that global policies should not be enabled

Return Value

The GlobalPoliciesApply method returns one of the following values:

• A new or the existing flag setting

Name Method—Sets or Retrieves the Domain Name

The Name method sets or retrieves the domain name.

Syntax

The Name method has the following format:

Netegrity::PolicyMgtDomain‑>Name([domainName])

Parameters

The Name method accepts the following parameter:

domainName (string)

(Optional) Specifies the name to assign to the domain.

Return Value

The Name method returns one of the following values:

• A new or the existing domain name
• undef if the call was unsuccessful

RemoveAdmin Method—Disassociates an Administrator from the Domain

The RemoveAdmin method disassociates an administrator from the domain.

Syntax

The RemoveAdmin method has the following format:

Netegrity::PolicyMgtDomain‑>RemoveAdmin(admin)

Parameters

The RemoveAdmin method accepts the following parameter:

admin (PolicyMgtAdmin)

Specifies the administrator to remove from the domain.

Return Value

The RemoveAdmin method returns one of the following values:

• 0 on success
• -1 if the call was unsuccessful

Remarks

See also the PolicyMgtSession‑>DeleteAdmin method to delete an administrator from the policy store.

You cannot use the Policy Management API to create an administrator for a particular domain. However, if an administrator is associated with a domain either through the Administrative UI or the PolicyMgtAffDomain‑>AddAdmin method, you can remove that administrator from the domain by calling the RemoveAdmin method.

RemoveUserDir Method—Disassociates the User Directory from the Domain

The RemoveUserDir method disassociates the user directory from the domain.

Syntax

The RemoveUserDir method has the following format:

Netegrity::PolicyMgtDomain‑>RemoveUserDir(userDir)

Parameters

The RemoveUserDir method accepts the following parameter:

userDir (PolicyMgtUserDir)

Specifies the user directory to disassociate from the domain.

Return Value

The RemoveUserDir method returns one of the following values:

• 0 on success
• -1 if the call was unsuccessful

SetUserDirSearchOrder Method—Rearranges the Search Order of the User Directory Objects

The SetUserDirSearchOrder method rearranges the search order of the user directory objects associated with the domain.

Syntax

The SetUserDirSearchOrder method has the following format:

Netegrity::PolicyMgtDomain‑>SetUserDirSearchOrder(dirArray)

Parameters

The SetUserDirSearchOrder method accepts the following parameter:

dirArray ()

Specifies a reference to an array of user directory objects (for example: \@myarray).

Return Value

The SetUserDirSearchOrder method returns one of the following values:

• An array of PolicyMgtUserDir objects
• undef if the call was unsuccessful