Programming Guides › Programming Guide for Perl › CLI Policy Management Methods › CLI Affiliate Domain Methods

CLI Affiliate Domain Methods

AddAdmin Method—Associates an Administrator with an Affiliate Domain

The AddAdmin method associates an administrator with an affiliate domain.

Syntax

The AddAdmin method has the following format:

Netegrity::PolicyMgtAffDomain‑>AddAdmin(admin)

Parameter

The AddAdmin method accepts the following parameter:

admin (PolicyMgtAdmin)

Specifies the administrator to associate with the affiliate domain.

Return Values

The AddAdmin method returns one of the following values:

0 on success

-1 on failure

AddUserDir Method—Associates a User Directory with an Affiliate Domain

The AddUserDir method associates a user directory with an affiliate domain.

Syntax

The method has the following format:

Netegrity::PolicyMgtAffDomain‑>AddUserDir(userDir)

Parameter

The AddUserDir method accepts the following parameter:

userDir (PolicyMgtUserDir)

Specifies the user directory to associate with the affiliate domain.

Return Values

The AddUserDir method returns one of the following values:

0 on success

-1 on failure

CreateAffiliate Method—Creates an Affiliate Object

The CreateAffiliate method creates and configures an affiliate object within an affiliate domain.

Syntax

The CreateAffiliate method has the following format:

Netegrity::PolicyMgtAffDomain‑>CreateAffiliate( affName, password, authURL, validityDuration, skewTime [, affDesc] [, allowNotification] [, audience] [, enableFlag] [, shareSessioning] [, sessionSyncInterval] [, SAMLVersion] [, SAMLProfile] [,ConsumerURL] )

Parameters

The CreateAffiliate method accepts the following parameters:

affName (string)

Specifies the name of the affiliate object. The name should be unique across all affiliate domains.

password (string)

Specifies the password that affiliates use to access SiteMinder Federation Web Services.

authURL (string)

Specifies the URL used to authenticate affiliate users.

validityDuration (long)

Specifies the number of seconds that a SiteMinder-generated SAML assertion is valid. If an affiliate receives the assertion after the specified time, the assertion is considered invalid.

skewTime (long)

Specifies the difference, in seconds, between the system clock time of the assertion producer site and the system clock time of the affiliate site. The skew time is added to validityDuration. Times are relative to GMT.

affDesc (string)

(Optional) Specifies the description of the affiliate.

allowNotification (int)

(Optional) Specifies whether to allow event notifications. Set to 1 to enable event notifications to be sent from the affiliate to SiteMinder on the assertion producer site. Set to 0 to disable the event notification service. Default is 0 (notifications disabled).

audience (string)

(Optional) Specifies the URI of the document that describes the agreement between the assertion producer and the affiliate. This value is included in the SAML assertion passed to the affiliate and can be used for validation purposes. Also, the affiliate can parse the audience document to obtain relevant information. The audience value must match the Assertion Audience setting in the AffiliateConfig.xml configuration file for the SAML Affiliate Agent.

enableFlag (int)

(Optional) Specifies whether to enable the affiliate object. Set to 1 to enable the affiliate object, or 0 to disable it. Default is 1 (object is enabled).

shareSessioning (int)

(Optional) Specifies whether to share session information. Set to 1 to allow the assertion producer and the affiliate to share session information, or set to 0 to have the producer and affiliate maintain separate sessions. Default is 0 (separate sessions). With shared sessions, the sessions on both sites are terminated when the session on either site ends.

sessionSyncInterval (long)

(Optional) Specifies the frequency, in seconds, at which the affiliate contacts the producer site to validate the status of a shared session.

SAMLVersion (long)

(Optional) Specifies the SAML version. One of the following values:

• AFFILIATE_SAML_VER_1_0
• AFFILIATE_SAML_VER_1_1

Specifying a SAML version has effect only if the Policy Manager API's session version is at least v6.0 SP 1.

SAMLProfile (long)

(Optional) Specifies the type of profile used to send and receive SAML assertions. Valid profiles:

AFFILIATE_SAML_PROFILE_ARTIFACT. The SAML assertion is retrieved from a URL associated with the assertion producer. The URL is specified during configuration of the SAML Artifact authentication scheme.

AFFILIATE_SAML_PROFILE_POST. The generated SAML assertion is POSTed to the URL specified in ConsumerURL.

This profile is supported only if the Policy Management API's session version is at least v6.0 SP 2. If an earlier version is involved, the POST profile request is ignored, and an attempt is made to create an affiliate object based on the artifact profile.

ConsumerURL (string)

(Optional) Specifies the URL where the requesting user's browser must POST a generated assertion. The site associated with the URL validates the assertion and uses its contents to make access decisions.

Return Value

The CreateAffiliate method returns one of the following values:

PolicyMgtAffiliate object if successful

undef if unsuccessful

Remarks

An affiliate object represents an affiliate site in a federated business network. Affiliate objects and affiliate domains are available through SiteMinder legacy federation.

CreateSAMLServiceProvider Method—Creates a SAML Service Provider

The CreateSAMLServiceProvider method creates a SAML 2.0 Service Provider object. A Service Provider object contains information that an Identity Provider needs to produce assertions for the Service Provider. The properties you can set for a SAML 2.0 Service Provider object are listed following.

To modify the properties of an existing Service Provider, call the PolicyMgtSAMLServiceProvider‑>Property method.

Syntax

The CreateSAMLServiceProvider method has the following format:

Netegrity::PolicyMgtAffDomain‑>CreateSAMLServiceProvider(propsHash_ref)

Parameters

The CreateSAMLServiceProvider method accepts the following parameter:

propsHash_ref (hash)

Specifies a reference to a hashtable of metadata properties to define for the SAML 2.0 Service Provider (for example: \%myhash).

Return Values

The CreateSAMLServiceProvider method returns one of the following values:

• A PolicyMgtSAMLServiceProvider object on success
• undef on failure

Remarks

You can define the following properties for a SAML 2.0 Service Provider:

General Properties

• SAML_NAME
• SAML_DESCRIPTION
• SAML_SP_AUTHENTICATION_URL
• SAML_ENABLED
• SAML_SP_DOMAIN
• SAML_KEY_SPID
• SAML_SP_IDPID
• SAML_MAJOR_VERSION
• SAML_MINOR_VERSION
• SAML_SKEWTIME
• SAML_DISABLE_SIGNATURE_PROCESSING
• SAML_DSIG_VERINFO_ISSUER_DN
• SAML_DSIG_VERINFO_SERIAL_NUMBERSAML_KEY_SPID

Name ID Properties

• SAML_SP_NAMEID_FORMAT
• SAML_SP_NAMEID_TYPE
• SAML_SP_NAMEID_STATIC
• SAML_SP_NAMEID_ATTRNAME
• SAML_SP_NAMEID_DNSPEC
• SAML_AFFILIATION

SSO Properties

• SAML_AUDIENCE
• SAML_SP_ASSERTION_CONSUMER_DEFAULT_URL
• SAML_ENABLE_SSO_ARTIFACT_BINDING
• SAML_SP_ARTIFACT_ENCODING
• SAML_SP_IDP_SOURCEID
• SAML_SP_PASSWORD
• SAML_ENABLE_SSO_POST_BINDING
• SAML_SSOECPPROFILE
• SAML_SP_REQUIRE_SIGNED_AUTHNREQUESTS
• SAML_SP_AUTHENTICATION_LEVEL
• SAML_SP_AUTHN_CONTEXT_CLASS_REF
• SAML_SP_VALIDITY_DURATION
• SAML_SP_STARTTIME
• SAML_SP_ENDTIME

SLO Properties

• SAML_SLO_REDIRECT_BINDING
• SAML_SLO_SERVICE_VALIDITY_DURATION
• SAML_SLO_SERVICE_URL
• SAML_SLO_SERVICE_RESPONSE_URL
• SAML_SLO_SERVICE_CONFIRM_URL

IPD Properties

• SAML_SP_ENABLE_IPD
• SAML_SP_IPD_SERVICE_URL
• SAML_SP_COMMON_DOMAIN
• SAML_SP_PERSISTENT_COOKIE

Attribute Service Properties

• SAML_SP_ATTRSVC_ENABLE
• SAML_SP_ATTRSVC_VALIDITY_DURATION
• SAML_SP_ATTRSVC_SIGN_ASSERTION
• SAML_SP_ATTRSVC_LDAP_SEARCH_SPEC
• SAML_SP_ATTRSVC_ODBC_SEARCH_SPEC
• SAML_SP_ATTRSVC_WINNT_SEARCH_SPEC
• SAML_SP_ATTRSVC_CUSTOM_SEARCH_SPEC
• SAML_SP_ATTRSVC_AD_SEARCH_SPEC

Encryption Properties

• SAML_SP_ENCRYPT_ID
• SAML_SP_ENCRYPT_ASSERTION
• SAML_SP_ENCRYPT_BLOCK_ALGO
• SAML_SP_ENCRYPT_KEY_ALGO
• SAML_SP_ENCRYPT_CERT_ISSUER_DN
• SAML_SP_ENCRYPT_CERT_SERIAL_NUMBER

Advanced Properties

• SAML_SP_PLUGIN_CLASS
• SAML_SP_PLUGIN_PARAMS

CreateWSFEDResourcePartner Method—Creates a WS-Federation Resource Partner

The CreateWSFEDResourcePartner method creates a WS-Federation Resource Partner for the affiliate domain.

Syntax

The CreateWSFEDResourcePartner method has the following format:

Netegrity::PolicyMgtAffDomain‑>CreateWSFEDResourcePartner(propsHash_ref)

Parameters

The CreateWSFEDResourcePartner method accepts the following parameters:

propsHash_ref (hash)

Specifies a reference to a hashtable of metadata properties to define for the

WS-Federation Resource Partner, (for example, C<\%myhash>|"hashref".

Return Value

The CreateWSFEDResourcePartner method returns one of the following values:

• A PolicyMgtWSFEDResourcePartner object on success
• undef on failure

Remarks

You can define the following properties for a Resource Partner:

General Properties

• WSFED_NAME
• WSFED_DESCRIPTION
• WSFED_MAJOR_VERSION
• WSFED_MINOR_VERSION
• WSFED_SAML_MAJOR_VERSION
• WSFED_KEY_RPID
• WSFED_APID
• WSFED_SAML_MINOR_VERSION
• WSFED_RP_DOMAIN
• WSFED_ENABLED
• WSFED_RP_AUTHENTICATION_URL
• WSFED_KEY_RPID
• WSFED_APID

NameID Properties

• WSFED_RP_NAMEID_FORMAT
• WSFED_RP_NAMEID_TYPE
• WSFED_RP_NAMEID_STATIC
• WSFED_RP_NAMEID_ATTR_NAME
• WSFED_RP_NAMEID_DN_SPEC
• WSFED_RP_NAMEID_ALLOWED_NESTED

SSO Properties

• WSFED_RP_AUTHENTICATION_METHOD
• WSFED_RP_VALIDITY_DURATION
• WSFED_RP_ASSERTION_CONSUMER_DEFAULT_URL
• WSFED_RP_AUTHENTICATION_LEVEL
• WSFED_RP_STARTTIME
• WSFED_RP_ENDTIME

Signout Properties

• WSFED_RP_SLO_ENABLED
• WSFED_RP_SIGNOUT_CLEANUP_URL
• WSFED_RP_SIGNOUT_CONFIRM_URL

Advanced Properties

• WSFED_RP_PLUGIN_CLASS
• WSFED_RP_PLUGIN_PARAMS

DeleteAffiliate Method—Deletes an Affiliate from a Domain

The DeleteAffiliate method deletes the specified affiliate object from the affiliate domain.

Syntax

The DeleteAffiliate method has the following format:

Netegrity::PolicyMgtAffDomain‑>DeleteAffiliate(aff)

Parameters

The DeleteAffiliate method accepts the following parameters:

aff (PolicyMgtAffiliate)

Specifies the affiliate object to delete.

Return Value

The DeleteAffiliate method returns one of the following values:

• 0 on success, or if the affiliate domain was not found
• -1 on failure

DeleteSAMLServiceProvider Method—Deletes a SAML Service Provider

The DeleteSAMLServiceProvider method deletes the specified SAML 2.0 Service Provider.

Syntax

The method has the following format:

Netegrity::PolicyMgtAffDomain‑>DeleteSAMLServiceProvider(sp)

Parameters

The DeleteSAMLServiceProvider method accepts the following parameters:

sp (PolicyMgtSAMLServiceProvider)

Specifies the Service Provider to delete.

Return Value

The DeleteSAMLServiceProvider method returns the one of the following values:

• 0 on success, or if the Service Provider was not found
• -1 on failure

DeleteWSFEDResourcePartner Method—Deletes a Resource Partner

The DeleteWSFEDResourcePartner method deletes a resource partner.

Syntax

The DeleteWSFEDResourcePartner method has the following format:

Netegrity::PolicyMgtAffDomain‑>DeleteWSFEDResourcePartner(rp)

Parameters

The DeleteWSFEDResourcePartner method accepts the following parameter:

rp (PolicyMgtWSFEDResourcePartner object)

Specifies the resource partner to delete.

Return Value

The DeleteWSFEDResourcePartner method returns one of the following values:

• value = 0

  Specifies that the method is successful.

• value = -1

  Specifies that the method is unsuccessful.

Description Method—Retrieves or Sets a Description

The Description method sets or retrieves the description of the affiliate domain.

Syntax

The Description method has the following format:

Netegrity::PolicyMgtAffDomain‑>Description([domainDesc])

Parameters

The Description method accepts the following parameters:

domainDesc (string)

(Optional) Specifies the description to set.

Return Value

The Description method returns one of the following values:

• A new or existing description of the affiliate domain on success
• undef on failure

GetAffiliate Method—Retrieves an Affiliate Object

The GetAffiliate method retrieves the specified affiliate object.

Syntax

The GetAffiliate method has the following format:

Netegrity::PolicyMgtAffDomain‑>GetAffiliate(affName)

Parameters

The GetAffiliate method accepts the following parameters:

affName (string)

Specifies the name of the affiliate object to retrieve.

Return Value

The GetAffiliate method returns one of the following objects:

• A PolicyMgtAffiliate object on success
• undef if the specified affiliate object does not exist, or if the call fails

GetAllAdmins Method—Retrieves all Administrators

The GetAllAdmins method retrieves all administrators associated with the affiliate domain.

Syntax

The GetAllAdmins method has the following format:

Netegrity::PolicyMgtAffDomain‑>GetAllAdmins( )

Parameters

The GetAllAdmins method accepts no parameters.

Return Value

The GetAllAdmins method returns one or more of the following values:

• An array of PolicyMgtAdmin objects
• undef if no administrator objects are associated with the affiliate domain, or if the call fails

GetAllAffiliates Method—Retrieves All Affiliates in a Domain

The GetAllAffiliates method retrieves all affiliate objects associated with the affiliate domain.

Syntax

The GetAllAffiliates method has the following format:

Netegrity::PolicyMgtAffDomain‑>GetAllAffiliates( )

Parameters

The GetAllAffiliates method accepts no parameters.

Return Value

The GetAllAffiliates method returns one of the following values:

• An array of PolicyMgtAffiliate objects on success
• undef if unsuccessful

GetAllSAMLServiceProviders Method—Retrieves all Service Providers associated with the Affiliate Domaine

The GetAllSAMLServiceProviders method retrieves all the SAML 2.0 Service Providers associated with the affiliate domain.

Syntax

The GetAllSAMLServiceProviders method has the following format:

Netegrity::PolicyMgtAffDomain‑>GetAllSAMLServiceProviders( )

Parameters

The GetAllSAMLServiceProviders method accepts no parameters.

Return Value

The GetAllSAMLServiceProviders method returns one of the following values:

• An array of PolicyMgtSAMLServiceProvider objects
• undef if unsuccessful

GetAllWSFEDResourcePartners Method—Retrieves all WSFED Resource Partners

The GetAllWSFEDResourcePartners method retrieves all Resource Partners associated with the domain.

Syntax

The GetAllWSFEDResourcePartners method has the following format:

Netegrity::PolicyMgtAffDomain‑>GetAllWSFEDResourcePartners( )

Parameters

The GetAllWSFEDResourcePartners method accepts no parameters.

Return Value

The GetAllWSFEDResourcePartners method returns one of the following values:

• An array of PolicyMgtWSFEDResourcePartner objects on success
• undef on failure

GetSAMLServiceProvider Method—Retrieves a Specified Service Provider

The GetSAMLServiceProvider method retrieves the specified SAML 2.0 Service Provider.

Syntax

The GetSAMLServiceProvider method has the following format:

Netegrity::PolicyMgtAffDomain‑>GetSAMLServiceProvider(spName)

Parameters

The GetSAMLServiceProvider method accepts the following parameter:

spName (string)

Specifies the name of the Service Provider to retrieve.

Return Value

The GetSAMLServiceProvider method returns one of the following values:

• A PolicyMgtSAMLServiceProvider object on success
• undef if the specified Service Provider does not exist, or if the call is unsuccessful

GetSAMLServiceProviderByID Method—Retrieves a Specified Service Provider

The GetSAMLServiceProviderById method retrieves the specified SAML 2.0 Service Provider by its provider ID.

Syntax

The GetSAMLServiceProviderById method has the following format:

Netegrity::PolicyMgtAffDomain‑>GetSAMLServiceProviderById(spID)

Parameters

The GetSAMLServiceProviderById method accepts the following parameter:

spID (string)

Specifies the provider ID of the Service Provider to retrieve.

Return Value

The GetSAMLServiceProviderById method returns one of the following values:

• A PolicyMgtSAMLServiceProvider object on success
• undef if the specified Service Provider does not exist, or if the call is unsuccessful

GetUserDirSearchOrder Method—Retrieves Search Order of a User Directory

The GetUserDirSearchOrder method retrieves user directory objects associated with the affiliate domain. The order of the returned objects is the same order SiteMinder uses when querying the directories.

Syntax

The GetUserDirSearchOrder method has the following format:

Netegrity::PolicyMgtAffDomain‑>GetUserDirSearchOrder( )

Parameters

The GetUserDirSearchOrder method accepts no parameters.

Return Value

The GetUserDirSearchOrder method returns one of the following values:

• An array of PolicyMgtUserDir objects on success
• undef if unsuccessful

GetWSFEDResourcePartner Method—Retrieves Resource Partner

The GetWSFEDResourcePartner method retrieves the specified WS-Federation Resource Partner associated with the domain.

Syntax

The GetWSFEDResourcePartner method has the following format:

Netegrity::PolicyMgtAffDomain‑>GetWSFEDResourcePartner(rpName)

Parameters

The GetWSFEDResourcePartner method accepts the following parameters:

rpName (string)

Specifies the name of the Resource Partner to retrieve.

Return Value

The GetWSFEDResourcePartner method returns the following value:

• A PolicyMgtWSFEDResourcePartner object on success
• undef if the specified Resource Partner does not exist, or if the call is unsuccessful

GetWSFEDResourcePartnerById Method—Retrieves Resource Partner by ID

The GetWSFEDResourcePartnerById method retrieves the specified Resource Partner by its Provider ID.

Syntax

The GetWSFEDResourcePartnerById method has the following format:

Netegrity::PolicyMgtAffDomain‑>GetWSFEDResourcePartnerById( rpID )

Parameters

The GetWSFEDResourcePartnerById method accepts the following parameters:

rpID (string)

Specifies the ID of the Resource Partner to retrieve.

Return Value

The GetWSFEDResourcePartnerById method returns the following value:

• A PolicyMgtWSFEDResourcePartner object
• undef if the specified Resource Partner does not exist, or if the call is unsuccessful

Name Method—Sets or Retrieves Affiliate Domain Name

The Name method sets or retrieves the name of the affiliate domain.

Syntax

The Name method has the following format:

Netegrity::PolicyMgtAffDomain‑>Name( [domainName] )

Parameters

The Name method accepts the following parameter:

domainName (string)

(Optional) Specifies the name to set.

Return Value

The Name method returns one of the following values:

• New or existing affiliate domain name
• undef if the call was unsuccessful

RemoveAdmin Method—Dissasocciates an Administrator from an Affiliate Domain

The RemoveAdmin method disassociates the specified administrator from the affiliate domain.

Syntax

The RemoveAdmin method has the following format:

Netegrity::PolicyMgtAffDomain‑>RemoveAdmin( admin )

Parameters

The RemoveAdmin method accepts the following parameter:

admin (PolicyMgtAdmin)

Specifies the administrator to remove from the affiliate domain.

Return Value

The RemoveAdmin method returns one of the following values:

• 0 on success
• -1 on failure

RemoveUserDir Method—Disassociates a User Directory from an Affiliate Domain

The RemoveUserDir method disassociates the user directory from the affiliate domain.

Syntax

The RemoveUserDir method has the following format:

Netegrity::PolicyMgtAffDomain‑>RemoveUserDir( userDir )

Parameters

The RemoveUserDir method accepts the following parameter:

userDir (PolicyMgtUserDir)

Specifies the user directory to disassociate from the affiliate domain.

Return Value

The RemoveUserDir method returns one of the following values:

• 0 on success
• -1 on failure

SetUserDirSearchOrder Method—Sets the Order for Searching Directory Objects

The SetUserDirSearchOrder method rearranges the search order of the user directory objects associated with the affiliate domain.

Syntax

The SetUserDirSearchOrder method has the following format:

Netegrity::PolicyMgtAffDomain‑>SetUserDirSearchOrder( dirArray )

Parameters

The SetUserDirSearchOrder method accepts the following parameter:

dirArray (PolicyMgtUserDir)

Specifies a reference to an array of user directory objects (for example: \@myarray).

Return Value

The SetUserDirSearchOrder method returns the following value:

• Array of (PolicyMgtUserDir) objects on success
• undef if unsuccessful