The AddAttribute method Adds a new affiliate attribute to the affiliate object.
Syntax
The AddAttribute method has the following format:
Netegrity::PolicyMgtAffiliate‑>AddAttribute(attrType, value)
Parameters
The AddAttribute method accepts the following parameters:
attrType (int)
Specifies one of the following affiliate attribute types:
value (int)
Specifies the value for the affiliate attribute. This value specification appears in the Name Value Pair column of the SiteMinder Affiliate Dialog. The format of the value specification depends upon the kind of affiliate attribute you are adding -- Static, User Attribute, or DN Attribute:
Static. A literal attribute value. A static affiliate attribute is useful for passing specific information about the user to an application at the affiliate site -- for example, the user's credit limit at the affiliate site.
VariableName is the name that identifies the attribute in the SAML assertion, and value is the attribute value.
User Attribute. A user profile attribute name from a user's entry in an LDAP, WinNT, or ODBC user directory -- for example, the attribute name for a user's job title or email address.
UserAttrVariableName is the name that identifies the attribute in the SAML assertion, and UserAttrName (enclosed in quotes) is the name of the attribute in the user directory.
userattr= is static text that must be included in the format. The userattr= portion of the name/value pair must be enclosed by percent signs and angle brackets: <% . . . %>.
Example: email_address=<%userattr="email"%>
DN Attribute. The name of an attribute within an LDAP or ODBC directory object that is associated with the user. Groups to which a user belongs and Organizational Units (ou) that are part of a user DN are examples of directory objects whose attributes can be referenced as DN attributes. For example, a DN attribute can reference a company division for a user, based on the user's membership in a division.
DNVariableName is the name that identifies the attribute in the SAML assertion. DNSpec (enclosed in quotes) is the DN of the directory object, and DNAttrName (enclosed in quotes) is the name of the directory object attribute.
dn= and attr= are static text strings that must be included in the format. The dn= and attr= portion of the name/value pair must be enclosed by pound signs and angle brackets: <# . . . #>.
Example: GroupName=<#dn="ou=home,o=security.com" attr="cn"#>
To allow SiteMinder to retrieve DN attributes from a nested group, begin DNSpec with an exclamation mark ( ! ) -- for example:
dn="!ou=home,o=security.com"
Return Value
The AddAttribute method returns the following value:
Remarks
Affiliate attributes are name/value pairs that SiteMinder provides to an affiliate in a SAML assertion. Attributes include user entitlements (such as the user's credit limit at the affiliate site) and information from a user's profile (such as job title or email address).
When an application at the affiliate site extracts affiliate attributes from the assertion, it can make the attributes available to other applications at the site as HTTP header variables or HTTP cookie variables.
Note: The total size of an assertion passed to an affiliate cannot exceed 4K. If you include a large number of attributes in an affiliate object, you may violate this limit. A maximum assertion size of 3K is recommended.
The AddUser method adds a new user to the affiliate object.
Syntax
The AddUser method has the following format:
Netegrity::PolicyMgtAffiliate‑>AddUser( user )
Parameters
The AddUser method accepts the following parameter:
user (PolicyMgtUser)
Specifies the user to add.
Return Value
The AddUser method returns one of the following values:
The AllowNotification method sets or retrieves the event notification property. If event notifications are enabled, the affiliate sends notifications about user activities to SiteMinder on the assertion producer site.
Syntax
The AllowNotification method has the following format:
Netegrity::PolicyMgtAffiliate‑>AllowNotification( [notificationFlag] )
Parameters
The AllowNotification method accepts the following parameter:
notificationFlag (int)
(Optional) Specifies whether to enable event notification: 1 means to enable event notification; 0 means to disable event notifications.
Return Value
The AllowNotification method returns one of the following values:
The AssertionPluginClass method sets or retrieves the fully qualified class name of an assertion generator plug-in.
Syntax
The AssertionPluginClass method has the following format:
Netegrity::PolicyMgtAffiliate‑>AssertionPluginClass( [className] )
Parameters
The AssertionPluginClass method accepts the following parameter:
className (string)
(Optional) Specifies the fully qualified class name of the custom assertion generator plug-in, for example, com.samlproducer.assertionplugin.partner1.
Return Value
The AssertionPluginClass method returns one of the following values:
Remarks
The plug-in is a custom Java class that lets you modify the contents of a default SAML assertion generated by SiteMinder. SAML assertions are available in legacy federation, which is licensed separately.
The assertion generator plug-in functionality requires a Policy Management API session version of at least v6.0 SP 2. You can pass a parameter string into the assertion generator plug-in through the method PolicyMgtAffiliate‑>AssertionPluginParameters.
To create an assertion generator plug-in, implement the AssertionGeneratorPlugin interface in the Java SDK. For information, see the Programming Guide for Java.
The AssertionPluginParameters method sets or retrieves the parameter string to pass to a custom assertion generator plug-in. The syntax of the parameter string is user-defined--that is, the parameter string must conform to whatever conventions that the custom assertion generator requires.
Syntax
The AssertionPluginParameters method has the following format:
Netegrity::PolicyMgtAffiliate‑>AssertionPluginParameters( [parameter] )
Parameters
The AssertionPluginParameters method accepts the following parameter:
parameters (string)
(Optional) Specifies the parameter string to pass to the plug-in.
Return Value
The AssertionPluginParameters method returns one of the following values:
The Audience method sets or retrieves the URI of the document that describes the agreement between the assertion producer site and the affiliate.
This value is included in the SAML assertion passed to the affiliate and can be used for validation purposes. Also, the affiliate can parse the audience document to obtain relevant information. The audience value must match the Assertion Audience setting in the AffiliateConfig.xml configuration file for the SAML Affiliate Agent.
Syntax
The Audience method has the following format:
Netegrity::PolicyMgtAffiliate‑>Audience( [audience] )
Parameters
The Audience method accepts the following parameter:
audience (string)
(Optional) Specifies the audience URI to set.
Return Value
The Audience method returns one of the following values:
The AuthURL method sets or retrieves the URL used to authenticate affiliate users.
Syntax
The AuthURL method has the following format:
Netegrity::PolicyMgtAffiliate‑>AuthURL( [AuthURL] )
Parameters
The AuthURL method accepts the following parameter:
AuthURL (string)
(Optional) Specifies the authentication URL to set.
Return Value
The AuthURL method returns one of the following values:
The ConsumerURL method sets or retrieves the URL where the requesting user's browser must POST a generated assertion.
Syntax
The ConsumerURL method has the following format:
Netegrity::PolicyMgtAffiliate‑>ConsumerURL( [ConsumerURL] )
Parameters
The ConsumerURL method accepts the following parameter:
ConsumerURL (string)
(Optional) Specifies the URL where the generated assertion is to be sent.
Return Value
The ConsumerURL method returns one of the following values:
The CreateIPHostConfigName method Creates an IP configuration object from the specified host name.
Syntax
The CreateIPHostConfigName method has the following format:
Netegrity::PolicyMgtAffiliate‑>CreateIPConfigHostName( hostName )
Parameters
The CreateIPHostConfigName method accepts the following parameter:
hostName (string)
Specifies the host name upon which to base the IP configuration object.
Return Value
The CreateIPHostConfigName method returns one of the following values:
Remarks
Only those users who access the affiliate site from the specified host will be accepted at the affiliate site.
The CreateIPConfigRange method creates an IP configuration object from the specified range of IP addresses.
Syntax
The CreateIPConfigRange method has the following format:
Netegrity::PolicyMgtAffiliate‑>CreateIPConfigRange( ipAddr1, ipAddr2 )
Parameters
The CreateIPConfigRange method accepts the following parameters:
ipAddr1 (string)
Specifies the first IP address in the range of valid IP addresses from which to access the affiliate site.
ipAddr2 (int)
Specifies the last IP address in the range of valid IP addresses from which to access the affiliate site.
Return Value
The CreateIPConfigRange method returns one of the following values:
Remarks
Only those users who access the affiliate site from an IP address within the specified range are accepted at the affiliate site.
The CreateIPConfigSingleHost method creates an IP configuration object from the specified IP address.
Syntax
The CreateIPConfigSingleHost method has the following format:
Netegrity::PolicyMgtAffiliate‑>CreateIPConfigSingleHost( ipAddr )
Parameters
The CreateIPConfigSingleHost method accepts the following parameter:
ipAddr (string)
Specifies the IP address from which to access the affiliate site.
Return Value
The CreateIPConfigSingleHost method returns one of the following values:
Remarks
Only those users who access the affiliate site from the specified IP address are accepted at the affiliate site.
The CreateIPConfigSubnetMask method creates an IP configuration object from the specified IP address and subnet mask.
Syntax
The CreateIPConfigSubnetMask method has the following format:
Netegrity::PolicyMgtAffiliate‑>CreateIPConfigSubnetMask( ipAddr, subnetMask )
Parameters
The CreateIPConfigSubnetMask method accepts the following parameters:
ipAddr (string)
Specifies the IP address used to derive the subnet address.
subnetMask (unsigned long)
Specifies the subnet mask used to derive the subnet address.
Return Value
The CreateIPConfigSubnetMask method returns one of the following values:
Remarks
Only those users who access the affiliate site from the subnet address will be accepted at the affiliate site. The subnet address is derived from the passed IP address and subnet mask.
The DeleteIPConfig method deletes the specified IP configuration object.
Syntax
The DeleteIPConfig method has the following format:
Netegrity::PolicyMgtAffiliate‑>DeleteIPConfig( IPConfig )
Parameters
The DeleteIPConfig method accepts the following parameter:
IPConfig (PolicyMgtIPConfig)
Specifies the IP configuration object to delete.
Return Value
The DeleteIPConfig method returns one of the following values:
The Description method sets or retrieves the description of the affiliate object.
Syntax
The Description method has the following format:
Netegrity::PolicyMgtAffiliate‑>Description( [affDesc] )
Parameters
The Description method accepts the following parameter:
affDesc (string)
(Optional) Specifies the description to set.
Return Value
The Description method returns one of the following values:
The GetAllAttributes method retrieves all existing affiliate attributes for the affiliate object.
Syntax
The GetAllAttributes method has the following format:
Netegrity::PolicyMgtAffiliate‑>GetAllAttributes( )
Parameters
The GetAllAttributes method accepts no parameters.
Return Value
The GetAllAttributes method returns one of the following values:
The GetAllIPConfigs method retrieves all IP configuration objects for the affiliate object.
Syntax
The GetAllIPConfigs method has the following format:
Netegrity::PolicyMgtAffiliate‑>GetAllIPConfigs( )
Parameters
The GetAllIPConfigs method accepts no parameters.
Return Value
The GetAllIPConfigs method returns one of the following values:
The GetAllUsers method retrieves all users associated with the affiliate object. If a user directory is specified, the method returns only those users associated with the affiliate and the particular directory.
Syntax
The GetAllUsers method has the following format:
Netegrity::PolicyMgtAffiliate‑>GetAllUsers( [userDir] )
Parameters
The GetAllUsers method accepts the following parameter:
userDir (PolicyMgtUserDir)
(Optional) Specifies a user directory that the affiliate users must be members of.
Return Value
The GetAllUsers method returns one of the following values:
The IsEnabled method sets or retrieves the enabled flag for the affiliate object.
Syntax
The IsEnabled method has the following format:
Netegrity::PolicyMgtAffiliate‑>IsEnabled( [enableFlag] )
Parameters
The IsEnabled method accepts the following parameter:
enableFlag (int)
(Optional) Specifies whether to enable the affiliate object:
Return Value
The IsEnabled method returns one of the following values:
The Name method sets or retrieves the name of the affiliate object.
Syntax
The Name method has the following format:
Netegrity::PolicyMgtAffiliate‑>Name( [affName] )
Parameters
The Name method accepts the following parameter:
affName (string)
(Optional) Specifies the name to set.
Return Value
The Name method returns one of the following values:
The Password method sets or retrieves the password that affiliates use to access SiteMinder Federation Web Services.
Syntax
The Password method has the following format:
Netegrity::PolicyMgtAffiliate‑>Password( [affPassword] )
Parameters
The Password method accepts the following parameter:
affPassword (string)
(Optional) Specifies the password to set.
Return Value
The Password method returns one of the following values:
The RemoveAttribute method removes the specified affiliate attribute from the affiliate object.
Syntax
The RemoveAttribute method has the following format:
Netegrity::PolicyMgtAffiliate‑>RemoveAttribute( affiliateAttr )
Parameters
The RemoveAttribute method accepts the following parameter:
affiliateAttr (PolicyMgtAffiliateAttr)
Specifies the affiliate attribute to remove.
Return Value
The RemoveAttribute method returns one of the following values:
The RemoveUser method removes the specified user from the affiliate object.
Syntax
The RemoveUser method has the following format:
Netegrity::PolicyMgtAffiliate‑>RemoveUser( user )
Parameters
The RemoveUser method accepts the following parameter:
user (type)
Specifies he user to remove.
Return Value
The RemoveUser method returns one of the following values:
The SAMLProfile method sets or retrieves the type of profile used for sending and receiving SAML assertions.
Syntax
The SAMLProfile method has the following format:
Netegrity::PolicyMgtAffiliate‑>SAMLProfile([SAMLProfile])
Parameters
The SAMLProfile method accepts the following parameters:
SAMLProfile (long)
(Optional) Specifies one of the following valid SAML profile:
Return Value
The SAMLProfile method returns one of the following values:
The SAMLVersion method sets or retrieves the SAML version for the affiliate.
Syntax
The SAMLVersion method has the following format:
Netegrity::PolicyMgtAffiliate‑>SAMLVersion( [SAMLVer] )
Parameters
The SAMLVersion method accepts the following parameter:
SAMLVer (long)
(Optional) Specifies one of the following SAML versions to set:
Return Value
The SAMLVersion method returns one of the following values:
Remarks
Specifying a SAML version has effect only if the Policy Manager API's session version is at least v6.0 SP 1.
The Save method saves the affiliate object to the policy store.
Syntax
The Save method has the following format:
Netegrity::PolicyMgtAffiliate‑>Save( )
Parameters
The Save method accepts no parameters.
Return Value
The Save method returns one of the following values:
Remarks
Call this method once after making all the modifications to the affiliate object that you intend to make. This method must be called for any changes to take effect.
The SessionSyncInterval method sets or retrieves the session synchronization interval property. This property specifies the frequency, in seconds, at which the affiliate contacts the assertion producer site to validate the status of a shared session.
Syntax
The SessionSyncInterval method has the following format:
Netegrity::PolicyMgtAffiliate‑>SessionSyncInterval( [SessionSyncInterval] )
Parameters
The SessionSyncInterval method accepts the following parameter:
SessionSyncInterval (long)
(Optional) Specifies the session synchronization interval to set.
Return Value
The SessionSyncInterval method returns one of the following values:
The SharedSessioning method sets or retrieves the shared session property. With shared sessions, the sessions on both the assertion producer site and the affiliate are terminated when the session on either site ends.
Syntax
The SharedSessioning method has the following format:
Netegrity::PolicyMgtAffiliate‑>ShareSessioning([shareFlag])
Parameters
The SharedSessioning method accepts the following parameter:
shareFlag (int)
(Optional) Specifies the shared session property to set:
Return Value
The SharedSessioning method returns one of the following values:
The SkewTime method sets or retrieves the skew time property. The skew time is the difference, in seconds, between the system clock time of the assertion producer site and the system clock time of the affiliate site. Times are relative to GMT.
Syntax
The SkewTime method has the following format:
Netegrity::PolicyMgtAffiliate‑>SkewTime( [SkewTime] )
Parameters
The SkewTime method accepts the following parameter:
skewTime (long)
(Optional) Specifies the skew time to set.
Return Value
The SkewTime method returns one of the following values:
The ValidityDuration method sets or retrieves the number of seconds that a SiteMinder-generated SAML assertion is valid. If an affiliate receives the assertion after the specified time, the assertion is considered invalid.
Syntax
The ValidityDuration method has the following format:
Netegrity::PolicyMgtAffiliate‑>ValidityDuration( [ValidityDuration] )
Parameters
The ValidityDuration method accepts the following parameter:
validityDuration (long)
(Optional) Specifies the validity duration time to set.
Return Value
The ValidityDuration method returns one of the following values:
|
Copyright © 2015 CA Technologies.
All rights reserved.
|
|