Sm_PolicyApi_AdminRights_t enumerates the rights of the administrator. These values may be used individually or combined to set multiple rights. The resulting value is passed to Sm_PolicyApi_AddAdmin() as one of the attributes in a Sm_PolicyApi_Admin_t structure.
|
Name |
Value |
|---|---|
|
Sm_PolicyApi_AdminRights_ManageAllDomains |
0x01 |
|
Sm_PolicyApi_AdminRights_ManageObjects |
0x02 |
|
Sm_PolicyApi_AdminRights_ManageUsers |
0x04 |
|
Sm_PolicyApi_AdminRights_ManageKeys |
0x08 |
|
Sm_PolicyApi_AdminRights_ManagePasswordPolicy |
0x08 |
|
Sm_PolicyApi_AdminRights_ManageReports |
0x10 |
The following table shows how these values are used to set administrative privileges:
|
Scope |
Task |
Setting and Privilege(s) |
|---|---|---|
|
System |
Manage System & Domain Objects |
To set the privileges below, set administrator rights to both of the following: Sm_PolicyApi_AdminRights_ManageAllDomains Privileges: Create/edit/delete agents, agent groups, directories, policy domains, authentication schemes, agent types, ODBC setup, directory mappings, certificate mappings, and registration schemes. Create/delete parent realms in all domains. Create/edit/delete administrators. Flush all caches, including cached resources. Change global settings. All the privileges for Manage Domain Objects listed below. |
|
Domains |
Manage Domain Objects |
To set the privileges below, set administrator rights to: Sm_PolicyApi_AdminRights_ManageObjects Privileges: In managed domains: create/edit/delete rules, rule groups, responses, response groups, policies. Edit top level realms in managed domains (not resource filters). Create/edit/delete nested realms in managed domains. Flush specific realms from the resource cache, and flush all resources (in privileged domains) from the cache. |
|
System |
View Reports |
To set the privilege below, set administrator rights to both of the following: Sm_PolicyApi_AdminRights_ManageAllDomains Privilege: View all system and domain reports. |
|
Domains |
View Reports |
To set the privilege below, set administrator rights to: Sm_PolicyApi_AdminRights_ManageUsers Privilege: View reports for managed domains. |
|
System |
Manage Keys and Password Policies |
To set the privileges below, set administrator rights to both of the following: Sm_PolicyApi_AdminRights_ManageAllDomains Privileges: Create/edit/delete password policies. Manage keys. |
|
Domains |
Manage Password Policies |
To set the privilege below, set administrator rights to: Sm_PolicyApi_AdminRights_ManagePasswordPolicy Privilege: Create/edit/delete password policies for users in directories attached to managed domains. |
|
System |
Manage Users |
To set the privileges below, set administrator rights to both of the following: Sm_PolicyApi_AdminRights_ManageAllDomains Privileges: Flush all user session caches, or flush the user session cache of any individual user cache from any directory. Enable/disable users in any directory. Force password change on any user in any directory. |
|
Domains |
Manage Users |
To set the privileges below, set administrator rights to: Sm_PolicyApi_AdminRights_ManageReports Privileges: Flush user session caches for individual users in directories attached to managed domains. Enable/disable users in directories attached to managed domains. Force password change on users in directories attached to managed domains. |
Sm_PolicyApi_AffiliateAttrType_t enumerates the valid affiliate attribute types, for use in the affiliate functions to manipulate affiliate attributes.
|
Name |
Value |
|---|---|
|
Sm_PolicyApi_Affiliate_HTTP_Header_Variable |
1 |
|
Sm_PolicyApi_Affiliate_HTTP_Cookie_Variable |
2 |
Sm_PolicyApi_SAMLSPAttrMode_t enumerates the valid attribute retrieval types for use in SAML 2.0 Attribute Authority support:
|
Name |
Value |
|---|---|
|
Sm_PolicyApi_SAMLSP_SSO_Only |
0 |
|
Sm_PolicyApi_SAMLSP_Attribute_Only |
1 |
One of these values should be provided in the nMode element of the Sm_PolicyApi_SAMLSPAttr_t structure.
Sm_PolicyApi_AuthAzMapType_t enumerates the authentication and authorization mapping types.
|
Name |
Value |
|---|---|
|
Sm_PolicyApi_AuthAzMapType_DN |
1 |
|
Sm_PolicyApi_AuthAzMapType_UniversalId |
2 |
|
Sm_PolicyApi_AuthAzMapType_Attr |
3 |
Sm_PolicyApi_CertMapAttrType_t enumerates types of mapping that determine how an X.509 client certificate will map to the user information in the authentication directory.
|
Name |
Value |
|---|---|
|
Sm_PolicyApi_CertMapAttrType_Single |
1 |
|
Sm_PolicyApi_CertMapAttrType_Custom |
2 |
|
Sm_PolicyApi_CertMapAttrType_Exact |
3 |
Sm_PolicyApi_DirType_t enumerates the types of directories that can be used to authenticate users.
|
Name |
Value |
|---|---|
|
Sm_PolicyApi_DirType_LDAP |
1 |
|
Sm_PolicyApi_DirType_WinNT |
2 |
|
Sm_PolicyApi_DirType_ODBC |
3 |
Sm_PolicyApi_CertMapFlags_t enumerates flags that represent certificate mapping properties.
|
Flag |
Value |
|---|---|
|
Sm_PolicyApi_CertMapFlags_CertRequired Setting this flag causes SiteMinder to verify that the certificate presented by the user matches the certificate stored in the user's entry in the authentication directory. The authentication directory must be an LDAP user directory. |
0x01 |
|
Sm_PolicyApi_CertMapFlags_UseDistributionPoints Set this flag if your Certificate Revocation List (CRL) uses distribution points. Large CRLs may contain multiple distribution points that can be used to locate a revoked user. Distribution points indicate a starting point in the CRL LDAP directory. The distribution point provides a starting point for a CRL check and saves the processing time that it would take to search the entire CRL for a particular user. When this flag is set, SiteMinder retrieves the distribution point from the user's certificate, then uses it to find the appropriate LDAP directory entry point for the CRL. |
0x02 |
|
Sm_PolicyApi_CertMapFlags_VerifySignature Set this flag to enable signature verification, where the Policy Server checks the Certificate Authority's public certificate against a signature stored in the policy database. |
0x04 |
|
Sm_PolicyApi_CertMapFlags_CRLCheck Set this flag to make SiteMinder perform a Certificate Revocation List check. A Certificate Revocation List (CRL) is a list of revoked X.509 client certificates published by the Certificate Authority. Comparing certificates against CRLs is one way to ensure that certificates are valid. When a user with such a certificate tries to access a protected resource, SiteMinder finds the user's certificate in the CRL and rejects the authentication. |
0x08 |
|
Sm_PolicyApi_CertMapFlags_Cache Setting this flag causes SiteMinder to use cached CRL information until the date specified in the NextUpdate field in the CRL. |
0x10 |
Sm_PolicyApi_GetUserDirCapabilities() uses the values that are enumerated in Sm_DirectoryCapability_t, which is defined in SmApi.h.
|
Directory Capability |
Value |
|---|---|
|
Sm_DirCapability_CreatePasswordPolicy Capable of creating password policy. The following attributes are affected in the user directory (Sm_PolicyApi_UserDir_t): pszPasswordData, pszDisabledAttr, and pszPasswordAttribute. |
0x00000001 |
|
Sm_DirCapability_CreateRegistrationPolicy Capable of creating registration policy. The following attributes are affected in the user directory (Sm_PolicyApi_UserDir_t): pszAnonymousId, pszEmailAddressAttr, pszChallengeRespAttr, and pszPasswordAttribute. |
0x00000002 |
|
Sm_DirCapability_ResetUserPassword Capable of resetting the user password. This affects pszPasswordAttribute. |
0x00000004 |
|
Sm_DirCapability_ChangeUserPassword Capable of changing the user password. This affects pszPasswordAttribute. |
0x00000008 |
|
Sm_DirCapability_DisableUser Capable of disabling the user account. This affects pszDisabledAttr. |
0x00000010 |
|
Sm_DirCapability_DmsCapable Capable of being written by the Delegated Management System (DMS). |
0x00000020 |
|
Sm_DirCapability_Recursive Capable of supporting recursion. |
0x00000040 |
|
Sm_DirCapability_DisabledAttr Read-Write disabled attribute. This attribute is configured for the user directory. |
0x00100000 |
|
Sm_DirCapability_UniversalIdAttr Read-only Universal ID. This attribute is configured for the user directory.
|
0x00200000 |
|
Sm_DirCapability_AnonymousIdAttr Read-Write anonymous ID attribute. This attribute is configured for the user directory. |
0x00400000 |
|
Sm_DirCapability_PasswordDataAttr Read-Write password data attribute. This attribute is configured for the user directory. |
0x00800000 |
|
Sm_DirCapability_UserPasswordAttr Read-Write password attribute. This attribute is configured for the user directory. |
0x01000000 |
|
Sm_DirCapability_EmailAddressAttr Read-only E-mail attribute. This attribute is configured for the user directory. |
0x02000000 |
|
Sm_DirCapability_ChallengeRespAttr Read-Write Challenge and Response attribute. This attribute is configured for the user directory. |
0x04000000 |
Note: Attribute masks are directory user profile attributes. They are available in the directory. Each attribute is read-only or read-write. Read-write attributes are not used by other applications.
Sm_PolicyApi_DomainFlags_t enumerates flags pertaining to domain-wide influence.
|
Name |
Value |
|---|---|
|
Sm_PolicyApi_DomainFlags_GlobalPoliciesApply When this flag is set, the domain processes global policies for all realms in the domain. When this flag is not set, the domain does not process global policies. |
0x02 |
Sm_PolicyApi_Groups_t enumerates the type of group for which you can perform group functions.
|
Name |
Value |
|---|---|
|
Sm_PolicyApi_NULL_Group_Prop |
0 |
|
Sm_PolicyApi_Rule_Group_Prop |
1 |
|
Sm_PolicyApi_Response_Group_Prop |
2 |
|
Sm_PolicyApi_Agent_Group_Prop |
3 |
Sm_PolicyApi_IPAddressType_t enumerates the type of IP address restrictions that are defined for an object in Sm_PolicyApi_IPAddress_t.
|
IP Address Type |
Value |
|---|---|
|
Sm_PolicyApi_IPAddressType_SingleHost A single host IP address requires the following fields to be set:
|
1 |
|
Sm_PolicyApi_IPAddressType_HostName A host name IP address requires the following fields to be set:
|
2 |
|
Sm_PolicyApi_IPAddressType_AddressAndSubNetMask A subnet mask requires the following fields to be set:
|
3 |
|
Sm_PolicyApi_IPAddressType_Range A range of IP addresses requires the following fields to be set:
|
4 |
Sm_PolicyApi_ManagementCommands_t enumerates the values that can be passed to Sm_PolicyApi_ManagementCommand() for flushing caches, for managing agent encryption keys, and for shared secret rollover.
Initialize the structure to zero (memset) prior to setting any values. Use the symbolic enumerated values, rather than hard-coding integer command values.
The value is passed in the iCommand field of the structure Sm_PolicyApi_ManagementCommand_t.
|
Management Command |
Value |
|---|---|
|
Sm_PolicyApi_ManagementCommand_FlushAll Flushes all SiteMinder caches. Policy store cache, resource cache, and user information cache are flushed by this command. It does not require any data in the pszData field of Sm_PolicyApi_ManagementCommand_t. |
1 |
|
Sm_PolicyApi_ManagementCommand_FlushUsers Flushes user information cache. It does not require any data in the pszData field of Sm_PolicyApi_ManagementCommand_t. |
2 |
|
Sm_PolicyApi_ManagementCommand_FlushRealms Flushes resource cache. It does not require any data in the pszData field of Sm_PolicyApi_ManagementCommand_t. |
3 |
|
Sm_PolicyApi_ManagementCommand_ChangeDynamicKeys Changes the dynamic agent key. It does not require any data in the pszData field of Sm_PolicyApi_ManagementCommand_t. Before you change a dynamic agent key through the C API, the Agent Key setting in the Policy Server Key Management dialog box must be set to Use dynamic Agent Key. To access this dialog box in the Policy Server UI, click Tools > Manage Keys. Then, in the Agent Key tab, select Use dynamic Agent Key. |
4 |
|
Sm_PolicyApi_ManagementCommand_ChangePersistentKey Changes the persistent or static key. The data field pszData of Sm_PolicyApi_ManagementCommand_t structure may contain an optional key value. If pszData is empty, the persistent key is randomly generated. |
5 |
|
Sm_PolicyApi_ManagementCommand_ChangeSessionKey Changes the session key. The data field pszData of Sm_PolicyApi_ManagementCommand_t structure may contain an optional key value. If pszData is empty, the session key is randomly generated. |
6 |
|
Sm_PolicyApi_ManagementCommand_RolloverSharedSecrets Rolls over shared secrets for rollover-enabled trusted hosts. |
7 |
Sm_PolicyApi_PasswordMsgId_t enumerates password message IDs.
Password messages describe the encoded error message returned to Sm_PolicyApi_SetPassword() when a new password does not satisfy the password policy requirements of the specified directory.
|
Password Message ID |
Value |
|---|---|
|
Sm_PolicyApi_PasswordMsgId_None |
0 |
|
Sm_PolicyApi_PasswordMsgId_ChangePassword |
1 |
|
Sm_PolicyApi_PasswordMsgId_PassswordGeneralFailure |
1000 |
|
Sm_PolicyApi_PasswordMsgId_PasswordShort |
1001 |
|
Sm_PolicyApi_PasswordMsgId_PasswordLong |
1002 |
|
Sm_PolicyApi_PasswordMsgId_PasswordOldPasswordBad |
1003 |
|
Sm_PolicyApi_PasswordMsgId_PasswordReuse |
1004 |
|
Sm_PolicyApi_PasswordMsgId_PasswordSimilar |
1005 |
|
Sm_PolicyApi_PasswordMsgId_PasswordRepeatingChars? |
1006 |
|
Sm_PolicyApi_PasswordMsgId_PasswordDictionaryMatch |
1007 |
|
Sm_PolicyApi_PasswordMsgId_PasswordContentLetters |
1008 |
|
Sm_PolicyApi_PasswordMsgId_PasswordContentDigits |
1009 |
|
Sm_PolicyApi_PasswordMsgId_PasswordContentAlphaNum |
1010 |
|
Sm_PolicyApi_PasswordMsgId_PasswordContentPunctuation |
1011 |
|
Sm_PolicyApi_PasswordMsgId_PasswordContentNonPrintable |
1012 |
|
Sm_PolicyApi_PasswordMsgId_PasswordContentNonAlphaNum |
1013 |
|
Sm_PolicyApi_PasswordMsgId_PasswordProfileMatch |
1014 |
|
Sm_PolicyApi_PasswordMsgId_PasswordGraceDays |
1015 |
|
Sm_PolicyApi_PasswordMsgId_PasswordSystemPIN |
1016 |
|
Sm_PolicyApi_PasswordMsgId_PasswordUserMaxNumPIN |
1017 |
|
Sm_PolicyApi_PasswordMsgId_PasswordUserMinMaxNumPIN |
1018 |
|
Sm_PolicyApi_PasswordMsgId_PasswordUserMaxAlphaPIN |
1019 |
|
Sm_PolicyApi_PasswordMsgId_PasswordUserMinMaxAlphaPIN |
1020 |
|
Sm_PolicyApi_PasswordMsgId_PasswordAcceptPIN |
1021 |
|
Sm_PolicyApi_PasswordMsgId_PasswordContentLowerAlpha |
1022 |
|
Sm_PolicyApi_PasswordMsgId_PasswordContentUpperAlpha |
1023 |
|
Sm_PolicyApi_PasswordMsgId_PasswordContentNoLowerAlpha |
1024 |
|
Sm_PolicyApi_PasswordMsgId_PasswordContentNoUpperAlpha |
1025 |
|
Sm_PolicyApi_PasswordMsgId_PasswordContentNoDigits |
1026 |
|
Sm_PolicyApi_PasswordMsgId_PasswordContentNoPunctuation |
1027 |
|
Sm_PolicyApi_PasswordMsgId_PasswordContentNoNonPrintable |
1028 |
|
Sm_PolicyApi_PasswordMsgId_PasswordContentNoNonAlphaNum |
1029 |
|
Sm_PolicyApi_PasswordMsgId_PasswordContentNoAlphaNum |
1030 |
|
Sm_PolicyApi_PasswordMsgId_PasswordContentMatchRegExp |
1031 |
|
Sm_PolicyApi_PasswordMsgId_PasswordContentNoMatchRegExp |
1032 |
|
Sm_PolicyApi_PasswordMsgId_PasswordUserMinNumPIN |
1033 |
|
Sm_PolicyApi_PasswordMsgId_PasswordUserDigitsPIN |
1034 |
|
Sm_PolicyApi_PasswordMsgId_PasswordUserAlphaNumPIN |
1035 |
Additional information about the error message is available in the password message field associated with the password message.
Sm_PolicyApi_PasswordMsgFieldId_t enumerates password message field IDs.
Password message fields contain additional information about the password messages described in the previous section. You can find this additional information in the structure Sm_PolicyApi_PasswordMsgField_t.
|
Password Message Field ID |
Value |
|---|---|
|
Sm_PolicyApi_PasswordMsgFieldId_None |
0 |
|
Sm_PolicyApi_PasswordMsgFieldId_Min |
1 |
|
Sm_PolicyApi_PasswordMsgFieldId_Max |
2 |
|
Sm_PolicyApi_PasswordMsgFieldId_OldPW |
3 |
|
Sm_PolicyApi_PasswordMsgFieldId_NewPW |
4 |
|
Sm_PolicyApi_PasswordMsgFieldId_Days |
5 |
|
Sm_PolicyApi_PasswordMsgFieldId_Token |
6 |
Fields can be of type integer or string, or they can have no type.
Sm_PolicyApi_FieldType_t enumerates the possible data types for the password message fields.
|
Password Message Field Type |
Value |
|---|---|
|
Sm_PolicyApi_FieldType_None |
0 |
|
Sm_PolicyApi_FieldType_Int |
1 |
|
Sm_PolicyApi_FieldType_String |
2 |
Sm_PasswordPolicyBehavior_t enumerates the behavioral characteristics of a password policy.
|
Password Policy Behavior Flag |
Value |
|---|---|
|
Sm_PasswordPolicy_DontTrackLogins This flag has been replaced in SiteMinder v6.0 SP3 by:
The new flags allow successful and failed logins to be tracked separately. Sm_PasswordPolicy_DontTrackLogins is currently maintained for backwards compatibility. If this flag is set, login tracking for successful and failed logins will not occur. |
0x00000004 |
|
Sm_PasswordPolicy_AllowFailedWrites Allows users to log in even if password data cannot be written to the user directory. |
0x00000008 |
|
Sm_PasswordPolicy_InactivityForcePWChange Forces a password change on the next login attempt after a user's password becomes invalid due to inactivity. |
0x00000010 |
|
Sm_PasswordPolicy_PWExpiredForcePWChange Forces a password change on the next login attempt after a user's password expires. |
0x00000020 |
|
Sm_PasswordPolicyBehavior_FullReenable If a user's account is disabled due to successive incorrect password entries, this flag re-enables the account after a given time period. Specify the time in the nReenablement field of Sm_PolicyApi_PasswordPolicy_t. If this flag is not set, the user is allowed another login attempt after the given nReenablement time period. |
0x00000040 |
|
Sm_PasswordPolicy_StopPriorityChaining Prevents the evaluation of password policies with lower priority ratings than the current password policy. |
0x00000080 |
|
Sm_PasswordPolicy_ExpireDisablePassword When the password expires, disable just the password and not the user account. |
0x00000100 |
|
Sm_PasswordPolicy_FailuresDisablePassword When the maximum number of authentication failures are exceeded, disable just the password and not the user account. |
0x00000200 |
|
Sm_PasswordPolicy_ForceCase Force the password's case that is specified through bit Sm_PasswordPolicy_CaseSelect. |
0x00000400 |
|
Sm_PasswordPolicy_CaseSelect If Sm_PasswordPolicy_ForceCase is set, Sm_PasswordPolicy_ForceCase forces upper case passwords when set, and forces lower case passwords when cleared. |
0x00000800 |
|
Sm_PasswordPolicy_CaseBits Sets both of the following bits (forces upper case passwords):
|
0x00000c00 |
|
Sm_PasswordPolicy_StripLeadingWhiteSpace Removes any leading white space from the password. |
0x00001000 |
|
Sm_PasswordPolicy_StripTrailingWhiteSpace Removes any trailing white space from the password. |
0x00002000 |
|
Sm_PasswordPolicy_StripFlankingWhiteSpace Sets both of the following bits (strips leading and trailing white space):
|
0x00003000 |
|
Sm_PasswordPolicy_StripEmbeddedWhiteSpace Removes all white space within the password. |
0x00004000 |
|
Sm_PasswordPolicy_WhiteSpaceBits Sets all of the following bits (strips leading, trailing, and embedded white space):
|
0x00007000 |
|
Sm_PasswordPolicy_PreProcessBits Sets all of the following bits (forces upper case passwords and strips leading, trailing, and embedded white space):
|
0x00007c00 |
|
Sm_PasswordPolicy_DontTrackSuccessLogins Performs directory updates at login time. When this flag is not set, the password policy tracks successful user logins, including the time of the last login. |
0x00008000 |
|
Sm_PasswordPolicy_DontTrackFailedLogins Performs directory updates at login time. When this flag is not set, the password policy tracks unsuccessful user login attempts. |
0x00010000 |
Note: Values 0x00000400 through 0x00007c00 apply to password preprocessing. During preprocessing, the password is checked before it is processed or stored.
Sm_PolicyApi_AddUsersToPolicy() uses the following values (which are defined in SmApi.h):
|
Flag |
Value |
|---|---|
|
Sm_PolicyBehavior_Exclude_Mask Bit 0x01 determines whether user policy excludes or includes 'users.' |
0x01 |
|
Sm_PolicyBehavior_Exclude_No |
0x00 |
|
Sm_PolicyBehavior_Exclude_Yes |
0x01 |
|
Sm_PolicyBehavior_Recursive_Mask Bit 0x02 determines whether user policy is recursive. This is applicable to directory object classes that can be nested. |
0x02 |
|
Sm_PolicyBehavior_Recursive_No |
0x00 |
|
Sm_PolicyBehavior_Recursive_Yes |
0x02 |
|
Sm_PolicyBehavior_AND_Mask Bit 0x04 determines whether the user policy has an AND relationship between user policies. This is applicable to user policies that are members of a particular user directory within the policy. |
0x04 |
|
Sm_PolicyBehavior_AND_No |
0x00 |
|
Sm_PolicyBehavior_AND_Yes |
0x04 |
Sm_PolicyApi_InitFlags_t enumerates the initialization flags used by Sm_PolicyApi_Init(). These flags affect API behavior.
|
Flag |
Value |
|---|---|
|
Sm_PolicyApi_InitFlags_EnableCache Enables caching of policy store, resource, and user information to ensure that SiteMinder responds quickly to user requests. |
0x01 |
|
Sm_PolicyApi_InitFlags_PreLoadCache Enables the Policy Management API to preload the SiteMinder caches. Note: By omitting this flag, you can reduce the time it takes for custom Policy Management applications to make policy store changes. |
0x02 |
|
Sm_PolicyApi_InitFlags_LoadAgentTypeDictionary Enables the Policy Management API to preload the SiteMinder agent type dictionary. |
0x04 |
|
Sm_PolicyApi_InitFlags_DisableValidation Disables validation of policy objects. |
0x08 |
|
Sm_PolicyApi_InitFlags_DisableAudit Disables:
|
0x10 |
|
Sm_PolicyApi_InitFlags_DisableCacheUpdates Disables cache updates. If cache updates are not disabled and Sm_PolicyApi_InitFlags_EnableCache is turned off, the Policy Management API will still issue the cache updates. |
0x20 |
|
Sm_PolicyApi_InitFlags_DisableManagementWatchDog Disables the SiteMinder management watchdog. The watchdog is enabled by default. The watchdog is used internally and should not be disabled. |
0x40 |
Sm_PolicyApi_Objects_t describes the policy store properties that can be retrieved, set, and removed.
Note: Sm_PolicyApi_NULL_Domain_Props, value 0, is reserved.
The following table lists the domain object type values that can be passed to Sm_PolicyApi_GetDomainObjects():
|
Name |
Value |
|---|---|
|
Sm_PolicyApi_Rule_Prop |
1 |
|
Sm_PolicyApi_RuleGroup_Prop |
2 |
|
Sm_PolicyApi_Policy_Prop |
3 |
|
Sm_PolicyApi_PolicyLink_Prop |
4 |
|
Sm_PolicyApi_UserPolicy_Prop |
5 |
|
Sm_PolicyApi_Realm_Prop |
6 |
|
Sm_PolicyApi_ResponseGroup_Prop |
7 |
|
Sm_PolicyApi_Response_Prop |
8 |
|
Sm_PolicyApi_ResponseAttr_Prop |
9 |
|
Sm_PolicyApi_UserDir_Prop |
10 |
|
Sm_PolicyApi_Admins_Prop |
17 |
|
Sm_PolicyApi_ActiveExpr_Prop |
23 |
|
Sm_PolicyApi_Variable_Prop |
25 |
|
Sm_PolicyApi_Affiliate_Prop |
33 |
|
Sm_PolicyApi_SAMLSP_Prop |
35 |
The following table lists the global object type names that can be passed to Sm_PolicyApi_GetGlobalObjects():
|
Name |
Value |
|---|---|
|
Sm_PolicyApi_Rule_Prop |
1 |
|
Sm_PolicyApi_Policy_Prop |
3 |
|
Sm_PolicyApi_Response_Prop |
8 |
|
Sm_PolicyApi_UserDir_Prop |
10 |
|
Sm_PolicyApi_Scheme_Prop Object ID for an authentication scheme. |
11 |
|
Sm_PolicyApi_Agent_Prop |
12 |
|
Sm_PolicyApi_AgentGroup_Prop |
13 |
|
Sm_PolicyApi_AgentType_Prop |
14 |
|
Sm_PolicyApi_AgentTypeAttr_Prop |
15 |
|
Sm_PolicyApi_Domain_Prop |
16 |
|
Sm_PolicyApi_Admins_Prop |
17 |
|
Sm_PolicyApi_ODBCQueryScheme_Prop |
18 |
|
Sm_PolicyApi_RegistrationScheme_Prop |
19 |
|
Sm_PolicyApi_PasswordPolicy_Prop |
20 |
|
Sm_PolicyApi_AuthAzMap_Prop Object ID for an authentication-authorization object. |
21 |
|
Sm_PolicyApi_CertMap_Prop Object ID for a certification-mapping object. |
22 |
|
Sm_PolicyApi_VariableType_Prop |
24 |
|
Sm_PolicyApi_TrustedHost_Prop |
26 |
|
Sm_PolicyApi_HostConfig_Prop |
27 |
|
Sm_PolicyApi_AgentConfig_Prop |
28 |
|
Sm_PolicyApi_Association_Prop Object ID for a configuration name/value pair in an agent configuration object. |
29 |
|
Sm_PolicyApi_AffiliateDomain_Prop |
32 |
|
Sm_PolicyApi_SharedSecretPolicy_Prop |
34 |
|
Sm_PolicyApi_SAMLIdP_Prop |
36 |
|
Sm_PolicyApi_SAMLAffiliation_Prop |
37 |
|
Sm_PolicyApi_WSFEDResourcePartner_Prop |
38 |
Sm_PolicyResolution_t, defined in SmApi.h, enumerates the values that describe the relationship between two policy objects.
The value codes that can be returned by the API are enumerated in Sm_PolicyApi_Status_t. The values have the following significance:
Most of the code names are self-explanatory. However, note that Sm_PolicyApi_BadArgument (-10) is returned when one or more of the required input parameters is not supplied. For example, if an argument such as a domain OID is null or represents a string of zero length, Sm_PolicyApi_BadArgument is returned to the caller.
Return codes with values less than -100 (except for Sm_PolicyApi_NotUnique, value -105) will rarely be returned by this API. They are included for completeness.
|
Return Code |
Value |
|
Sm_PolicyApi_Success |
0 |
|
Sm_PolicyApi_Failure |
-1 |
|
Sm_PolicyApi_InvalidHandle |
-2 |
|
Sm_PolicyApi_ErrorLogin |
-3 |
|
Sm_PolicyApi_NoPrivilege |
-4 |
|
Sm_PolicyApi_InvalidPasswordSyntax |
-5 |
|
Sm_PolicyApi_InvalidPassword |
-6 |
|
Sm_PolicyApi_DuplicateEntry |
-7 |
|
Sm_PolicyApi_DoesNotExist |
-8 |
|
Sm_PolicyApi_NotFound |
-9 |
|
Sm_PolicyApi_BadArgument |
-10 |
|
Sm_PolicyApi_WrongNumberOfElements |
-11 |
|
Sm_PolicyApi_UserDirNotPartOfDomain |
-12 |
|
Sm_PolicyApi_UserDirNotValid |
-13 |
|
Sm_PolicyApi_ErrorUserDir |
-14 |
|
Sm_PolicyApi_AgentNotFound |
-15 |
|
Sm_PolicyApi_AgentTypeNotFound |
-16 |
|
Sm_PolicyApi_AgentTypeAttrNotFound |
-17 |
|
Sm_PolicyApi_AgentTypeMismatch |
-18 |
|
Sm_PolicyApi_ODBCQuerySchemeNotFound |
-19 |
|
Sm_PolicyApi_UserDirNotFound |
-20 |
|
Sm_PolicyApi_DomainNotFound |
-21 |
|
Sm_PolicyApi_AdminNotFound |
-22 |
|
Sm_PolicyApi_SchemeNotFound |
-23 |
|
Sm_PolicyApi_RegistrationSchemeNotFound |
-24 |
|
Sm_PolicyApi_PasswordPolicyNotFound |
-25 |
|
Sm_PolicyApi_SchemeIsRequired |
-26 |
|
Sm_PolicyApi_PasswordPolicyConfig |
-27 |
|
Sm_PolicyApi_RealmNotFound |
-28 |
|
Sm_PolicyApi_NoChildren |
-29 |
|
Sm_PolicyApi_RuleNotFound |
-30 |
|
Sm_PolicyApi_ResponseNotFound |
-31 |
|
Sm_PolicyApi_ResponseAttrNotFound |
-32 |
|
Sm_PolicyApi_PolicyNotFound |
-33 |
|
Sm_PolicyApi_PolicyLinkNotFound |
-34 |
|
Sm_PolicyApi_UserPolicyNotFound |
-35 |
|
Sm_PolicyApi_BadGroup |
-36 |
|
Sm_PolicyApi_GroupNotFound |
-37 |
|
Sm_PolicyApi_Invalid |
-38 |
|
Sm_PolicyApi_InvalidHandleVersion |
-39 |
|
Sm_PolicyApi_DomainNotAffiliate |
-41 |
|
Sm_PolicyApi_InvalidOid |
-100 |
|
Sm_PolicyApi_NotImplemented |
-101 |
|
Sm_PolicyApi_NotSearchable |
-102 |
|
Sm_PolicyApi_NotStorable |
-103 |
|
Sm_PolicyApi_NotCollection |
-104 |
|
Sm_PolicyApi_NotUnique |
-105 |
|
Sm_PolicyApi_InvalidProp |
-106 |
|
Sm_PolicyApi_NotInitted |
-107 |
|
Sm_PolicyApi_NoSession |
-108 |
|
Sm_PolicyApi_OidInUseByRealm |
-109 |
|
Sm_PolicyApi_OidInUseByRule |
-110 |
|
Sm_PolicyApi_OidInUseByAdmin |
-111 |
|
Sm_PolicyApi_MissingProperty |
-112 |
|
Sm_PolicyApi_GroupMemberName |
-113 |
|
Sm_PolicyApi_RadiusIpAddrNotUnique |
-114 |
|
Sm_PolicyApi_GroupAgentType |
-115 |
|
Sm_PolicyApi_RadiusRealmNotUnique |
-116 |
|
Sm_PolicyApi_RealmFilterNotUnique |
-117 |
|
Sm_PolicyApi_InvalidCharacters |
-118 |
|
Sm_PolicyApi_AgentTypeCantBeDeleted |
-119 |
|
Sm_PolicyApi_ProvNotImplemented |
-120 |
|
Sm_PolicyApi_ProvNotUnique |
-121 |
|
Sm_PolicyApi_RealmCantBeUsedInRule |
-122 |
|
Sm_PolicyApi_OidInUserByCertMap |
-123 |
|
Sm_PolicyApi_OidInUseBySelfReg |
-124 |
|
Sm_PolicyApi_OidInUseByUserDirectory |
-125 |
|
Sm_PolicyApi_SchemeCantBeDeleted |
-126 |
|
Sm_PolicyApi_BasicSchemeUpdate |
-127 |
|
Sm_PolicyApi_NonHtmlForm |
-128 |
|
Sm_PolicyApi_IllegalRealmOperation |
-129 |
|
Sm_PolicyApi_NameNotUnique |
-130 |
|
Sm_PolicyApi_FeatureNotSupported |
-132 |
|
Sm_PolicyApi_AssertionConsumerDefaultMissing |
-133 |
|
Sm_PolicyApi_SAMLSP_AuthenticationURLMissing |
-134 |
|
Sm_PolicyApi_SAMLSP_DomainOidMissing |
-135 |
|
Sm_PolicyApi_SAMLSP_IdPIDMissing |
-136 |
|
Sm_PolicyApi_SAMLSP_NameMissing |
-137 |
|
Sm_PolicyApi_SAMLSP_NameIdFormatMissing |
-138 |
|
Sm_PolicyApi_SAMLSP_NameIdTypeMissing |
-139 |
|
Sm_PolicyApi_SAMLSP_NameIdStaticMissing |
-140 |
|
Sm_PolicyApi_SAMLSP_NameIdAttrNameMissing |
-141 |
|
Sm_PolicyApi_SAMLSP_NameIdDNSpecMissing |
-142 |
|
Sm_PolicyApi_SAMLSP_ProviderIDMissing |
-143 |
|
Sm_PolicyApi_SAMLSP_ProviderIDNotUnique |
-144 |
|
Sm_PolicyApi_SAML_UnSupportedSAMLVersion |
-145 |
|
Sm_PolicyApi_SAMLIDP_IncorrectParameters |
-146 |
|
Sm_PolicyApi_SAMLIDP_ProviderIDNotUnique |
-147 |
|
Sm_PolicyApi_SAMLAFF_NameMissing |
-148 |
|
Sm_PolicyApi_SAMLAFF_NameIdFormatMissing |
-149 |
|
Sm_PolicyApi_SAMLAFF_NameIdTypeMissing |
-150 |
|
Sm_PolicyApi_SAMLAFF_NameIdStaticMissing |
-151 |
|
Sm_PolicyApi_SAMLAFF_NameIdAttrNameMissing |
-152 |
|
Sm_PolicyApi_SAMLAFF_NameIdDNSpecMissing |
-153 |
|
Sm_PolicyApi_SAMLAFF_AffiliationIDMissing |
-154 |
|
Sm_PolicyApi_SAMLAFF_AffiliationIDNotUnique |
-155 |
|
Sm_PolicyApi_SAMLAFF_AffiliationHasMembers |
-156 |
|
Sm_PolicyApi_SAML_UnknownProperty |
-157 |
|
Sm_PolicyApi_WSFEDRP_AssertionConsumerDefaultMissing |
-158 |
|
Sm_PolicyApi_WSFEDRP_AuthenticationURLMissing |
-159 |
|
Sm_PolicyApi_WSFEDRP_DomainOidMissing |
-160 |
|
Sm_PolicyApi_WSFEDRP_APIDMissing |
-161 |
|
Sm_PolicyApi_WSFEDRP_NameMissing |
-162 |
|
Sm_PolicyApi_WSFEDRP_NameIdFormatMissing |
-163 |
|
Sm_PolicyApi_WSFEDRP_NameIdTypeMissing |
-164 |
|
Sm_PolicyApi_WSFEDRP_NameIdStaticMissing |
-165 |
|
Sm_PolicyApi_WSFEDRP_NameIdAttrNameMissing |
-166 |
|
Sm_PolicyApi_WSFEDRP_NameIdDNSpecMissing |
-167 |
|
Sm_PolicyApi_WSFEDRP_ProviderIdMissing |
-168 |
|
Sm_PolicyApi_WSFEDRP_ProviderIdNotUnique |
-169 |
|
Sm_PolicyApi_WSFEDRP_UnsupportedSAMLVersion |
-170 |
|
Sm_PolicyApi_WSFEDRP_UnkownProperty |
-171 |
|
Sm_PolicyApi_WSFEDAP_IncorrectParameters |
-172 |
|
Sm_PolicyApi_WSFEDAP_ProviderIDNotUnique |
-173 |
|
Sm_PolicyAPI_InsufficientRPData |
-174 |
|
Sm_PolicyAPI_WSFED_UnSupportedWSFEDVersion |
-175 |
|
Sm_PolicyAPI_DuplicateAttribute |
-176 |
|
Sm_PolicyAPI_SAMLSP_ACSDuplicateIndex |
-177 |
|
Sm_PolicyAPI_SAMLSP_ACSIndexedEndpointInUse |
-178 |
|
Sm_PolicyAPI_SAMLSP_ACSIndexedEndpointNotFound |
-179 |
|
Sm_PolicyAPI_SAMLSP_CantDeleteDefaultACSIndex |
-180 |
|
Sm_PolicyAPI_SAMLSP_ACSMaxExceeded |
-181 |
|
Sm_PolicyAPI_InConsistentANDBitMask |
-182 |
Sm_PolicyApi_SAML1_STATUS_REDIRECT_URL_TYPE_t defines the type of redirection specified in Sm_PolicyApi_AddRedirectURLToSAML1xScheme() and Sm_PolicyApi_GetRedirectURLFromSAML1xScheme().
Sm_PolicyApi_SAML1_STATUS_REDIRECT_URL_TYPE_t is listed in SmPolicyApi45.h.
|
Name |
Value |
|---|---|
|
Sm_PolicyApi_SAML1_STATUS_REDIRECT_URL_USER_NOT_FOUND_TYPE |
0 |
|
Sm_PolicyApi_SAML1_STATUS_REDIRECT_URL_INVALID_SSO |
1 |
|
Sm_PolicyApi_SAML1_STATUS_REDIRECT_URL_UNACCEPTABLE_USER_ |
2 |
The following values are the SAML Protocol Bindings that can be specified for each row of the Assertion Consumer Service:
|
Name |
Value |
|---|---|
|
Sm_PolicyApi_SAMLSP_HTTP_Post |
0 |
|
Sm_PolicyApi_SAMLSP_HTTP_Artifact |
1 |
|
Sm_PolicyApi_SAMLSP_PAOS |
2 |
Sm_PolicyApi_SAMLSPAttrNameFormat_t defines the format to use for specifying attributes that apply to a principal. The format specification is made within the structure Sm_PolicyApi_SAMLSPAttr_t.
The format identifiers are defined by the SAML 2.0 standard.
Sm_PolicyApi_SAMLSPAttrNameFormat_t is listed in SmPolicyApi45.h.
|
Name |
Value |
|---|---|
|
Sm_PolicyApi_SAMLSP_Unspecified |
0 |
|
Sm_PolicyApi_SAMLSP_URI |
1 |
|
Sm_PolicyApi_SAMLSP_Basic |
2 |
Sm_PolicyApi_SAML_Profile_t specifies the communication profile used to send and receive a SAML assertion for a particular affiliate object. The profile is specified as one of the attributes of a Sm_PolicyApi_Affiliate_t structure. Sm_PolicyApi_SAML_Profile_t is listed in SmPolicyApi45.h.
|
Name |
Value |
|---|---|
|
Sm_PolicyApi_SAML_Profile_Artifact |
1 |
|
Sm_PolicyApi_SAML_Profile_POST |
2 |
Sm_Api_SchemeType_t describes the values that may be passed to Sm_PolicyApi_AddScheme() as one of the attributes of a SmPolicyApi_Scheme_t structure. Sm_Api_SchemeType_t is listed in SmApi.h.
|
Scheme Type |
Value |
|
Sm_Api_SchemeType_Basic |
1 |
|
Sm_Api_SchemeType_CryptoCard |
2 |
|
Sm_Api_SchemeType_Encotone |
3 |
|
Sm_Api_SchemeType_HTMLForm |
4 |
|
Sm_Api_SchemeType_BasicOverSSL |
5 |
|
Sm_Api_SchemeType_RadiusServer |
6 |
|
Sm_Api_SchemeType_SafeWordServer |
7 |
|
Sm_Api_SchemeType_ACEServer |
8 |
|
Sm_Api_SchemeType_X509ClientCert |
9 |
|
Sm_Api_SchemeType_X509ClientCertAndBasic |
10 |
|
Sm_Api_SchemeType_X509ClientCertOrBasic |
11 |
|
Sm_Api_SchemeType_RadiusChapPap |
12 |
|
Sm_Api_SchemeType_Anonymous |
13 |
|
Sm_Api_SchemeType_NTLM |
14 |
|
Sm_Api_SchemeType_Custom |
15 |
|
Sm_Api_SchemeType_ACEServerHTMLForm |
16 |
|
Sm_Api_SchemeType_SafeWordHTMLForm |
17 |
|
Sm_Api_SchemeType_XMLDsig |
18 |
|
Sm_Api_SchemeType_X509ClientCertOrForm |
19 |
|
Sm_Api_SchemeType_X509ClientCertAndForm |
20 |
|
Sm_Api_SchemeType_MSPassport |
21 |
|
Sm_Api_SchemeType_XMLDocumentCredentialCollector |
22 |
|
Sm_Api_SchemeType_SAMLSessionTicket |
25 |
|
Sm_Api_SchemeType_SAMLArtifact |
26 |
|
Sm_Api_SchemeType_Impersonation |
27 |
|
Sm_Api_SchemeType_SAMLPOST |
28 |
|
Sm_Api_SchemeType_SAML2 |
29 |
|
Sm_Api-SchemeType_WSFED |
30 |
Sm_PolicyApi_SecretRolloverPeriod_t enumerates the units of time which, when combined with the rollover frequency setting, determines how often shared secret rollover occurs. For example a rollover period of RolloverHOURS and a frequency of 12 means that the shared secret is changed every 12 hours.
The rollover period is defined in the iRolloverPeriod field of structure Sm_PolicyApi_SharedSecretPolicy_t, and the frequency is defined in the iRolloverFrequency field of the structure.
|
Name |
Value |
|---|---|
|
RolloverNEVER |
0 |
|
RolloverHOURS |
1 |
|
RolloverDAYS |
2 |
|
RolloverWEEKS |
3 |
|
RolloverMONTHS |
4 |
Sm_PolicyApi_Structs_t enumerates the data structures that can be passed to and from the Policy Management API as follows:
|
Name |
Value |
|---|---|
|
Sm_PolicyApi_NULL_ID |
0 |
|
Sm_PolicyApi_Rule_ID |
1 |
|
Sm_PolicyApi_Policy_ID |
2 |
|
Sm_PolicyApi_Realm_ID |
3 |
|
Sm_PolicyApi_Response_ID |
4 |
|
Sm_PolicyApi_UserDir_ID |
5 |
|
Sm_PolicyApi_Agent_ID |
6 |
|
Sm_PolicyApi_Domain_ID |
7 |
|
Sm_PolicyApi_PolicyLink_ID |
8 |
|
Sm_PolicyApi_ResponseAttr_ID |
9 |
|
Sm_PolicyApi_User_ID |
10 |
|
Sm_PolicyApi_Scheme_ID |
11 |
|
Sm_PolicyApi_Admin_ID |
12 |
|
Sm_PolicyApi_Group_ID |
13 |
|
Sm_PolicyApi_ODBCQueryScheme_ID |
14 |
|
Sm_PolicyApi_Object_ID |
15 |
|
Sm_PolicyApi_AgentType_ID |
16 |
|
Sm_PolicyApi_AgentTypeAttr_ID |
17 |
|
Sm_PolicyApi_RegistrationScheme_ID |
18 |
|
Sm_PolicyApi_PasswordPolicy_ID |
19 |
|
Sm_PolicyApi_IPAddress_ID |
20 |
|
Sm_PolicyApi_AuthAzMap_ID |
21 |
|
Sm_PolicyApi_CertMap_ID |
22 |
|
Sm_PolicyApi_PasswordMsgField_ID |
23 |
|
Sm_PolicyApi_VariableType_ID |
25 |
|
Sm_PolicyApi_Variable_ID |
26 |
|
Sm_PolicyApi_TrustedHost_ID |
27 |
|
Sm_PolicyApi_HostConfig_ID |
28 |
|
Sm_PolicyApi_AgentConfig_ID |
29 |
|
Sm_PolicyApi_Association_ID |
30 |
|
Sm_PolicyApi_UserContext_ID |
31 |
|
Sm_PolicyApi_Affiliate_ID |
36 |
|
Sm_PolicyApi_AffiliateAttr_ID |
37 |
|
Sm_PolicyApi_SharedSecretPolicy_ID |
38 |
|
Sm_PolicyApi_UserContext_ID |
40 |
|
Sm_PolicyApi_SAMLSP_ID |
41 |
|
Sm_PolicyApi_SAMLProviderProp_ID |
42 |
|
Sm_PolicyApi_SAMLAffiliation_ID |
43 |
|
Sm_PolicyApi_SAMLSPAttr_ID |
44 |
|
Sm_PolicyApi_WSFEDResourcePartner_ID |
45 |
|
Sm_PolicyApi_WSFEDProviderProp_ID |
46 |
|
Sm_PolicyApi_WSFEDRPAttr_ID |
47 |
|
Sm_PolicyApi_SAMLRequesterAttr_ID |
48 |
|
Sm_PolicyApi_SAMLSPAssertionConsumerService_ ID |
49 |
|
Copyright © 2015 CA Technologies.
All rights reserved.
|
|