The AddAttributeToSAMLScheme method adds a new attribute to the SAML 2.0 authentication scheme definition.
Syntax
The AddAttributeToSAMLScheme method has the following format:
Netegrity::PolicyMgtSession‑>AddAttributeToSAMLScheme(scheme, AttrNameFormat, LocalName, Name)
Parameters
The AddAttributeToSAMLScheme method accepts the following parameters:
scheme (PolicyMgtAuthScheme object)
Specifies the SAML 2.0 authentication scheme.
AttrNameFormat (int)
Specifies the attribute type:
LocalName (string)
Specifies the attribute's name as used locally.
Name (string)
Specifies the attribute's name as defined on the Attribute Authority.
Return Value
The AddAttributeToSAMLScheme method returns one of the following values:
The AddTrustedHost method creates or modifies a trusted host object in the policy store.
Syntax
The AddTrustedHost method has the following format:
Netegrity::PolicyMgtSession‑>AddTrustedHost(trustedHostName[, trustedHostDescription][, trustedHostIpAddress][, sharedSecret])
Parameters
The AddTrustedHost method accepts the following parameters:
trustedHostName (string)
Specifies the name of the trusted host.
trustedHostDescription (string)
(Optional) Specifies the description of the trusted host.
trustedHostIpAddress (string)
(Optional) Specifies the IP address of the trusted host.
sharedSecret (string)
(Optional) Specifies the shared secret.
Note: You must also define the shared secret in the host configuration file by running the SiteMinder tool smreghost with the -sh option. If you do not use the -sh option to specify the shared secret, SiteMinder automatically generates one.
Return Value
The AddTrustedHost method returns one of the following values:
Remarks
You can use the AddTrustedHost method to register the trusted host without first configuring a connection between the Policy Server and the Agent. When you use this method to register the trusted host, you must also run the SiteMinder tool smreghost to define the shared secret in the host configuration file. (The host configuration file is named SmHost.conf by default.) Run smreghost with the -sh option and the shared secret. To retrieve the shared secret in clear text, call the method PolicyMgtTrustedHost‑>GetSecret.
Alternately, you can create the trusted host by calling the method CreateTrustedHost and run smreghost without the -sh option. In this case, SiteMinder automatically creates and configures the trusted host during installation.
Important! SiteMinder generates a random 128-byte ASCII shared secret. When you create the shared secret, it can be any string value. To create a strong shared secret, we strongly recommend that you call the AddTrustedHost method with the sharedSecret parameter set to an empty string. This results in the automatic generation of a shared secret that is random, long, and hard-to-guess.
The CreateAdmin method creates and configures a system-level administrator.
Syntax
The CreateAdmin method has the following format:
Netegrity::PolicyMgtSession‑>CreateAdmin(adminName[, adminDesc][, adminPwd][, userDir][, authScheme])
Parameters
The CreateAdmin method accepts the following parameters:
adminName (string)
Specifies the administrator's name.
adminDesc (string)
(Optional) Specifies the administrator's description.
adminPwd (string)
(Optional) Specifies the administrator's password.
userDir (PolicyMgtUserDir object)
(Optional) Specifies the user directory if the administrator is stored in an external directory.
authScheme (PolicyMgtAuthScheme object)
(Optional) Specifies the authentication scheme to use if the administrator is stored in an external directory.
Note: This parameter is required if an external user directory is specified.
Return Value
The CreateAdmin method returns one of the following values:
Remarks
The Policy Management API does not allow you to create an administrator for a particular domain. However, you can add an existing administrator to a particular domain by calling the method AddAdmin. To create an administrator with domain privileges, use the Administrative UI.
The CreateAffDomain method creates an affiliate domain.
Syntax
The CreateAffDomain method has the following format:
Netegrity::PolicyMgtSession‑>CreateAffDomain(domName[, domDesc])
Parameters
The CreateAffDomain method accepts the following parameters:
domName (string)
Specifies the name of the affiliate domain.
domDesc (string)
(Optional) Specifies the description of the affiliate domain.
Return Value
The CreateAffDomain method returns one of the following values:
Remarks
To implement affiliate domains, you need legacy federation.
The CreateAgent method creates and configures a SiteMinder agent.
Syntax
The CreateAgent method has the following format:
Netegrity::PolicyMgtSession‑>CreateAgent(agentName, agentType[, agentDesc][, agentIP][, agentSecret][, realmHintAttrID])
Parameters
The CreateAgent method accepts the following parameters:
agentName (string)
Specifies the name of the agent.
agentType (PolicyMgtAgentType object)
Specifies the type of agent.
agentDesc (string)
(Optional) Specifies the description of the agent.
agentIP (string)
(Optional) Specifies the agent's IP address.
Note: This parameter is required for RADIUS agents.
agentSecret (string)
(Optional) Specifies the shared secret.
Note: To create a v4.x agent, specify the shared secret. To create a v5.x agent, omit this parameter.
realmHintAttrID (int)
(Optional) Specifies the realm hint attribute ID.
Note: This parameter only applies to RADIUS agents.
Return Value
The CreateAgent method returns one of the following values:
The CreateAgentConfig method creates an agent configuration object.
Syntax
The CreateAgentConfig method has the following format:
Netegrity::PolicyMgtSession‑>CreateAgentConfig(agentConfigName[, AgentConfigDesc])
Parameters
The CreateAgentConfig method accepts the following parameters:
agentConfigName (string)
Specifies the name of the agent configuration.
AgentConfigDesc (string)
(Optional) Specifies the description of the agent configuration.
Return Value
The CreateAgentConfig method returns one of the following values:
The CreateAgentGroup method creates an agent group.
Syntax
The CreateAgentGroup method has the following format:
Netegrity::PolicyMgtSession‑>CreateAgentGroup(agentGroupName, agentType[, groupDesc])
Parameters
The CreateAgentGroup method accepts the following parameters:
agentGroupName (string)
Specifies the name of the agent group.
agentType (PolicyMgtAgentType object)
Specifies the type of agent associated with the agent group.
Note: To retrieve the agent type for this method, call the method PolicyMgtSession‑>GetAgentType.
groupDesc (string)
(Optional) Specifies the description of the agent group.
Return Value
The CreateAgentGroup method returns one of the following values:
The CreateAuthAzMap method creates an authentication and authorization directory mapping object.
Syntax
The CreateAuthAzMap method has the following format:
Netegrity::PolicyMgtSession‑>CreateAuthAzMap(authDir, azDir, mapType)
Parameters
The CreateAuthAzMap method accepts the following parameters:
authDir (PolicyMgtUserDir object)
Specifies the user directory to use when authenticating the user.
azDir (PolicyMgtUserDir object)
Specifies the user directory to use when authorizing the user.
mapType (int)
Specifies the type of directory mapping.
Specifies mapping based on a DN.
Specifies mapping based on a universal identifier.
Specifies mapping based on an attribute in the user directory.
Return Value
The CreateAuthAzMap method returns one of the following values:
Remarks
SiteMinder uses the same user directory to authenticate and authorize users. In addition, SiteMinder allows you to specify one user directory for authentication and another user directory for authorization. This feature is called directory mapping. Directory mapping is especially useful, when authentication information is stored in a central directory, but authorization information is stored in multiple directories, each one associated with a particular application.
The CreateAuthScheme method creates and configures an authentication scheme.
Syntax
The CreateAuthScheme method has the following format:
Netegrity::PolicyMgtSession‑>CreateAuthScheme(schemeName, schemeTemplate[, schemeDesc][, protLevel][, schemeLib][, schemeParam][, secret][, isTemplate][, isUsedByAdmin][, saveCreds][, isRadius][, ignorePwd])
Parameters
The CreateAuthScheme method accepts the following parameters:
schemeName (string)
Specifies the authentication scheme's name.
schemeTemplate (PolicyMgtAuthScheme object)
Specifies the template on which to base the authentication scheme.
Note: To view a list of templates, see the method PolicyMgtSession‑>GetAuthScheme.
schemeDesc (string)
(Optional) Specifies the authentication scheme's description.
protLevel (int)
(Optional) Specifies the authentication scheme's protection level.
Range: 1-1000
Note: The higher the protection level value, the more secure the authentication scheme.
schemeLib (string)
(Optional) Specifies the name of the custom library to use in place of the default library shipped with each type of authentication scheme.
schemeParam (string)
(Optional) Specifies a parameter string to pass to the authentication scheme.
Note: For help constructing the parameter string, navigate to the Scheme Type Setup tab on the Authentication Scheme Properties dialog in the Administrative UI. Select the authentication scheme type, type the values in the fields, and observe the result on the Advanced tab.
secret (string)
(Optional) Specifies the authentication scheme's shared secret.
isTemplate (int)
(Optional) Specifies whether the authentication scheme is a template for other authentication schemes.
Default: A zero (0) value specifies that the authentication scheme is not a template.
Note: This parameter is deprecated as of CA SiteMinder® v6.0 SP3.
isUsedByAdmin (int)
(Optional) Specifies whether the authentication scheme can be used to authenticate administrators.
saveCreds (int)
(Optional) Specifies whether to save user credentials.
isRadius (int)
(Optional) Specifies whether the authentication scheme type is RADIUS.
ignorePwd (int)
(Optional) Specifies whether to ignore password policies.
Return Value
The CreateAuthScheme method returns one of the following values:
The CreateCustomCertMap method creates a custom certificate map. The custom certificate map associates user attribute names defined in the certificate's Subject DN with the corresponding user attribute names in the user directory. For authentication to succeed, the values of the mapped user attribute pairs must match. Use the AttributeMap parameter to define the attribute names that are mapped.
Syntax
The CreateCustomCertMap method has the following format:
Netegrity::PolicyMgtSession‑>CreateCustomCertMap(IssuerDN, AttributeMap[, DirectoryType])
Parameters
The CreateCustomCertMap method accepts the following parameters:
IssuerDN (string)
Specifies the certificate issuer's distinguished name.
AttributeMap (string)
Specifies an expression that maps attribute names in the certificate's Subject DN to attribute names in the user directory.
Syntax: UserAttrName1=%{CertAttrName1},UserAttrName2=%{CertAttrName2}, . . . UserAttrName#=%{CertAttrName#}
Example:
Certificate's Subject DN contains: CN=John Smith, UID=JSMITH, OU=Development, O=CompanyA
AttributeMap contains: CN=%{UID}, OU=%{OU}, O=%{O}
Matching user DN in the user directory: CN=JSMITH, OU=Development, O=CompanyA
DirectoryType (int)
(Optional) Specifies the type of user directory specified as the authentication directory:
Note: This is the default.
Return Value
The CreateCustomCertMap method returns one of the following values:
Remarks
When a certificate map is created, the following flags are set to false, the default value:
For information on changing the value of these flags, see the method PolicyMgtSession‑>CreateExactCertMap.
The CreateDomain method creates a policy domain object.
Syntax
The CreateDomain method has the following format:
Netegrity::PolicyMgtSession‑>CreateDomain(domName[, domDesc][, globalPoliciesApply])
Parameters
The CreateDomain method accepts the following parameters:
domName (string)
Specifies the name of the domain.
domDesc (string)
(Optional) Specifies the description of the domain.
globalPoliciesApply (int)
(Optional) Specifies whether the domain can accept global policies:
Specifies that the domain can accept global policies.
Specifies that the domain cannot accept global policies.
Return Value
The CreateDomain method returns one of the following values:
The CreateExactCertMap method creates a certificate map object whose Subject DN attributes match the corresponding user directory attributes exactly. When the certificate map object is created, the following flags are set to FALSE:
Note: To change the value of this flag, call the method PolicyMgtCertMap‑>CertRequired.
Note: To change the value of this flag, call the method PolicyMgtCertMap‑>UseDistributionPoints.
Note: To change the value of this flag, call the method PolicyMgtCertMap‑>VerifySignature.
Note: To change the value of this flag, call the method PolicyMgtCertMap‑>EnableCRL.
Note: To change the value of this flag, call the method PolicyMgtCertMap‑>CacheCRL.
Syntax
The CreateExactCertMap method has the following format:
Netegrity::PolicyMgtSession‑>CreateExactCertMap(IssuerDN[, DirectoryType])
Parameters
The CreateExactCertMap method accepts the following parameters:
IssuerDN (string)
Specifies the distinguished name of the certificate issuer.
DirectoryType (int)
(Optional) Specifies one of the following user directory types used for authentication:
Return Value
The CreateExactCertMap method returns one of the following values:
The CreateGlobalPolicy method creates a policy that has a global scope.
Syntax
The CreateGlobalPolicy method has the following format:
Netegrity::PolicyMgtSession‑>CreateGlobalPolicy(policyName[, enableFlag][, activeExpr][, policyDesc])
Parameters
The CreateGlobalPolicy method accepts the following parameters:
policyName (string)
Specifies the global policy's name.
enableFlag (type)
(Optional) Specifies whether to enable the global policy:
Specifies that the global policy is enabled.
Specifies that the global policy is disabled.
activeExpr (string)
(Optional) Specifies ...
policyDesc (string)
(Optional) Specifies the global policy's description.
Return Value
The CreateGlobalPolicy method returns one of the following values:
The CreateGlobalResponse method creates a response that has a global scope.
Syntax
The CreateGlobalResponse method has the following format:
Netegrity::PolicyMgtSession‑>CreateGlobalResponse(respName, agentType[, respDesc])
Parameters
The CreateGlobalResponse method accepts the following parameters:
respName (string)
Specifies the global response's name.
agentType (PolicyMgtAgentType object)
Specifies the type of agent associated with the global response.
Note: To retrieve the agent type object, call the method PolicyMgtSession‑>GetAgentType.
respDesc (string)
(Optional) Specifies the global response's description.
Return Value
The CreateGlobalResponse method returns one of the following values:
The CreateGlobalResponseGroup method creates a rule group that is specific to a particular domain.
Syntax
The CreateGlobalResponseGroup method has the following format:
Netegrity::PolicyMgtSession‑>CreateGlobalResponseGroup(groupName, agentType, domain)
Parameters
The CreateGlobalResponseGroup method accepts the following parameters:
groupName (string)
Specifies the global rule group name.
agentType (PolicyMgtAgentType)
Specifies the type of agent.
domain (PolicyMgtDomain)
Specifies the domain for which the rule group applies.
Return Value
The CreateGlobalResponseGroup method returns one of the following values:
The CreateGlobalRule method creates a rule that has a global scope.
Syntax
The CreateGlobalRule method has the following format:
Netegrity::PolicyMgtSession‑>CreateGlobalRule(ruleName, resource, event, agent[, ruleDesc][, allowAccess][, regexMatch][, activeExpr][, isEnabled])
Parameters
The CreateGlobalRule method accepts the following parameters:
ruleName (string)
Specifies the global rule's name.
resource (string)
Specifies the filter for the resource that the global rule is protecting.
event (string)
Specifies the type of event that the global rule is executing.
agent (PolicyMgtAgent | PolicyMgtGroup)
Specifies the agent or agent group associated with the global rule.
ruleDesc (string)
(Optional) Specifies the global rule's description.
allowAccess (int)
(Optional) Specifies whether to allow or deny access to the resource protected by the rule:
Specifies allowing access.
Specifies denying access.
regexMatch (int)
(Optional) Specifies whether to perform regular expression pattern matching:
Specifies performing regular expression pattern matching.
Specifies not performing regular expression pattern matching.
activeExpr (string)
(Optional) Specifies the global rule's active expression.
isEnabled (int)
(Optional) Specifies whether to enable or disable the global rule:
Specifies that the global rule is enabled.
Specifies that the global rule is disabled.
Return Value
The CreateGlobalRule method returns one of the following values:
The CreateGlobalRuleGroup method creates a rule group that is specific to a particular domain.
Syntax
The CreateGlobalRuleGroup method has the following format:
Netegrity::PolicyMgtSession‑>CreateGlobalRuleGroup(groupName, agentType, domain)
Parameters
The CreateGlobalRuleGroup method accepts the following parameters:
groupName (string)
Specifies the global rule group name.
agentType (PolicyMgtAgentType)
Specifies the type of agent.
domain (PolicyMgtDomian)
Specifies the domain for which the rule group applies.
Return Value
The CreateGlobalRuleGroup method returns one of the following values:
The CreateHostConfig method creates a host configuration object.
Syntax
The CreateHostConfig method has the following format:
Netegrity::PolicyMgtSession‑>CreateHostConfig(hostConfigName[, hostConfDesc][, enableFailover][, maxSocketsPerPort][, minSocketsPerPort][, newSocketstep][, requestTimeout])
Parameters
The CreateHostConfig method accepts the following parameters:
hostConfigName (string)
Specifies the name of the host configuration object.
hostConfDesc (string)
(Optional) Specifies the description of the host configuration object.
enableFailover (int)
(Optional) Specifies whether to use failover or round-robin communication between the Policy Server and the agent:
Specifies failover communication.
Specifies round-robin communication.
maxSocketsPerPort (int)
(Optional) Specifies the maximum number of TCP/IP sockets that can be opened between an agent and the Policy Server.
minSocketsPerPort (int)
(Optional) Specifies the minimum number of TCP/IP sockets that can be opened between an agent and the Policy Server.
newSocketstep (int)
(Optional) Specifies how many sockets to open when additional sockets are required.
requestTimeout (int)
(Optional) Specifies how long, in seconds, an agent can wait for a response from the Policy Server.
Return Value
The CreateHostConfig method returns one of the following values:
The CreateODBCQueryScheme method creates and configures an ODBC query scheme. ODBC query schemes are also called SQL query schemes.
Note: Create a unique data source for each ODBC query scheme.
Syntax
The CreateODBCQueryScheme method has the following format:
Netegrity::PolicyMgtSession‑>CreateODBCQueryScheme(schemeName[, schemeDesc][, queryEnumerate][, queryGetObjInfo][, queryLookup][, queryInitUser][, queryAuthenticateUser][, queryGetUserProp][, querySetUserProp][, queryGetUserProps][, queryLookupUser][, queryGetGroups][, queryIsGroupMember][, queryGetGroupProp][, querySetGroupProp][, queryGetGroupProps][, queryLookupGroup][, querySetPassword])
Parameters
The CreateODBCQueryScheme method accepts the following parameters:
schemeName (string)
Specifies the ODBC query scheme's name.
schemeDesc (string)
(Optional) Specifies the ODBC query scheme's description.
queryEnumerate (string)
(Optional) Specifies a query that lists the names of user objects in the directory.
Note: For more information, see the method PolicyMgtODBCQueryScheme‑>QueryEnumerate.
queryGetObjInfo (string)
(Optional) Specifies a query that fetches the object's class.
Note: For more information, see the method PolicyMgtODBCQueryScheme‑>QueryGetObjInfo.
queryLookup (string)
(Optional) Specifies a query that returns objects based on the value of an attribute in a group table.
Note: For more information, see the method PolicyMgtODBCQueryScheme‑>QueryLookup.
queryInitUser (string)
(Optional) Specifies a query that determines if a user with a given name exists in the database.
Note: For more information, see the method PolicyMgtODBCQueryScheme‑>QueryInitUser.
queryAuthenticateUser (string)
(Optional) Specifies a query that retrieves the user's password.
Note: For more information, see the method PolicyMgtODBCQueryScheme‑>QueryAuthenticateUser.
queryGetUserProp (string)
(Optional) Specifies a query that retrieves the value of a user property.
Note: The property must be listed in the queryGetUserProps parameter string. For more information, see the method PolicyMgtODBCQueryScheme‑>QueryGetUserProp.
querySetUserProp (string)
(Optional) Specifies a query that sets the value of a user property.
Note: The property must be listed in the queryGetUserProps parameter string. For more information, see the method PolicyMgtODBCQueryScheme‑>QuerySetUserProp.
queryGetUserProps (string)
(Optional) Specifies a comma-separated list of user attributes that reside in the same table as the user name.
Note: For more information, see the method PolicyMgtODBCQueryScheme‑>QueryGetUserProps.
queryLookupUser (string)
(Optional) Specifies a query that retrieves a user name through an attribute of the user table.
Note: For more information, see the method PolicyMgtODBCQueryScheme‑>QueryLookupUser.
queryGetGroups (string)
(Optional) Specifies a query that retrieves the names of the groups to which the user belongs.
Note: For more information, see the method PolicyMgtODBCQueryScheme‑>QueryGetGroups.
queryIsGroupMember (string)
(Optional) Specifies a query that determines whether a particular user is a member of a group.
Note: For more information, see the method PolicyMgtODBCQueryScheme‑>QueryIsGroupMember.
queryGetGroupProp (string)
(Optional) Specifies a query that returns the value of a group property.
Note: The property must be listed in the queryGetGroupProps parameter string. For more information, see the method PolicyMgtODBCQueryScheme‑>QueryGetGroupProp.
querySetGroupProp (string)
(Optional) Specifies a query that sets the value of a group property.
Note: The property must be listed in the queryGetGroupProps parameter string. For more information, see the method PolicyMgtODBCQueryScheme‑>QuerySetGroupProp.
queryGetGroupProps (string)
(Optional) Specifies a comma-separated list of group attributes.
Note: For more information, see the method PolicyMgtODBCQueryScheme‑>QueryGetGroupProps.
queryLookupGroup (string)
(Optional) Specifies a query that retrieves a group name through an attribute of the group table.
Note: For more information, see the method PolicyMgtODBCQueryScheme‑>QueryLookupGroup.
querySetPassword (string)
(Optional) Specifies a query that changes a user's password.
Note: For more information, see the method PolicyMgtODBCQueryScheme‑>QuerySetPassword.
Return Value
The CreateODBCQueryScheme method returns one of the following values:
The CreatePwdPolicy method creates and configures a password policy.
Syntax
The CreatePwdPolicy method has the following format:
Netegrity::PolicyMgtSession‑>CreatePwdPolicy(pwdPolName, userDir[, pwdPolDesc][, enabledFlag][, entireDirFlag][, path][, class][, allowNestedGroups][, maxLoginFailures][, maxLoginInactive][, expDelay][, expWarningDays][, dicName][, dicMatchLength][, userwait][, pwdSvcRedirect][maxPwdLength][, minPwdLength][, maxPwdRepeatChar][, minPwdAlphaNum][, minPwdAlpha][, minPwdNonAlpha][, minPwdNonPrint][, minPwdNum][, minPwdPunc][, pwdReuseCount][, pwdReuseDelay][, pwdPctDiff][, pwdIgnoreSeq][, profileAttrMatch])
Parameters
The CreatePwdPolicy method accepts the following parameters:
pwdPolName (string)
Specifies the name of the password policy.
userDir (PolicyMgtUserDir object)
Specifies the user directory to which the password policy applies.
pwdPolDesc (string)
(Optional) Specifies the description of the password policy.
enabledFlag (int)
(Optional) Specifies whether the password policy is enabled.
entireDirFlag (int)
(Optional) Specifies whether the password policy applies to the entire LDAP directory or only part of the directory.
Specifies that the password policy applies to the entire LDAP directory.
Specifies that the password policy only applies to part of the LDAP directory.
Note: For part of the LDAP directory, specify the directory path in the path parameter and the class in the class parameter.
path (string)
(Optional) Specifies the part of the directory to which the password policy applies.
Note: Include this parameter when the entireDirFlag parameter is set to 0.
class (string)
(Optional) Specifies the class to which the password policy applies.
Note: Include this parameter when the entireDirFlag parameter is set to 0.
allowNestedGroups (int)
(Optional) Specifies whether the password policy is associated with the nested groups in the LDAP directory.
Note: Include this parameter when the entireDirFlag parameter is set to 0.
maxLoginFailures (int)
(Optional) Specifies the maximum number of login failures allowed before the user's account is disabled.
maxLoginInactive (int)
(Optional) Specifies the maximum number of days of inactivity allowed before the user's password expires.
expDelay (int)
(Optional) Specifies the number of days a password can be unchanged before it expires.
expWarningDays (int)
(Optional) Specifies the number of days in advance to notify the user that the password is due to expire.
dicName (string)
(Optional) Specifies the location of the dictionary file that lists the words that cannot be used in a password.
dicMatchLength (int)
(Optional) Specifies the minimum number of letters required for dictionary checking.
userwait (int)
(Optional) Specifies the number of minutes an account is disabled before the account is enabled and the user is allowed to attempt logging in again.
pwdSvcRedirect (string)
(Optional) Specifies the URL where the user is redirected when an invalid password is entered.
Note: This must be the URL of the Password Services CGI.
maxPwdLength (int)
(Optional) Specifies the maximum length of a user password.
Note: This value must be greater than the value specified by the parameter minPwdLength.
minPwdLength (int)
(Optional) Specifies the minimum length of a user password.
maxPwdRepeatChar (int)
(Optional) Specifies the maximum number of identical characters that can appear consecutively in a password.
minPwdAlphaNum (int)
(Optional) Specifies the minimum number of alphanumeric characters (A-Z, a-z, 0-9) that a password must contain.
minPwdAlpha (int)
(Optional) Specifies the minimum number of alphabetic characters (A-Z, a-z) that a password must contain.
minPwdNonAlpha (int)
(Optional) Specifies the minimum number of non-alphanumeric characters that a password must contain.
Note: The following are examples of non-alphanumeric characters: "@", "$", and "*".
minPwdNonPrint (int)
(Optional) Specifies the minimum number of non-printable characters that a password must contain.
Note: Non-printable characters are not displayed on a computer screen.
minPwdNum (int)
(Optional) Specifies the minimum number of numeric characters (0-9) that a password must contain.
minPwdPunc (int)
(Optional) Specifies the minimum number of punctuation marks that a password must contain.
Note: Punctuation marks include periods, commas, exclamation points, slashes, hyphens, and dashes.
pwdReuseCount (int)
(Optional) Specifies the number of new passwords that must be used before an old one can be reused.
pwdReuseDelay (int)
(Optional) Specifies the number of days a user must wait before reusing a password.
pwdPctDiff (int)
(Optional) Specifies the percentage of characters contained in a new password that must differ from the characters in the previous password.
Note: A value of 100 specifies that the new password cannot contain any of the characters in the previous password. For more information, see the parameter pwdIgnoreSeq.
pwdIgnoreSeq (int)
(Optional) Specifies whether character position is ignored when the new password is compared to the previous password and the percentage of characters that are different is calculated.
Specifies that character sequence is ignored.
Specifies that character sequence is considered.
Example: If the character "c" is in both the new and previous passwords, but its position in each password is different, then it is considered to be two different characters when the percentage is calculated.
profileAttrMatch (int)
(Optional) Specifies that the minimum character sequence that SiteMinder checks when checking the password against attributes in the user's directory entry.
Return Value
The CreatePwdPolicy method returns one of the following values:
The CreateRegScheme method creates and configures a registration scheme.
Syntax
The CreateRegScheme method has the following format:
Netegrity::PolicyMgtSession‑>CreateRegScheme(regName, userDir[, regDesc][, welcomeURL][, templatePath][, enableLogging])
Parameters
The CreateRegScheme method accepts the following parameters:
regName (string)
Specifies the registration scheme's name.
userDir (string)
Specifies the user directory associated with the registration scheme.
regDesc (string)
(Optional) Specifies the registration scheme's description.
welcomeURL (string)
(Optional) Specifies the URL for the welcome page.
Note: Users are redirected to this page after successfully registering.
Example: http://my.acme.com/hr/welcome.htm
templatePath (string)
(Optional) Specifies the path where the registration templates are located.
Note: For more information about the templePath parameter, see Remarks.
enableLogging (int)
(Optional) Specifies whether to enable logging.
Specifies enabling logging.
Specifies disabling logging.
Return Value
The CreateRegScheme method returns one of the following values:
Remarks
When you install a SiteMinder Web Agent, the registration templates are installed in the samples/selfreg subdirectory of the Web Agent installation directory by default. During SiteMinder installation, the virtual directory /siteminderagent is created and pointed to the samples directory in the Web Agent installation directory. Therefore, when using the default directory, specify templePath as follows: /siteminderagent/selfreg (without the final slash).
If you are using SSL for registration, you must provide the absolute path for the registration templates. The default paths are as follows:
The CreateSAMLAffiliation method creates a SAML 2.0 affiliation object. A SAML 2.0 affiliation is a set of entities that share a single federated namespace of unique Name IDs for principals. To modify the properties of an existing SAML affiliation, call the method PolicyMgtSAMLAffiliation‑>Property.
Syntax
The CreateSAMLAffiliation method has the following format:
Netegrity::PolicyMgtSession‑>CreateSAMLAffiliation(propsHash_ref)
Parameters
The CreateSAMLAffiliation method accepts the following parameter:
propsHash_ref (hash)
Specifies a reference to a hashtable of metadata properties for the SAML 2.0 affiliation.
Example: \%myhash
Return Value
The CreateSAMLAffiliation method returns one of the following values:
Remarks
The SAML 2.0 affiliation properties are grouped as follows:
SAML_NAME
SAML_DESCRIPTION
SAML_KEY_AFFILIATION_ID
SAML_MAJOR_VERSION
SAML_MINOR_VERSION
SAML_OID
SAML_SP_NAMEID_FORMAT
SAML_SP_NAMEID_TYPE
SAML_SP_NAMEID_STATIC
SAML_SP_NAMEID_ATTRNAME
SAML_SP_NAMEID_DNSPEC
SAML_IDP_XPATH
SAML_IDP_LDAP_SEARCH_SPEC
SAML_IDP_ODBC_SEARCH_SPEC
SAML_IDP_WINNT_SEARCH_SPEC
SAML_IDP_CUSTOM_SEARCH_SPEC
SAML_IDP_AD_SEARCH_SPEC
For more information, see the SAML 2.0 Property Reference in this guide.
The CreateSAMLAuthScheme method creates a SAML 2.0 authentication scheme object with its properties set to specified values. There are two types of properties associated with the object: authentication scheme properties and metadata properties.
Authentication Scheme Properties
The authentication scheme properties are based on the SAML 2.0 template and have the following initial values:
Default: smauthsaml
Default: FALSE
Default: FALSE
Default: FALSE
Default: FALSE
Default: TRUE
Default: 5
Note: You can modify the default protection level by calling the CreateSAMLAuthScheme method with the optional protLevel parameter set to a new value.
Metadata Properties
The metadata properties are the properties of the Identity Provider associated with the SAML 2.0 authentication scheme and are stored with the authentication scheme. To specify them, pass the reference to the hashtable of metadata properties to the CreateSAMLAuthScheme method in the propsHash_ref parameter. To update the metadata properties of an existing SAML 2.0 authentication scheme, call the method PolicyMgtSession‑>SAMLAuthSchemeProperties.
Syntax
The CreateSAMLAuthScheme method has the following format:
Netegrity::PolicyMgtSession‑>CreateSAMLAuthScheme(schemeName, propsHash_ref[, schemeDesc][, protLevel])
Parameters
The CreateSAMLAuthScheme method accepts the following parameters:
schemeName (string)
Specifies the name of the authentication scheme.
propsHash_ref (hash)
Specifies a reference to a hashtable of metadata properties to associate with the SAML 2.0 authentication scheme.
Example: \%myhash
Note: For a complete list of metadata properties, see Remarks.
schemeDesc (string)
(Optional) Specifies the description of the authentication scheme.
protLevel (int)
(Optional) Specifies the protection level of the authentication scheme.
Return Value
The CreateSAMLAuthScheme method returns one of the following values:
Remarks
The metadata properties associated with the SAML 2.0 authentication scheme are listed following.
SAML_NAME
SAML_DESCRIPTION
SAML_IDP_SPID
SAML_KEY_IDPID
SAML_MAJOR_VERSION
SAML_MINOR_VERSION
SAML_SKEWTIME
SAML_DISABLE_SIGNATURE_PROCESSING
SAML_DSIG_VERINFO_ISSUER_DN
SAML_DSIG_VERINFO_SERIAL_NUMBER
SAML_IDP_XPATH
SAML_IDP_LDAP_SEARCH_SPEC
SAML_IDP_ODBC_SEARCH_SPEC
SAML_IDP_WINNT_SEARCH_SPEC
SAML_IDP_CUSTOM_SEARCH_SPEC
SAML_IDP_AD_SEARCH_SPEC
SAML_AFFILIATION
SAML_IDP_SSO_REDIRECT_MODE
SAML_IDP_SSO_DEFAULT_SERVICE
SAML_AUDIENCE
SAML_IDP_SSO_TARGET
SAML_ENABLE_SSO_ARTIFACT_BINDING
SAML_KEY_IDP_SOURCEID
SAML_IDP_ARTIFACT_RESOLUTION_DEFAULT_SERVICE
SAML_IDP_BACKCHANNEL_AUTH_TYPE
SAML_IDP_SPNAME
SAML_IDP_PASSWORD
SAML_ENABLE_SSO_POST_BINDING
SAML_IDP_SSO_ENFORCE_SINGLE_USE_POLICY
SAML_SSOECPPROFILE
SAML_IDP_SIGN_AUTHNREQUESTS
SAML_SLO_REDIRECT_BINDING
SAML_SLO_SERVICE_VALIDITY_DURATION
SAML_SLO_SERVICE_URL
SAML_SLO_SERVICE_RESPONSE_URL
SAML_SLO_SERVICE_CONFIRM_URL
SAML_IDP_REQUIRE_ENCRYPTED_ASSERTION
SAML_IDP_REQUIRE_ENCRYPTED_NAMEID
SAML_IDP_SAMLREQ_ENABLE
SAML_IDP_SAMLREQ_REQUIRE_SIGNED_ASSERTION
SAML_IDP_SAMLREQ_ATTRIBUTE_SERVICE
SAML_IDP_SAMLREQ_GET_ALL_ATTRIBUTES
SAML_IDP_SAMLREQ_NAMEID_FORMAT
SAML_IDP_SAMLREQ_NAMEID_TYPE
SAML_IDP_SAMLREQ_NAMEID_STATIC
SAML_IDP_SAMLREQ_NAMEID_ATTR_NAME
SAML_IDP_SAMLREQ_NAMEID_DN_SPEC
SAML_IDP_SAMLREQ_NAMEID_ALLOW_NESTED
SAML_SP_PLUGIN_CLASS
SAML_SP_PLUGIN_PARAMS
SAML_IDP_REDIRECT_URL_USER_NOT_FOUND
SAML_IDP_REDIRECT_MODE_USER_NOT_FOUND
SAML_IDP_REDIRECT_URL_FAILURE
SAML_IDP_REDIRECT_MODE_FAILURE
SAML_IDP_REDIRECT_URL_INVALID
SAML_IDP_REDIRECT_MODE_INVALID
The CreateSingleCertMap method creates a certificate map between a single attribute in the certificate's Subject DN and the corresponding user attribute in the user directory. For authentication to succeed, the attribute's value in the Subject DN must match the value of the corresponding user attribute in the user directory.
Syntax
The CreateSingleCertMap Method method has the following format:
Netegrity::PolicyMgtSession‑>CreateSingleCertMap(IssuerDN, Attribute[, DirectoryType])
Parameters
The CreateSingleCertMap Method method accepts the following parameters:
IssuerDN (string)
Specifies the distinguished name of the certificate issuer.
Attribute (string)
Specifies the name of the attribute whose values in the certificate's Subject DN and in the user directory must match.
Syntax: %{attribute_name}
Example: %{uid}
DirectoryType (int)
(Optional) Specifies the type of the user directory specified for authentication.
Return Value
The CreateSingleCertMap Method method returns one of the following values:
Remarks
When a certificate map is created, the following flags are set to false, the default value:
For information on changing the value of these flags, see the method PolicyMgtSession‑>CreateExactCertMap.
The CreateSAMLAuthScheme method creates a trusted host object in the policy store, registers the trusted host with the Policy Server, and if registration is successful, creates the local registration file. Use this method when the Policy Server is connected to the agent host. When there is no connection between the Policy Server and the agent host, call the method PolicyMgtSession‑>AddTrustedHost instead.
Syntax
The CreateTrustedHost method has the following format:
Netegrity::PolicyMgtSession‑>CreateTrustedHost(trustedHostName [,ipAddress][, adminName][, adminPassword][, hostConfigName][, registrationDataFileName])
Parameters
The CreateTrustedHost method accepts the following parameters:
trustedHostName (string)
Specifies the name of the trusted host.
ipAddress (string)
(Optional) Specifies the IP address of the Policy Server.
adminName (string)
(Optional) Specifies the name of a Policy Server administrator.
adminPassword (string)
(Optional) Specifies the administrator's password.
hostConfigName (string)
(Optional) Specifies the name of the host configuration object.
registrationDataFileName (string)
(Optional) Specifies the name of the file where registration data is written when the host is successfully registered with the Policy Server.
Note: This filename is specified by calling the Agent API method Connect. The file is stored and managed by SiteMinder.
Return Value
The CreateTrustedHost method returns one of the following values:
The CreateUserDir method creates and configures a user directory object.
Syntax
The CreateUserDir method has the following format:
Netegrity::PolicyMgtSession‑>CreateUserDir(dirName, namespace, server[, ODBCQueryScheme][, domDesc][, searchRoot][, usrLookStart][, usrLookEnd][, username][, password][, searchResults][, searchScope][, searchTimeout][, secureConn][, requireCreds][, disabledAttr][, UIDAttr][, anonID][, pwdData][, pwdAttr][, emailAttr][, chalRespAttr])
Parameters
The CreateUserDir method accepts the following parameters:
dirName (string)
Specifies the user directory object's name.
namespace (string)
Specifies the user directory's namespace:
server (string)
Specifies one of the following directory-dependent values:
Specifies the IP address and port number of the LDAP server.
Syntax: IP_address:port_number
Note: The default port number is 389.
Specifies the data source name.
Specifies the domain name.
Specifies the name of the library that corresponds to the custom directory.
ODBCQueryScheme (PolicyMgtODBCQueryScheme object)
(Optional) Specifies a set of queries that SiteMinder uses to query the ODBC directory.
Note: If the user directory is not an ODBC directory, this parameter's value is undef.
domDesc (string)
(Optional) Specifies the description of the user directory.
searchRoot (string)
(Optional) Specifies one of the following directory-dependent values:
Specifies the location in the LDAP tree that is the starting point for the directory connection, for example, the organization (o) or organizational unit (ou). This location, called the search root, is the point where the Policy Server starts the search for a user.
Note: For more information about this parameter, see the parameter searchScope.
Specifies a string of parameters to pass to the custom library.
usrLookStart (string)
(Optional) Specifies the start value for a user DN lookup in an LDAP directory.
usrLookEnd (string)
(Optional) Specifies the end value for a user DN lookup in an LDAP directory.
Note: Specifying values for the user DN lookup starting point and endpoint allows users to enter part of the DN string when authenticating. In the following example, the user only needs to specify the string "JSmith" and not the whole DN string when logging in:
username (string)
(Optional) Specifies the user name needed for accessing the user directory.
Note: When using this parameter, set requireCreds to 1.
password (string)
(Optional) Specifies the password required for accessing the user directory.
Note: When using this parameter, set requireCreds to 1.
searchResults (int)
(Optional) Specifies the maximum number of results to return from a search of an LDAP or custom directory.
searchScope (int)
(Optional) Specifies how many levels SiteMinder searches when looking for users or user groups in an LDAP directory:
Specifies searching the root and all levels below.
Specifies searching the root and one level below.
Note: For more information, see the searchRoot parameter.
searchTimeout (int)
(Optional) Specifies the maximum time, in seconds, allowed for searching an LDAP or custom directory.
secureConn (int)
(Optional) Specifies whether an LDAP or custom user directory connection is secured by SSL:
Specifies a connection secured by SSL.
Specifies a connection that is not secure.
Note: When this flag is enabled, SiteMinder authentication is secure and transmissions are encrypted. Enable this flag when using SSL.
requireCreds (int)
(Optional) Specifies whether user credentials are required for authentication:
Specifies that credentials are required.
Specifies that credentials are not required.
disabledAttr (string)
(Optional) Specifies the name of the user directory attribute that contains the user's disabled state.
Note: This parameter applies to LDAP and ODBC directories and some custom directories.
UIDAttr (string)
(Optional) Specifies the name of the user directory's universal ID attribute.
Note: The universal ID is different from the user's login ID and is used to look up user information. This parameter applies to LDAP, ODBC, and WinNT directories and to some custom directories.
anonID (string)
(Optional) Specifies the name of the user directory's anonymous user DN attribute.
Note: The DN, which is defined in the anonymous authentication scheme, gives anonymous users access to resources protected by the anonymous authentication scheme. This parameter applies to LDAP directories and some custom directories.
pwdData (string)
(Optional) Specifies the name of the user directory's password data attribute.
Note: This parameter applies to LDAP and ODBC directories and some custom directories.
pwdAttr (string)
(Optional) Specifies the name of the user directory's password attribute.
Note: This parameter applies to LDAP and ODBC directories and some custom directories.
emailAttr (string)
Note: This optional parameter is reserved for future use.
chalRespAttr (string)
(Optional) Specifies the name of the user directory's challenge/response attribute.
Example: The challenge/response can be a hint that SiteMinder sends the user when the user forgets the password.
Note: This parameter applies to LDAP directories and some custom directories.
Return Value
The CreateUserDir method returns one of the following values:
The CreateWSFEDAuthScheme method creates an instance of a WS-Federation authentication scheme and sets the authentication scheme's properties.
Syntax
The CreateWSFEDAuthScheme method has the following format:
Netegrity::PolicyMgtSession‑>CreateWSFEDAuthScheme(name, propsHash[, desc][, level])
Parameters
The CreateWSFEDAuthScheme method accepts the following parameters:
name (string)
Specifies the name of the WS-Federation authentication scheme.
propsHash (hashtable)
Specifies a reference to the hashtable of WS-Federation authentication scheme properties to set.
Note: For a complete list of WS-Federation authentication scheme properties, see Remarks.
desc (string)
(Optional) Specifies a description of the authentication scheme.
level (int)
(Optional) Specifies the authentication scheme level.
Return Value
The CreateWSFEDAuthScheme method returns one of the following values:
Remarks
The WS-Federation authentication scheme properties are grouped in the FSS Administrative UI as follows:
WSFED_NAME
WSFED_DESCRIPTION
WSFED_KEY_APID
WSFED_RPID
WSFED_SKEW_TIME
WSFED_DISABLE_SIGNATURE_PROCESSING
WSFED_DSIG_VERINFO_ALIAS
WSFED_AP_XPATH
WSFED_AP_LDAP_SEARCH_SPEC
WSFED_AP_ODBC_SEARCH_SPEC
WSFED_AP_WINNT_SEARCH_SPEC
WSFED_AP_CUSTOM_SEARCH_SPEC
WSFED_AP_ADD_SEARCH_SPEC
WSFED_AP_SSO_REDIRECT_MODE
WSFED_AP_SSO_DEFAULT_SERVICE
WSFED_AP_SSO_TARGET
WSFED_ENFORCE_SINGLE_USE_POLICY
WSFED_AP_SLO_ENABLED
WSFED_AP_SIGNOUT_URL
WSFED_AP_PLUGIN_CLASS
WSFED_AP_PLUGIN_PARAMS
WSFED_AP_USER_NOT_FOUND_REDIRECT_URL
WSFED_AP_USER_NOT_FOUND_REDIRECT_MODE
WSFED_AP_FAILURE_REDIRECT_URL
WSFED_AP_FAILURE_REDIRECT_MODE
WSFED_AP_INVALID_REDIRECT_URL
WSFED_AP_INVALID_REDIRECT_MODE
The DeleteAdmin method deletes an administrator from the policy store.
Syntax
The DeleteAdmin method has the following format:
Netegrity::PolicyMgtSession‑>DeleteAdmin(admin)
Parameters
The DeleteAdmin method accepts the following parameter:
admin (PolicyMgtAdmin object)
Specifies the administrator object to delete.
Return Value
The DeleteAdmin method returns one of the following values:
Specifies that the method is successful or that the administrator is not found.
Specifies that the method is unsuccessful.
Remarks
To remove an administrator from a particular domain, see the method PolicyMgtAffDomain‑>RemoveAdmin.
The DeleteAffDomain method deletes an affiliate domain.
Syntax
The DeleteAffDomain method has the following format:
Netegrity::PolicyMgtSession‑>DeleteAffDomain(affDomain)
Parameters
The DeleteAffDomain method accepts the following parameter:
affDomain (PolicyMgtAffDomain object)
Specifies the affiliate domain object to delete.
Return Value
The DeleteAffDomain method returns one of the following values:
Specifies that the method is successful or that the affiliate domain is not found.
Specifies that the method is unsuccessful.
The DeleteAgent method deletes an agent.
Syntax
The DeleteAgent method has the following format:
Netegrity::PolicyMgtSession‑>DeleteAgent(agent)
Parameters
The DeleteAgent method accepts the following parameter:
agent (PolicyMgtAgent object)
Specifies the agent object to delete.
Return Value
The DeleteAgent method returns one of the following values:
Specifies that the method is successful or that the agent is not found.
Specifies that the method is unsuccessful.
The DeleteAgentConfig method deletes an agent configuration object.
Syntax
The DeleteAgentConfig method has the following format:
Netegrity::PolicyMgtSession‑>DeleteAgentConfig(AgentConfig)
Parameters
The DeleteAgentConfig method accepts the following parameter:
AgentConfig (PolicyMgtAgentConfig object)
Specifies the agent configuration object to delete.
Return Value
The DeleteAgentConfig method returns one of the following values:
Specifies that the method is successful or that the agent configuration object was not found.
Specifies that the method is unsuccessful.
The DeleteAuthAzMap method deletes an authentication and authorization map.
Syntax
The DeleteAuthAzMap method has the following format:
Netegrity::PolicyMgtSession‑>DeleteAuthAzMap(map)
Parameters
The DeleteAuthAzMap method accepts the following parameter:
map (PolicyMgtAuthAzMap object)
Specifies the authentication and authorization map object to delete.
Return Value
The DeleteAuthAzMap method returns one of the following values:
Specifies that the method is successful or that the authentication and authorization map is not found.
Specifies that the method is unsuccessful.
The DeleteAuthScheme method deletes an authentication scheme.
Syntax
The DeleteAuthScheme method has the following format:
Netegrity::PolicyMgtSession‑>DeleteAuthScheme(authScheme)
Parameters
The DeleteAuthScheme method accepts the following parameter:
authScheme (PolicyMgtAuthScheme object)
Specifies the authentication scheme object to delete.
Return Value
The DeleteAuthScheme method returns one of the following values:
Specifies that the method is successful or that the authentication scheme is not found.
Specifies that the method is unsuccessful.
The DeleteCertMap method deletes a certificate map.
Syntax
The DeleteCertMap method has the following format:
Netegrity::PolicyMgtSession‑>DeleteCertMap(map)
Parameters
The DeleteCertMap method accepts the following parameter:
map (PolicyMgtCertMap object)
Specifies the certificate map object to delete.
Return Value
The DeleteCertMap method returns one of the following values:
Specifies that the method is successful or that the certificate map is not found.
Specifies that the method is unsuccessful.
The DeleteDomain method deletes a policy domain.
Syntax
The DeleteDomain method has the following format:
Netegrity::PolicyMgtSession‑>DeleteDomain(domain)
Parameters
The DeleteDomain method accepts the following parameter:
domain (PolicyMgtDomain object)
Specifies the domain object to delete.
Return Value
The DeleteDomain method returns one of the following values:
Specifies that the method is successful or that the domain is not found.
Specifies that the method is unsuccessful.
The DeleteGlobalPolicy method deletes a global policy.
Syntax
The DeleteGlobalPolicy method has the following format:
Netegrity::PolicyMgtSession‑>DeleteGlobalPolicy(policy)
Parameters
The DeleteGlobalPolicy method accepts the following parameter:
policy (PolicyMgtPolicy object)
Specifies the global policy object to delete.
Return Value
The DeleteGlobalPolicy method returns one of the following values:
Specifies that the method is successful.
Specifies that the method is unsuccessful.
The DeleteGlobalResponse method deletes a global response.
Syntax
The DeleteGlobalResponse method has the following format:
Netegrity::PolicyMgtSession‑>DeleteGlobalResponse(response)
Parameters
The DeleteGlobalResponse method accepts the following parameter:
response (PolicyMgtResponse object)
Specifies the global response object to delete.
Return Value
The DeleteGlobalResponse method returns one of the following values:
Specifies that the method is successful.
Specifies that the method is unsuccessful.
The DeleteGlobalRule method deletes a global rule.
Syntax
The DeleteGlobalRule method has the following format:
Netegrity::PolicyMgtSession‑>DeleteGlobalRule(rule)
Parameters
The DeleteGlobalRule method accepts the following parameter:
rule (PolicyMgtRule object)
Specifies the global rule object to delete.
Return Value
The DeleteGlobalRule method returns one of the following values:
Specifies that the method is successful.
Specifies that the method is unsuccessful.
The DeleteGroup method deletes an agent group.
Syntax
The DeleteGroup method has the following format:
Netegrity::PolicyMgtSession‑>DeleteGroup(group)
Parameters
The DeleteGroup method accepts the following parameter:
group (PolicyMgtGroup object)
Specifies the agent group object to delete.
Return Value
The DeleteGroup method returns one of the following values:
Specifies that the method is successful or that the agent group is not found.
Specifies that the method is unsuccessful.
The DeleteHostConfig method deletes a host configuration object.
Syntax
The DeleteHostConfig method has the following format:
Netegrity::PolicyMgtSession‑>DeleteHostConfig(HostConfig)
Parameters
The DeleteHostConfig method accepts the following parameter:
HostConfig (PolicyMgtHostConfig object)
Specifies the host configuration object to delete.
Return Value
The DeleteHostConfig method returns one of the following values:
Specifies that the method is successful or that the host configuration object is not found.
Specifies that the method is unsuccessful.
The DeleteODBCQueryScheme method deletes an ODBC query scheme.
Syntax
The DeleteODBCQueryScheme method has the following format:
Netegrity::PolicyMgtSession‑>DeleteODBCQueryScheme(scheme)
Parameters
The DeleteODBCQueryScheme method accepts the following parameter:
scheme (PolicyMgtODBCQueryScheme object)
Specifies the ODBC query scheme object to delete.
Return Value
The DeleteODBCQueryScheme method returns one of the following values:
Specifies that the method is successful or that the ODBC query scheme is not found.
Specifies that the method is unsuccessful.
The DeletePwdPolicy method deletes a password policy.
Syntax
The DeletePwdPolicy method has the following format:
Netegrity::PolicyMgtSession‑>DeletePwdPolicy(pwdPolicy)
Parameters
The DeletePwdPolicy method accepts the following parameter:
pwdPolicy (PolicyMgtPwdPolicy object)
Specifies the password policy object to delete.
Return Value
The DeletePwdPolicy method returns one of the following values:
Specifies that the method is successful or that the password policy is not found.
Specifies that the method is unsuccessful.
The DeleteRegScheme method deletes a registration scheme.
Syntax
The DeleteRegScheme method has the following format:
Netegrity::PolicyMgtSession‑>DeleteRegScheme(regScheme)
Parameters
The DeleteRegScheme method accepts the following parameter:
regScheme (PolicyMgtRegScheme object)
Specifies the registration scheme object to delete.
Return Value
The DeleteRegScheme method returns one of the following values:
Specifies that the method is successful or that the registration scheme is not found.
Specifies that the method is unsuccessful.
The DeleteSAMLAffiliation method deletes a SAML 2.0 affiliation object.
Syntax
The DeleteSAMLAffiliation method has the following format:
Netegrity::PolicyMgtSession‑>DeleteSAMLAffiliation(SAMLAffil)
Parameters
The DeleteSAMLAffiliation method accepts the following parameter:
SAMLAffil (PolicyMgtSAMLAffiliation object)
Specifies the SAML 2.0 affiliation object to delete.
Return Value
The DeleteSAMLAffiliation method returns one of the following values:
Specifies that the method is successful or that the SAML affiliation object is not found.
Specifies that the method is unsuccessful.
The DeleteTrustedHost method deletes a trusted host.
Syntax
The DeleteTrustedHost method has the following format:
Netegrity::PolicyMgtSession‑>DeleteTrustedHost(TrustedHost)
Parameters
The DeleteTrustedHost method accepts the following parameter:
TrustedHost (PolicyMgtTrustedHost object)
Specifies the trusted host object to delete.
Return Value
The DeleteTrustedHost method returns one of the following values:
Specifies that the method is successful or that the trusted host is not found.
Specifies that the method is unsuccessful.
The DeleteUserDir method
Syntax
The DeleteUserDir method has the following format:
Netegrity::PolicyMgtSession‑>DeleteUserDir(userdir)
Parameters
The DeleteUserDir method accepts the following parameter:
userdir (PolicyMgtUserDir object)
Specifies the user directory object to delete.
Return Value
The DeleteUserDir method returns one of the following values:
Specifies that the method is successful or that the user directory is not found.
Specifies that the method is unsuccessful.
The GetAdmin method retrieves the specified administrator.
Syntax
The GetAdmin method has the following format:
Netegrity::PolicyMgtSession‑>GetAdmin(adminName)
Parameters
The GetAdmin method accepts the following parameter:
adminName (string)
Specifies the name of the administrator to retrieve.
Return Value
The GetAdmin method returns one of the following values:
The GetAffDomain method retrieves the specified affiliate domain.
Syntax
The GetAffDomain method has the following format:
Netegrity::PolicyMgtSession‑>GetAffDomain(domName)
Parameters
The GetAffDomain method accepts the following parameter:
domName (string)
Specifies the name of the affiliate domain to retrieve.
Return Value
The GetAffDomain method returns one of the following values:
The GetAgent method retrieves the specified agent.
Syntax
The GetAgent method has the following format:
Netegrity::PolicyMgtSession‑>GetAgent(agentName)
Parameters
The GetAgent method accepts the following parameter:
agentName (string)
Specifies the name of the agent to retrieve.
Return Value
The GetAgent method returns one of the following values:
The GetAgentConfig method retrieves the specified agent configuration object.
Syntax
The GetAgentConfig method has the following format:
Netegrity::PolicyMgtSession‑>GetAgentConfig(acName)
Parameters
The GetAgentConfig method accepts the following parameter:
acName (string)
Specifies the name of the agent configuration object to retrieve.
Return Value
The GetAgentConfig method returns one of the following values:
The GetAgentGroup method retrieves the specified agent group.
Syntax
The GetAgentGroup method has the following format:
Netegrity::PolicyMgtSession‑>GetAgentGroup(agentGroup)
Parameters
The GetAgentGroup method accepts the following parameter:
agentGroup (string)
Specifies the name of the agent group to retrieve.
Return Value
The GetAgentGroup method returns one of the following values:
The GetAgentType method retrieves the specified agent type.
Syntax
The GetAgentType method has the following format:
Netegrity::PolicyMgtSession‑>GetAgentType(agentTypeName)
Parameters
The GetAgentType method accepts the following parameter:
agentTypeName (string)
Specifies one of the following pre-defined agent types to retrieve:
Return Value
The GetAgentType method returns one of the following values:
The GetAllAdmins method retrieves a list of all administrators configured on the Policy Server.
Syntax
The GetAllAdmins method has the following format:
Netegrity::PolicyMgtSession‑>GetAllAdmins()
Parameters
The GetAllAdmins method accepts no parameters.
Return Value
The GetAllAdmins method returns one of the following values:
The GetAllAffDomains method retrieves a list of all configured affiliate domains.
Syntax
The GetAllAffDomains method has the following format:
Netegrity::PolicyMgtSession‑>GetAllAffDomains()
Parameters
The GetAllAffDomains method accepts no parameters.
Return Value
The GetAllAffDomains method returns one of the following values:
The GetAllAgentConfigs method retrieves a list of all agent configuration objects.
Syntax
The GetAllAgentConfigs method has the following format:
Netegrity::PolicyMgtSession‑>GetAllAgentConfigs()
Parameters
The GetAllAgentConfigs method accepts no parameters.
Return Value
The GetAllAgentConfigs method returns one of the following values:
The GetAllAgentGroups method retrieves a list of all agent group objects.
Syntax
The GetAllAgentGroups method has the following format:
Netegrity::PolicyMgtSession‑>GetAllAgentGroups()
Parameters
The GetAllAgentGroups method accepts no parameters.
Return Value
The GetAllAgentGroups method returns one of the following values:
The GetAllAgents method retrieves a list of all agents configured on the Policy Server.
Syntax
The GetAllAgents method has the following format:
Netegrity::PolicyMgtSession‑>GetAllAgents()
Parameters
The GetAllAgents method accepts no parameters.
Return Value
The GetAllAgents method returns one of the following values:
The GetAllAuthAzMaps method retrieves a list of all authentication and authorization maps.
Syntax
The GetAllAuthAzMaps method has the following format:
Netegrity::PolicyMgtSession‑>GetAllAuthAzMaps()
Parameters
The GetAllAuthAzMaps method accepts no parameters.
Return Value
The GetAllAuthAzMaps method returns one of the following values:
The GetAllAuthSchemes method retrieves a list of all authentication schemes on the Policy Server.
Syntax
The GetAllAuthSchemes method has the following format:
Netegrity::PolicyMgtSession‑>GetAllAuthSchemes([showTemplates])
Parameters
The GetAllAuthSchemes method accepts the following parameter:
showTemplates (int)
(Optional) Specifies whether to include template schemes in the list of authentication schemes.
Specifies not including template schemes in the list of authentication schemes.
Specifies including template schemes in the list of authentication schemes.
Return Value
The GetAllAuthSchemes method returns one of the following values:
The GetAllCertMaps method retrieves a list of all certificate mapping objects.
Syntax
The GetAllCertMaps method has the following format:
Netegrity::PolicyMgtSession‑>GetAllCertMaps()
Parameters
The GetAllCertMaps method accepts no parameters.
Return Value
The GetAllCertMaps method returns one of the following values:
The GetAllDomains method retrieves a list of all domains configured on the Policy Server.
Syntax
The GetAllDomains method has the following format:
Netegrity::PolicyMgtSession‑>GetAllDomains()
Parameters
The GetAllDomains method accepts no parameters.
Return Value
The GetAllDomains method returns one of the following values:
The GetAllGlobalPolicies method retrieves a list of all global policy objects.
Syntax
The GetAllGlobalPolicies method has the following format:
Netegrity::GetAllGlobalPolicies()
Parameters
The GetAllGlobalPolicies method accepts no parameters.
Return Value
The GetAllGlobalPolicies method returns one of the following values:
The GetAllGlobalResponses method retrieves a list of all global response objects.
Syntax
The GetAllGlobalResponses method has the following format:
Netegrity::PolicyMgtSession‑>GetAllGlobalResponses()
Parameters
The GetAllGlobalResponses method accepts no parameters.
Return Value
The GetAllGlobalResponses method returns one of the following values:
The GetAllGlobalRules method retrieves a list of all global rule objects.
Syntax
The GetAllGlobalRules method has the following format:
Netegrity::PolicyMgtSession‑>GetAllGlobalRules()
Parameters
The GetAllGlobalRules method accepts no parameters.
Return Value
The GetAllGlobalRules method returns one of the following values:
The GetAllHostConfigs method retrieves a list of all host configuration objects.
Syntax
The GetAllHostConfigs method has the following format:
Netegrity::PolicyMgtSession‑>GetAllHostConfigs()
Parameters
The GetAllHostConfigs method accepts no parameters.
Return Value
The GetAllHostConfigs method returns one of the following values:
The GetAllODBCQuerySchemes method retrieves a list of all ODBC query schemes on the Policy Server.
Syntax
The GetAllODBCQuerySchemes method has the following format:
Netegrity::PolicyMgtSession‑>GetAllODBCQuerySchemes()
Parameters
The GetAllODBCQuerySchemes method accepts no parameters.
Return Value
The GetAllODBCQuerySchemes method returns one of the following values:
The GetAllPwdPolicies method retrieves a list of all configured password policies.
Syntax
The GetAllPwdPolicies method has the following format:
Netegrity::PolicyMgtSession‑>GetAllPwdPolicies()
Parameters
The GetAllPwdPolicies method accepts no parameters.
Return Value
The GetAllPwdPolicies method returns one of the following values:
The GetAllRegSchemes method retrieves a list of all registration schemes configured on the Policy Server.
Syntax
The GetAllRegSchemes method has the following format:
Netegrity::PolicyMgtSession‑>GetAllRegSchemes()
Parameters
The GetAllRegSchemes method accepts no parameters.
Return Value
The GetAllRegSchemes method returns one of the following values:
The GetAllSAMLAffiliations method retrieves a list of all SAML 2.0 affiliations.
Syntax
The GetAllSAMLAffiliations method has the following format:
Netegrity::PolicyMgtSession‑>GetAllSAMLAffiliations()
Parameters
The GetAllSAMLAffiliations method accepts no parameters.
Return Value
The GetAllSAMLAffiliations method returns one of the following values:
The GetAllSAMLSchemeAttributes method retrieves a list of all defined SAML 2.0 Requester attributes.
Syntax
The GetAllSAMLSchemeAttributes method has the following format:
Netegrity::PolicyMgtSession‑>GetAllSAMLSchemeAttributes(scheme)
Parameters
The GetAllSAMLSchemeAttributes method accepts the following parameter:
scheme (PolicyMgtAuthScheme object)
Specifies the SAML 2.0 authentication scheme object.
Return Value
The GetAllSAMLSchemeAttributes method returns one of the following values:
The GetAllTrustedHosts method retrieves a list of all trusted host objects.
Syntax
The GetAllTrustedHosts method has the following format:
Netegrity::PolicyMgtSession‑>GetAllTrustedHosts()
Parameters
The GetAllTrustedHosts method accepts no parameters.
Return Value
The GetAllTrustedHosts method returns one of the following values:
The GetAllUserDirs method retrieves a list of all user directories associated with the Policy Server.
Syntax
The GetAllUserDirs method has the following format:
Netegrity::PolicyMgtSession‑>GetAllUserDirs()
Parameters
The GetAllUserDirs method accepts no parameters.
Return Value
The GetAllUserDirs method returns one of the following values:
The GetAllVariableTypes method retrieves a list of all variable type objects configured on the Policy Server.
Syntax
The GetAllVariableTypes method has the following format:
Netegrity::PolicyMgtSession‑>GetAllVariableTypes()
Parameters
The GetAllVariableTypes method accepts no parameters.
Return Value
The GetAllVariableTypes method returns one of the following values:
The GetAuthScheme method retrieves the specified authentication scheme object. Existing authentication schemes are specified by name. To create a new authentication scheme, use this method to retrieve the type of authentication scheme object or template upon which you want the new scheme to be based. Then, pass the resulting object to the PolicyMgtSession‑>CreateAuthScheme method in the schemeTemplate parameter. For information about creating a SAML 2.0 authentication scheme, see the method PolicyMgtSession‑>CreateSAMLAuthScheme.
Syntax
The GetAuthScheme method has the following format:
Netegrity::PolicyMgtSession‑>GetAuthScheme(schemeName)
Parameters
The GetAuthScheme method accepts the following parameter:
schemeName (string)
Specifies one of the following:
Return Value
The GetAuthScheme method returns one of the following values:
The GetCertMap method retrieves the certificate mapping object specified by the certificate issuer's DN.
Syntax
The GetCertMap method has the following format:
Netegrity::PolicyMgtSession‑>GetCertMap(issuerDN)
Parameters
The GetCertMap method accepts the following parameter:
issuerDN (string)
Specifies the certificate issuer's DN.
Return Value
The GetCertMap method returns one of the following values:
The GetDomain method retrieves the specified policy domain object.
Syntax
The GetDomain method has the following format:
Netegrity::PolicyMgtSession‑>GetDomain(domName)
Parameters
The GetDomain method accepts the following parameter:
domName (string)
Specifies the name of the domain to retrieve.
Return Value
The GetDomain method returns one of the following values:
The GetGlobalPolicy method retrieves the specified global policy object.
Syntax
The GetGlobalPolicy method has the following format:
Netegrity::PolicyMgtSession‑>GetGlobalPolicy(policyName)
Parameters
The GetGlobalPolicy method accepts the following parameter:
policyName (string)
Specifies the name of the global policy to retrieve.
Return Value
The GetGlobalPolicy method returns one of the following values:
The GetGlobalResponse method retrieves the specified global response object.
Syntax
The GetGlobalResponse method has the following format:
Netegrity::PolicyMgtSession‑>GetGlobalResponse(responseName)
Parameters
The GetGlobalResponse method accepts the following parameter:
responseName (string)
Specifies the name of the global response to retrieve.
Return Value
The GetGlobalResponse method returns one of the following values:
The GetGlobalRule method retrieves the specified global rule object.
Syntax
The GetGlobalRule method has the following format:
Netegrity::PolicyMgtSession‑>GetGlobalRule(ruleName)
Parameters
The GetGlobalRule method accepts the following parameter:
ruleName (string)
Specifies the name of the global rule to retrieve.
Return Value
The GetGlobalRule method returns one of the following values:
The GetHostConfig method retrieves the specified host configuration object.
Syntax
The GetHostConfig method has the following format:
Netegrity::PolicyMgtSession‑>GetHostConfig(hcName)
Parameters
The GetHostConfig method accepts the following parameter:
hcName (string)
Specifies the name of the host configuration object to retrieve.
Return Value
The GetHostConfig method returns one of the following values:
The GetODBCQueryScheme method retrieves the specified ODBC query scheme object.
Syntax
The GetODBCQueryScheme method has the following format:
Netegrity::PolicyMgtSession‑>GetODBCQueryScheme(schemeName)
Parameters
The GetODBCQueryScheme method accepts the following parameter:
schemeName (string)
Specifies the ODBC query scheme to retrieve.
Return Value
The GetODBCQueryScheme method returns one of the following values:
The GetPwdPolicy method retrieves the specified password policy object.
Syntax
The GetPwdPolicy method has the following format:
Netegrity::PolicyMgtSession‑>GetPwdPolicy(pwdPolicyName)
Parameters
The GetPwdPolicy method accepts the following parameter:
pwdPolicyName (string)
Specifies the name of the password policy to retrieve.
Return Value
The GetPwdPolicy method returns one of the following values:
The GetRegScheme method retrieves the specified registration scheme object.
Syntax
The GetRegScheme method has the following format:
Netegrity::PolicyMgtSession‑>GetRegScheme(schemeName)
Parameters
The GetRegScheme method accepts the following parameter:
schemeName (string)
Specifies the name of the registration scheme to retrieve.
Return Value
The GetRegScheme method returns one of the following values:
The GetSAMLAffiliation method retrieves the specified SAML 2.0 affiliation object.
Syntax
The GetSAMLAffiliation method has the following format:
Netegrity::PolicyMgtSession‑>GetSAMLAffiliation(affilName)
Parameters
The GetSAMLAffiliation method accepts the following parameter:
affilName (string)
Specifies the name or OID of the SAML affiliation to retrieve.
Note: When an OID is specified, it can be prefixed with the "@" character.
Return Value
The GetSAMLAffiliation method returns one of the following values:
The GetSAMLAffiliationById method retrieves the SAML 2.0 affiliation object specified by the affiliation ID passed to the method.
Syntax
The GetSAMLAffiliationById method has the following format:
Netegrity::PolicyMgtSession‑>GetSAMLAffiliationById(affilID)
Parameters
The GetSAMLAffiliationById method accepts the following parameter:
affilID (string)
Specifies the affiliation ID of the SAML affiliation to retrieve.
Return Value
The GetSAMLAffiliationById method returns one of the following values:
The GetSharedSecretPolicy method retrieves the specified shared secret rollover policy object. Because each policy store domain can have only one shared secret rollover policy, there is no need to pass the name of the policy to this method.
Syntax
The GetSharedSecretPolicy method has the following format:
Netegrity::PolicyMgtSession‑>GetSharedSecretPolicy()
Parameters
The GetSharedSecretPolicy method accepts no parameters.
Return Value
The GetSharedSecretPolicy method returns the following value:
The GetTrustedHost method retrieves the specified trusted host object.
Syntax
The GetTrustedHost method has the following format:
Netegrity::PolicyMgtSession‑>GetTrustedHost(thName)
Parameters
The GetTrustedHost method accepts the following parameter:
thName (string)
Specifies the name of the trusted host to retrieve.
Return Value
The GetTrustedHost method returns one of the following values:
The GetUserDir method retrieves the specified user directory object.
Syntax
The GetUserDir method has the following format:
Netegrity::PolicyMgtSession‑>GetUserDir(dirName)
Parameters
The GetUserDir method accepts the following parameter:
dirName (string)
Specifies the name of the user directory to retrieve.
Return Value
The GetUserDir method returns one of the following values:
The GetVariableType method retrieves the specified variable type object. To create a new variable object of the specified type, pass the resulting variable type object to the CreateVariable method in the varType parameter.
Syntax
The GetVariableType method has the following format:
Netegrity::PolicyMgtSession‑>GetVariableType(varTypeName)
Parameters
The GetVariableType method accepts the following parameter:
varTypeName (string)
Specifies one of the following variable type names:
Post
UserContext
RequestContext
Static
WebService
XMLBody
XMLAgent
XMLEnvelopeHeader
Transport
SAMLAssertion
Note: Variable type names are case-sensitive and must not contain spaces.
Return Value
The GetVariableType method returns one of the following values:
Remarks
You cannot create a TransactionMinder variable with the Command Line Interface. If you have TransactionMinder and the Option Pack installed, you can create TransactionMinder variables in the Administrative UI.
The RemoveAttributeFromSAMLScheme method removes an attribute from a SAML 2.0 authentication scheme.
Syntax
The RemoveAttributeFromSAMLScheme method has the following format:
Netegrity::PolicyMgtSession‑>RemoveAttributeFromSAMLScheme(scheme, pSAMLRequesterAttr)
Parameters
The RemoveAttributeFromSAMLScheme method accepts the following parameters:
scheme (PolicyMgtAuthScheme object)
Specifies the SAML 2.0 authentication scheme from which to remove the attribute.
pSAMLRequesterAttribute (string)
Specifies the attribute to remove.
Return Value
The RemoveAttributeFromSAMLScheme method returns one of the following values:
Specifies that the method is successful.
Specifies that the method is unsuccessful.
The SAMLAuthSchemeProperties method sets or retrieves the SAML 2.0 metadata properties that reside in an existing SAML 2.0 authentication scheme. For a complete list of SAML 2.0 metadata properties, see the method PolicyMgtSession‑>CreateSAMLAuthScheme.
Syntax
The SAMLAuthSchemeProperties method has the following format:
Netegrity::PolicyMgtSession‑>SAMLAuthSchemeProperties(scheme, propsHash_ref)
Parameters
The SAMLAuthSchemeProperties method accepts the following parameters:
scheme (PolicyMgtAuthScheme object)
Specifies the authentication scheme whose metadata properties are set or retrieved.
propsHash_ref (hash)
Specifies a reference to a hashtable of metadata properties to set or retrieve.
Return Value
The SAMLAuthSchemeProperties method returns one of the following values:
Specifies that the method is successful.
Specifies that the method is unsuccessful.
Remarks
When the hashtable is empty, the SAMLAuthSchemeProperties method retrieves all metadata properties. You can define an empty hashtable as follows:
%myhash=();
Then, you can reference the empty hashtable as follows:
\%myhash
Finally, you can pass the hashtable reference to the SAMLAuthSchemeProperties method through the propsHash_ref parameter.
The WSFEDAuthSchemeProperties method sets or retrieves the WS-Federation metadata properties in an existing WS-Federation authentication scheme. For a complete list of WS-Federation metadata properties, see the method PolicyMgtSession‑>CreateWSFEDAuthScheme.
Syntax
The WSFEDAuthSchemeProperties method has the following format:
Netegrity::PolicyMgtSession‑>WSFEDAuthSchemeProperties(scheme, propsHash_ref)
Parameters
The WSFEDAuthSchemeProperties method accepts the following parameters:
scheme (PolicyMgtAuthScheme object)
Specifies the authentication scheme whose WS-Federation metadata properties are set or retrieved.
propsHash_ref (hash)
Specifies a reference to a hashtable of metadata properties to set or retrieve.
Return Value
The WSFEDAuthSchemeProperties method returns one of the following values:
Specifies that the method is successful.
Specifies that the method is unsuccessful.
Remarks
When the hashtable is empty, the WSFEDAuthSchemeProperties method retrieves all metadata properties. You can define an empty hashtable as follows:
%myhash=();
Then, you can reference the empty hashtable as follows:
\%myhash
Finally, you can pass the hashtable reference to the WSFEDAuthSchemeProperties method through the propsHash_ref parameter.
Copyright © 2014 CA.
All rights reserved.
|
|