This section contains the following topics:
About the SiteMinder Command Line Interface
CLI Example: Create a Policy Store Object
CLI Example: View and Set Individual Properties
The CA SiteMinder® Command Line Interface (CLI) lets you perform tasks by running custom Perl scripts from the command line.
The scripting interface contains the following APIs:
The Command Line Interface provides:
The Command Line Interface lets you perform most, but not all, of the policy store operations you can perform through the Administrative UI.
By default, the SiteMinder Command Line Interface is installed in the following location:
<sm-ps-root>/CLI
<sm-ps-root> is the root directory where you installed your Policy Server software.
A complete version of Perl is installed along with the Policy Server. When you run scripts against the Command Line Interface, you should use the Perl interpreter that is installed with the Policy Server rather than any other Perl interpreter that might be on your system.
The installation program installs Perl in the following default location:
<sm-ps-root>/CLI/bin
If you have another version of Perl installed on your system, make sure that the Perl location shown above comes before any other Perl location in your system’s PATH environment variable.
The Perl Agent and Policy Management APIs can be used on the following machines:
To run a script against these APIs, use the following command line syntax:
perl scriptname
Note: A script built with the Policy Management API must run as the same user who installed the Policy Server (for example, smuser on UNIX platforms).
Suppose you are an administrator for the domain engineering. You want to create the realm documentation in that domain. Using the Administrative UI, you might take the following steps:
You are accepting all other defaults for the realm (including resource protection, which is enabled by default).
If you write a script to perform the same operation, it might look like this:
#Initialize the Policy Management API use Netegrity::PolicyMgtAPI; $policyapi = Netegrity::PolicyMgtAPI‑>New(); print "Step 1. Log in the admin and create an API session.\n"; $session = $policyapi‑>CreateSession("adminid", "adminpwd"); print "Step 2. Select the domain for the new realm.\n"; $domain=$session‑>GetDomain("engineering"); #Get the realm’s agent and authorization scheme info.\n"; $agent=$session‑>GetAgent("agent1"); $authscheme=$session‑>GetAuthScheme("Basic"); print "Step 3. Create and configure the realm.\n"; $realm=$domain‑>CreateRealm("documentation", $agent, $authscheme, "Source files for manuals", "/mysite/docs/*" ); print "Step 4. Confirm the creation of the realm.\n"; if ($realm == undef) { print "Realm creation failed.\n"; } else { print "Realm creation succeeded.\n"; }
Note: Generally, policy store object names are case-sensitive. In the above example, the Basic authentication scheme and the engineering domain are case-sensitive. Further, agent names are always written to the policy store in lowercase. Existing agents must be referenced in lowercase in your scripts.
Policy Management API objects (such as PolicyMgtRealm) provide a number of get/set methods that let you view and modify individual properties of objects in the policy store. You use these get/set methods to view and edit an object’s properties just as you would use the property fields in the Administrative UI.
The following script modifies the resource filter property:
use Netegrity::PolicyMgtAPI; $policyapi = Netegrity::PolicyMgtAPI‑>New(); $session = $policyapi‑>CreateSession("adminid", "adminpwd"); $domain=$session‑>GetDomain("engineering"); $realm=$domain‑>GetRealm("documentation"); if($realm‑>ResourceFilter() eq "/mysite/docs/*") { $filter=$realm‑>ResourceFilter("/mysite/docs/*.doc"); } if ($filter eq undef) { print "Error changing resource filter.\n"; } else { print "Resource filter changed to: " . $filter . "\n"; }
Note the following general rules:
$realm‑>ResourceFilter("/mysite/docs/*.doc");
$filter=$realm‑>ResourceFilter();
Sample scripts are installed in the following default location:
<sm-ps-root>/CA/siteminder/CLI/examples
Before using a sample script, be sure to change the values of the site-specific variables (such as administrator’s credentials and user-store location) that are defined at the beginning of the script.
You can find additional information about Policy Server and agent operations in the following SiteMinder documents:
The poster Scripting Interface for Perl: Object Dependencies is included with SiteMinder. The poster illustrates the Perl objects that you need to create or retrieve before you can manipulate dependent objects. Each object is shown with all of its methods.
Copyright © 2014 CA.
All rights reserved.
|
|