This section contains the following topics:
The Policy Server and the Policy Management API
Write a Script against the Policy Management API
CLI Authentication Scheme Configuration
The Policy Server manages data that describes protected resources and the requirements for accessing those resources. A Policy Server also manages information about the administrators of the protected domains. This security data is located in a policy store such as LDAP.
The Policy Management API (module Netegrity::PolicyMgtAPI) lets you perform most of the Policy Server design and administration operations that you can perform with the Administrative UI. For example, you can:
In addition, the Policy Management API data management object (PolicyMgtDataMgr) lets you copy specific objects from one policy store to another, rather than an entire policy store or domain as allowed by the SiteMinder smobjexport and smobjmport tools.
The Policy Management API must be installed on the machine where the target Policy Server is located. The Policy Management API cannot access a remote Policy Server. However, the policy store can be on a remote machine as long as the Policy Server is configured to point to the remote policy store.
When you write a script against the Policy Management API, take the following basic steps:
use Netegrity::PolicyMgtAPI;
$policymgtapi = Netegrity::PolicyMgtAPI‑>New();
$session = $policymgtapi‑>CreateSession("userid", "password", "127.0.0.1" );
You can now perform operations against Policy Server objects. For example, you could retrieve and print out a list of configured agents in the Policy Server:
@agents = $session‑>GetAllAgents(); foreach $agent (@agents) { print "Agent Name = " . $agent‑>Name() . "\n"; }
You can reduce the time it takes for Policy Management scripts to make changes in the policy store. To do so, pass 0 in PreLoadCache() during initialization. By default, cache pre-loading is disabled.
Copyright © 2014 CA.
All rights reserved.
|
|