Defines a variable object that can be used in a variable expression for a policy or a response. Variable objects are managed by the Variable Functions.
A variable is a dynamic object that is resolved to a value during an authorization request. The variables appear within an active expression defined for a policy or a response.
Variables are used as follows:
For example, suppose a policy that protects a bank's credit card application form contains an active expression with a Credit Rating variable and a Salary variable. When a user attempts to access the form, the user is authorized only if his credit rating and salary meet or exceed the minimum values for these variables.
Syntax
typedef struct Sm_PolicyApi_Variable_s { int iStructId; char pszOid[BFSIZE]; char pszName[BFSIZE]; char pszDesc[BFSIZE]; char pszVariableTypeOid[BFSIZE]; char pszDefinition[BFSIZE]; char pszMetaData[BFSIZE]; int nReturnType; bool bPreFetchFlag; char pszDomainOid[BFSIZE]; Sm_PolicyApi_Oid_t* pNestedVariableList; struct Sm_PolicyApi_Variable_s* next; } Sm_PolicyApi_Variable_t;
Field |
Description |
---|---|
iStructId |
Data structure ID, defined in Sm_PolicyApi_Structs_t. |
pszOid |
The unique object ID of the variable object. |
pszName |
The user-defined name of the variable object. |
pszDesc |
Optional text describing the variable object. |
pszVariableTypeOid |
The unique object ID of the variable type. |
pszDefinition |
Information needed to obtain the value of the variable at runtime. |
pszMetaData |
Reserved for use by the optional CA TransactionMinder product. |
nReturnType |
The data type of the variable value:
|
bPreFetchFlag |
Not currently used. |
pszDomainOid |
The unique object ID of the associated domain. |
pNestedVariableList |
A linked list of nested variable OIDs that are part of the definition of this variable. |
next |
Pointer to the next variable object structure. |
You define a variable by specifying where the variable's value can be found. You do so through the pszDefinition field.
The value of this field can be a simple string or a set of XML elements, depending on the variable type. Here are the SiteMinder variable types and a description of the pszDefinition field for each type:
The pszDefinition field contains the name of a field on an HTML form. In a POST action, the variable value is derived from the value assigned to the field.
The pszDefinition field contains the following XML code:
<RequestContextVariableDef> <ItemName></ItemName> </RequestContextVariableDef>
The variable value depends upon which of the following attribute names appears within the ItemName element:
The pszDefinition field contains the actual value that will be compared against the user-supplied data at runtime. For example, a Static variable of return type Sm_PolicyApi_VarReturnTypes_Date might be assigned the string value 2004-01-01. During authorization, this assigned date is compared against a user-supplied date.
The pszDefinition field contains some or all of the following XML code:
<UserContextVariableDef> <ItemName></ItemName> <PropertyName></PropertyName> <DN></DN> <BufferSize></BufferSize> </UserContextVariableDef>
The variable value is based on an attribute of a user directory connection (such as session ID) or on the contents of the user directory (such as user name). The name of the attribute upon which the variable value is based appears in the XML element ItemName.
The ItemName element can contain one of the following values:
The elements PropertyName, DN, and BufferSize are only used as follows:
The pszDefinition field contains the following basic XML structure:
<WebServiceVariableDefn xmlns:NeteWS= "http://www.netegrity.com/2003/SM6.0";> <NeteWS:RemoteURL></NeteWS:RemoteURL> <NeteWS:SSL/> <NeteWS:RemoteMethod></NeteWS:RemoteMethod> <NeteWS:ResultQuery></NeteWS:ResultQuery> <NeteWS:AuthCredentials> <NeteWS:Username></NeteWS:Username> <NeteWS:Password></NeteWS:Password> <NeteWS:Hash></NeteWS:Hash> </NeteWS:AuthCredentials> <NeteWS:Document> <SOAP:Envelope xmlns:SOAP= "http://schemas.xmlsoap.org/soap/envelope/";> <SOAP:Header></SOAP:Header> <SOAP:Body></SOAP:Body> </SOAP:Envelope> </NeteWS:Document> </WebServiceVariableDefn>
To retrieve a variable value from a Web Service, the Policy Server sends the Web Service a SOAP request document as specified in pszDefinition, and then extracts the variable value from the SOAP response.
The following table describes the XML elements used to configure a WebService variable:
Element |
Description |
---|---|
RemoteURL |
The URL to the Web Service that will resolve the WebService variable. |
SSL |
Specifies that the connection between the Policy Server and the Web Service should use SSL. |
RemoteMethod |
Set this element to POST. |
ResultQuery |
The return query, in XPath format. The Policy Server uses this information to search for the variable's value in the SOAP response document. |
AuthCredentials |
Optionally, specify the user's Web Service credentials through the following elements:
Optionally, use the Hash element to specify that a hash of the password is to be included in the WS‑Security password. |
Document |
Optionally, use this element to define a SOAP header and/or SOAP body through the following elements:
Nested variables of type RequestContext, UserContext, Post, and Static can be used inside the header and body. Their values are resolved and substituted before the request document is sent to the remote Web Service. Specify a nested variable as follows: $variable-name$ |
Note: The XML element structures shown above are formatted for legibility. The XML string supplied through the pszDefinition field should not be formatted with spaces, tabs, and return characters. For example, a RequestContext variable for a Resource attribute would be passed in pszDefinition as follows:
<RequestContextVariableDef><ItemName>Resource</ItemName></RequestContextVariableDef>
Copyright © 2014 CA.
All rights reserved.
|
|