This section contains the following topics:
Policy Management API Overview
Policy Management API Data Structures
Structure of a Policy Application
Functions by Category in the Policy Management API
Function Declarations for the Policy Management API
Authentication Scheme Configuration
The Policy Management API lets you manipulate policy objects within a SiteMinder installation. Using the Policy Management API, you can perform most of the data manipulations that are provided by the Administrative UI. You can also develop your own custom interface to SiteMinder.
Note: Before you work with the Policy Management API, be sure that you are familiar with SiteMinder concepts.
To use the Policy Management API
Note: You can build your Policy Management application without running the Policy Server services.
To run your Policy Management application, you need the following files:
Windows platforms: SmPolicyApi45.dll
UNIX platforms: libsmpolicyapi45.so and libsmutilities.so, in the following location:
<siteminder_install_location>\Netegrity\SiteMinder\lib
Refer to the sample makefile before executing a UNIX build.
To build your policy application, include SmPolicyAPI45.h and link to the required shared libraries.
Note: Before you build policy management applications for UNIX, you must install the SiteMinder SDK on the same machine as the Policy Server.
These functions retrieve information about an object from the SiteMinder policy store.
If the return code indicates success, a linked list of objects that match the request is returned. In most cases, the API returns a single item that matches the unique object identifier. If a matching object is not found, the return code indicates failure and the returned linked list pointer points to NULL.
Object retrieval functions are prefixed with Sm_PolicyApi_Get. To find the function that retrieves information for a particular object, look in the table of functions for that object.
To create a SiteMinder object, you must fill in the appropriate data structure and call the appropriate function with a properly initialized handle. If the call is successful:
Object creation functions are prefixed with either Sm_PolicyApi_Add or Sm_PolicyApi_Create.
These functions delete objects from the SiteMinder policy store. Only one object at a time can be deleted.
Object deletion functions are prefixed with Sm_PolicyApi_Delete or Sm_PolicyApi_Remove.
Some objects can be associated with or disassociated from one another-for example, Sm_PolicyApi_AddAdminToDomain() adds an administrator object to a domain, and Sm_PolicyApi_RemoveAdminFromDomain() removes an administrator object from a domain.
An "add-to" operation requires that both objects exist prior to the call and have an established association. After a "remove-from" operation, both objects still exist, but they are no longer associated with one other.
When you're looking for a function that associates or disassociates two objects, look in the category of the method that you are adding or removing. For example, the functions Sm_PolicyApi_AddAdminToDomain() and Sm_PolicyApi_RemoveAdminFromDomain() are both found in Administrator Functions.
With the introduction of nested realms, the unique identification of an object can no longer rely on a realm name. When a SiteMinder object is created, a unique object identifier (OID) is written in the pszOid field of the object's defining structure.
These functions do not return SiteMinder objects. Instead, they return an array of string pointers that contain the OIDs of SiteMinder objects. You pass in OIDs to SiteMinder Object Retrieval Functions (Sm_PolicyApi_Get...) to specify objects to retrieve.
The functions that return arrays of OIDs are:
Free the memory allocated by this group of functions by calling Sm_PolicyApi_FreeMemoryEx().
The following functions help you retrieve and set the search order of user directories:
By performing either of the following actions, a custom Policy Management application can reduce the time it takes to update policy store objects:
The following functions free memory allocated by the Policy Management API:
Another management command, Sm_PolicyApi_ManagementCommand(), performs cache and agent encryption key management, such as:
The type of management operation you want to perform is determined by the management command you pass to Sm_PolicyApi_ManagementCommand().
SiteMinder objects can be classified according to scope:
The scope of SiteMinder objects is as follows:
Copyright © 2014 CA.
All rights reserved.
|
|