If APSAdmin is invoked without specifying a user (discussed later), it will present a user selection panel.
By default, the user selection panel asks for the User Directory in a drop-down box (if more than one directory is available) and asks for the user path in a standard text box. The format of the user path is directory-type specific: for example, LDAP directories will require a full LDAP DN, whereas an ODBC directory will require just a user id.
When the user hits the Submit button, APSAdmin will communicate with the APS library on the Policy Server to retrieve the record.
APSAdmin supports a number of options in this mode. Some options can be specified in the query string, some options are specified using SiteMinder Responses.
The Query String (that part of the URL after a question mark) can specify all or part of a user directory specification. This can be used to restrict the directory from which the online user can select. APSAdmin will only display those directories that qualify. If only one directory qualifies, then no directory needs to be selected, only the user.
This can be used by setting up SiteMinder rules that restrict the URL that the administrator can access. In these cases, the link (from wherever the user accesses APSAdmin) should contain the query string restricting the directory.
The directory is specified using in the query string as "DIR=<directory>". The <directory> is compared, from left to right, with the directory list that exists in the SiteMinder Policy Store.
For example, to restrict the user to only LDAP directories, (on Windows) use:
http://server/APSAdmin/APSAdmin.exe?DIR=LDAP:
For ODBC directories only, (on Solaris) use:
http://server/APSAdmin/APSAdmin?DIR=ODBC:
The actual directory can be restricted as well, by specifying the directory itself, such as:
http://server/APSAdmin/APSAdmin?DIR=LDAP%3A%2F%2F127.0.0.1
In this case, only the one directory will be available.
Partial directory specifications are also supported.
If the directory specification has unusual characters in it, they should be URL-encoded.
If READONLY appears in the Query String, the user, when displayed, will be in read-only mode; that is, all allowed fields will be displayed, no data entry will be possible.
If multiple query string options are used, READONLY must be separated from other options with an ampersand ("&"), such as:
http://server/APSAdmin/APSAdmin?DIR=LDAP:&READONLY
The READONLY option has no effect on user selection. It will be passed to the user display to control operation.
Some sites may wish to display a Help button on this panel. APSAdmin can display a Help button that will display a site-supplied URL.
To make APSAdmin provide a Help button, define a static response (using the SiteMinder Policy Server User Interface) called HELPURL. The value of this attribute should be the URL containing the help text to be displayed.
Different help URLs can be specified for different APSAdmin panels by using different rules based on the query string (this will be complicated because of the many query string options, but it is possible --- you will have to use regular expressions when defining the Rule).
Some sites may wish to display a Cancel button on this panel. APSAdmin can display a Cancel button that, when pressed, will return the user to a specified URL.
To make APSAdmin provide a Cancel button, pass the desired URL in the query string using the CancelTo option, such as:
http://server/APSAdmin/APSAdmin?CancelTo=%2F%2Fsvr/abc.htm
Note that the target is URL-encoded.
The CancelTo URL is passed to the user display panel.
To suppress the Reset button, use the APSAdmin.lang file (located on the Web Server) to translate the key USERSELECT_RESET to a null value. The Reset button will not be displayed.
All text on the User Selection page is translated using the APSAdmin.lang file stored on the Language directory on the Web Server. This includes field labels, the window title, the dialog title and error messages.
Even if your site is not using internationalization, these prompts can be changed by modifying the English translation files.
The look and feel of this panel can be customized using a Cascading Style sheet. APSAdmin, by default, embeds style definitions directly into its output. However, before doing so, it checks for the existence of a file, on the same directory as the APSAdmin program, called APSAdmin.css. If the css file exists, it will be used instead of the default styles.
The simplest way to build a css file is to bring up the form and select View Source within your browser. Simply copy the styles (those lines in the HTML header starting with a period) from the HTML into a new file called APSAdmin.css and store that file on the same directory as the APSAdmin executable. After that, modify the css file as desired.
By examining the generated HTML source, an HTML-savvy programmer can determine which styles are used for the various elements, then modify them to create the desired look and feel. Be forewarned, however, that Style Sheet support varies between browsers and browser versions, so be sure to test it for your supported platforms.
The same style sheet file is used for both User Selection and User Display panels, though, in most cases, different styles are used on each form. If the css file is used, it will have to be used for both forms.
CA expects that most sites will not want to use the User Selection panel for any of a number of reasons:
There are a number of ways that APSAdmin can be used that would bypass this screen:
Example 1
An existing user management system could place a button on the User Maintenance form labeled, say, Access. When pressed, it invokes the APSAdmin utility, perhaps in its own window, for the selected user by including the user specification in its query string (see the next section).
Example 2
An existing user management system that has its own directory navigation (complete with search) could display a user icon for displayed users that invokes APSAdmin for the associated user.
Example 3
A site could write its own navigate/search engine that just links directly to the User Display portion of APSAdmin.
|
Copyright © 2014 CA.
All rights reserved.
|
|