This section contains the following topics:
Agent Configuration Parameters Methods
Authentication and Authorization Map Methods
Policy Server Connectivity Methods
SAML 2.0 Indexed Endpoint Methods
SAML 2.0 Requester Attribute Methods
SAML 2.0 Service Provider Methods
SAML 2.0 Service Provider Attribute Methods
Shared Secret Rollover Methods
WS-Federation Resource Partner Methods
WS-Federation Resource Partner Attribute Methods
The following methods act on PolicyMgtAdmin objects:
The AuthScheme method sets or retrieves the authentication scheme for an administrator stored in an external directory.
Syntax
The AuthScheme method has the following format:
Netegrity::PolicyMgtAdmin‑>AuthScheme( [authScheme] )
Parameters
The AuthScheme method accepts the following parameter:
authScheme (PolicyMgtAuthScheme)
(Optional) Specifies the authentication scheme to set.
Return Value
The AuthScheme method returns one of the following values:
The Description method sets or retrieves the description of the administrator.
Syntax
The Description method has the following format:
Netegrity::PolicyMgtAdmin‑>Description( [adminDesc] )
Parameters
The Description method accepts the following parameter:
adminDesc (string)
(Optional) Specifies the description of the administrator.
Return Value
The Description method returns one of the following values:
The ManageAllDomains method grants or revokes privileges to manage all system-level and domain-level Policy Server objects.
Syntax
The ManageAllDomains method has the following format:
Netegrity::PolicyMgtAdmin‑>ManageAllDomains( [allDomFlag] )
Parameters
The ManageAllDomains method accepts the following parameter:
allDomFlag (int)
(Optional) Specifies whether system-level and domain-level privileges are enable (set to a value of 1), or disabled (set to a value of 0).
Return Value
The ManageAllDomains method returns one of the following values:
Remarks
Privileges include:
Note: These objects cannot be managed through the Scripting Interface.
The ManageDomainObjects method grants or revokes privileges to manage domain-level Policy Server objects.
Syntax
The ManageDomainObjects method has the following format:
Netegrity::PolicyMgtAdmin‑>ManageDomainObjects( [domFlag] )
Parameters
The ManageDomainObjects method accepts the following parameter:
domFlag (int)
(Optional) Specifies whether domain object management privileges are granted (set to a value of 1), or revoked (set to a value of 0).
Return Value
The ManageDomainObjects method returns one of the following values:
Remarks
Privileges include:
Note: These objects cannot be managed through the Scripting Interface.
The ManageKeysAndPwdPolicy method grants or revokes administrator privileges to manage keys and password policies.
Syntax
The ManageKeysAndPwdPolicy method has the following format:
Netegrity::PolicyMgtAdmin‑>ManageKeysAndPwdPolicy( [pwdPolFlag] )
Parameters
The ManageKeysAndPwdPolicy method accepts the following parameters:
pwdPolFlag (int)
(Optional) Specifies granting or revoking privileges. Setting this flag to 1 has different meanings for different types of administrators:
Note: You can only create system-level administrators with the Command Line Interface. To create a domain-level administrator, use the Administrative UI.
Setting this flag to 0 revokes these privileges.
Return Value
The ManageKeysAndPwdPolicy method returns one of the following values:
The ManageUsers method grants or revokes privileges to manage users.
Syntax
The ManageUsers method has the following format:
Netegrity::PolicyMgtAdmin‑>ManageUsers( [userFlag] )
Parameters
The ManageUsers method accepts the following parameter:
userFlag (int)
(Optional) Specifies whether to grant (set value to 1) or revoke (set value to 0) user management privileges.
Return Value
The ManageUsers method returns one of the following values:
The Name method sets or retrieves the name of the administrator.
Syntax
The Name method has the following format:
Netegrity::PolicyMgtAdmin‑>Name( [adminName] )
Parameters
The Name method accepts the following parameter:
adminName (string)
(Optional) Specifies the name of the administrator.
Return Value
The Name method returns one of the following values:
The Password method sets or retrieves the administrator password.
Syntax
The Password method has the following format:
Netegrity::PolicyMgtAdmin‑>Password([adminPwd])
Parameters
The Password method accepts the following parameter:
adminPwd (string)
(Optional) Specifies the administrator password.
Return Value
The Password method returns one of the following values:
The UserDirectory method sets or retrieves an external user directory for the administrator.
Syntax
The UserDirectory method has the following format:
Netegrity::PolicyMgtAdmin‑>UserDirectory([userDir])
Parameters
The UserDirectory method accepts the following parameter:
userDir (PolicyMgtUserDir)
(Optional) Specifies the external user directory.
Return Value
The UserDirectory method returns one of the following values:
The following methods act on PolicyMgtAffiliateAttr objects:
The GetAttrType method retrieves the type of the affiliate attribute.
Syntax
The GetAttrType method has the following format:
Netegrity::PolicyMgtAffiliateAttr‑>GetAttrType( )
Parameters
The GetAttrType method accepts no parameters.
Return Value
The GetAttrType method returns one of the following values:
The GetValue method retrieves the value of the affiliate attribute.
Syntax
The GetValue method has the following format:
Netegrity::PolicyMgtAffiliateAttr‑>GetValue( )
Parameters
The GetValue method accepts no parameters.
Return Value
The GetValue method returns one of the following values:
The following methods act on PolicyMgtAffDomain objects:
The AddAdmin method associates an administrator with an affiliate domain.
Syntax
The AddAdmin method has the following format:
Netegrity::PolicyMgtAffDomain‑>AddAdmin(admin)
Parameter
The AddAdmin method accepts the following parameter:
admin (PolicyMgtAdmin)
Specifies the administrator to associate with the affiliate domain.
Return Values
The AddAdmin method returns one of the following values:
0 on success
-1 on failure
The AddUserDir method associates a user directory with an affiliate domain.
Syntax
The method has the following format:
Netegrity::PolicyMgtAffDomain‑>AddUserDir(userDir)
Parameter
The AddUserDir method accepts the following parameter:
userDir (PolicyMgtUserDir)
Specifies the user directory to associate with the affiliate domain.
Return Values
The AddUserDir method returns one of the following values:
0 on success
-1 on failure
The CreateAffiliate method creates and configures an affiliate object within an affiliate domain.
Syntax
The CreateAffiliate method has the following format:
Netegrity::PolicyMgtAffDomain‑>CreateAffiliate( affName, password, authURL, validityDuration, skewTime [, affDesc] [, allowNotification] [, audience] [, enableFlag] [, shareSessioning] [, sessionSyncInterval] [, SAMLVersion] [, SAMLProfile] [,ConsumerURL] )
Parameters
The CreateAffiliate method accepts the following parameters:
affName (string)
Specifies the name of the affiliate object. The name should be unique across all affiliate domains.
password (string)
Specifies the password that affiliates use to access SiteMinder Federation Web Services.
authURL (string)
Specifies the URL used to authenticate affiliate users.
validityDuration (long)
Specifies the number of seconds that a SiteMinder-generated SAML assertion is valid. If an affiliate receives the assertion after the specified time, the assertion is considered invalid.
skewTime (long)
Specifies the difference, in seconds, between the system clock time of the assertion producer site and the system clock time of the affiliate site. The skew time is added to validityDuration. Times are relative to GMT.
affDesc (string)
(Optional) Specifies the description of the affiliate.
allowNotification (int)
(Optional) Specifies whether to allow event notifications. Set to 1 to enable event notifications to be sent from the affiliate to SiteMinder on the assertion producer site. Set to 0 to disable the event notification service. Default is 0 (notifications disabled).
audience (string)
(Optional) Specifies the URI of the document that describes the agreement between the assertion producer and the affiliate. This value is included in the SAML assertion passed to the affiliate and can be used for validation purposes. Also, the affiliate can parse the audience document to obtain relevant information. The audience value must match the Assertion Audience setting in the AffiliateConfig.xml configuration file for the SAML Affiliate Agent.
enableFlag (int)
(Optional) Specifies whether to enable the affiliate object. Set to 1 to enable the affiliate object, or 0 to disable it. Default is 1 (object is enabled).
shareSessioning (int)
(Optional) Specifies whether to share session information. Set to 1 to allow the assertion producer and the affiliate to share session information, or set to 0 to have the producer and affiliate maintain separate sessions. Default is 0 (separate sessions). With shared sessions, the sessions on both sites are terminated when the session on either site ends.
sessionSyncInterval (long)
(Optional) Specifies the frequency, in seconds, at which the affiliate contacts the producer site to validate the status of a shared session.
SAMLVersion (long)
(Optional) Specifies the SAML version. One of the following values:
Specifying a SAML version has effect only if the Policy Manager API's session version is at least v6.0 SP 1.
SAMLProfile (long)
(Optional) Specifies the type of profile used to send and receive SAML assertions. Valid profiles:
AFFILIATE_SAML_PROFILE_ARTIFACT. The SAML assertion is retrieved from a URL associated with the assertion producer. The URL is specified during configuration of the SAML Artifact authentication scheme.
AFFILIATE_SAML_PROFILE_POST. The generated SAML assertion is POSTed to the URL specified in ConsumerURL.
This profile is supported only if the Policy Management API's session version is at least v6.0 SP 2. If an earlier version is involved, the POST profile request is ignored, and an attempt is made to create an affiliate object based on the artifact profile.
ConsumerURL (string)
(Optional) Specifies the URL where the requesting user's browser must POST a generated assertion. The site associated with the URL validates the assertion and uses its contents to make access decisions.
Return Value
The CreateAffiliate method returns one of the following values:
PolicyMgtAffiliate object if successful
undef if unsuccessful
Remarks
An affiliate object represents an affiliate site in a federated business network. Affiliate objects and affiliate domains are available through SiteMinder legacy federation.
The CreateSAMLServiceProvider method creates a SAML 2.0 Service Provider object. A Service Provider object contains information that an Identity Provider needs to produce assertions for the Service Provider. The properties you can set for a SAML 2.0 Service Provider object are listed following.
To modify the properties of an existing Service Provider, call the PolicyMgtSAMLServiceProvider‑>Property method.
Syntax
The CreateSAMLServiceProvider method has the following format:
Netegrity::PolicyMgtAffDomain‑>CreateSAMLServiceProvider(propsHash_ref)
Parameters
The CreateSAMLServiceProvider method accepts the following parameter:
propsHash_ref (hash)
Specifies a reference to a hashtable of metadata properties to define for the SAML 2.0 Service Provider (for example: \%myhash).
Return Values
The CreateSAMLServiceProvider method returns one of the following values:
Remarks
You can define the following properties for a SAML 2.0 Service Provider:
General Properties
Name ID Properties
SSO Properties
SLO Properties
IPD Properties
Attribute Service Properties
Encryption Properties
Advanced Properties
The CreateWSFEDResourcePartner method creates a WS-Federation Resource Partner for the affiliate domain.
Syntax
The CreateWSFEDResourcePartner method has the following format:
Netegrity::PolicyMgtAffDomain‑>CreateWSFEDResourcePartner(propsHash_ref)
Parameters
The CreateWSFEDResourcePartner method accepts the following parameters:
propsHash_ref (hash)
Specifies a reference to a hashtable of metadata properties to define for the
WS-Federation Resource Partner, (for example, C<\%myhash>|"hashref".
Return Value
The CreateWSFEDResourcePartner method returns one of the following values:
Remarks
You can define the following properties for a Resource Partner:
General Properties
NameID Properties
SSO Properties
Signout Properties
Advanced Properties
The DeleteAffiliate method deletes the specified affiliate object from the affiliate domain.
Syntax
The DeleteAffiliate method has the following format:
Netegrity::PolicyMgtAffDomain‑>DeleteAffiliate(aff)
Parameters
The DeleteAffiliate method accepts the following parameters:
aff (PolicyMgtAffiliate)
Specifies the affiliate object to delete.
Return Value
The DeleteAffiliate method returns one of the following values:
The DeleteSAMLServiceProvider method deletes the specified SAML 2.0 Service Provider.
Syntax
The method has the following format:
Netegrity::PolicyMgtAffDomain‑>DeleteSAMLServiceProvider(sp)
Parameters
The DeleteSAMLServiceProvider method accepts the following parameters:
sp (PolicyMgtSAMLServiceProvider)
Specifies the Service Provider to delete.
Return Value
The DeleteSAMLServiceProvider method returns the one of the following values:
The DeleteWSFEDResourcePartner method deletes a resource partner.
Syntax
The DeleteWSFEDResourcePartner method has the following format:
Netegrity::PolicyMgtAffDomain‑>DeleteWSFEDResourcePartner(rp)
Parameters
The DeleteWSFEDResourcePartner method accepts the following parameter:
rp (PolicyMgtWSFEDResourcePartner object)
Specifies the resource partner to delete.
Return Value
The DeleteWSFEDResourcePartner method returns one of the following values:
Specifies that the method is successful.
Specifies that the method is unsuccessful.
The Description method sets or retrieves the description of the affiliate domain.
Syntax
The Description method has the following format:
Netegrity::PolicyMgtAffDomain‑>Description([domainDesc])
Parameters
The Description method accepts the following parameters:
domainDesc (string)
(Optional) Specifies the description to set.
Return Value
The Description method returns one of the following values:
The GetAffiliate method retrieves the specified affiliate object.
Syntax
The GetAffiliate method has the following format:
Netegrity::PolicyMgtAffDomain‑>GetAffiliate(affName)
Parameters
The GetAffiliate method accepts the following parameters:
affName (string)
Specifies the name of the affiliate object to retrieve.
Return Value
The GetAffiliate method returns one of the following objects:
The GetAllAdmins method retrieves all administrators associated with the affiliate domain.
Syntax
The GetAllAdmins method has the following format:
Netegrity::PolicyMgtAffDomain‑>GetAllAdmins( )
Parameters
The GetAllAdmins method accepts no parameters.
Return Value
The GetAllAdmins method returns one or more of the following values:
The GetAllAffiliates method retrieves all affiliate objects associated with the affiliate domain.
Syntax
The GetAllAffiliates method has the following format:
Netegrity::PolicyMgtAffDomain‑>GetAllAffiliates( )
Parameters
The GetAllAffiliates method accepts no parameters.
Return Value
The GetAllAffiliates method returns one of the following values:
The GetAllSAMLServiceProviders method retrieves all the SAML 2.0 Service Providers associated with the affiliate domain.
Syntax
The GetAllSAMLServiceProviders method has the following format:
Netegrity::PolicyMgtAffDomain‑>GetAllSAMLServiceProviders( )
Parameters
The GetAllSAMLServiceProviders method accepts no parameters.
Return Value
The GetAllSAMLServiceProviders method returns one of the following values:
The GetAllWSFEDResourcePartners method retrieves all Resource Partners associated with the domain.
Syntax
The GetAllWSFEDResourcePartners method has the following format:
Netegrity::PolicyMgtAffDomain‑>GetAllWSFEDResourcePartners( )
Parameters
The GetAllWSFEDResourcePartners method accepts no parameters.
Return Value
The GetAllWSFEDResourcePartners method returns one of the following values:
The GetSAMLServiceProvider method retrieves the specified SAML 2.0 Service Provider.
Syntax
The GetSAMLServiceProvider method has the following format:
Netegrity::PolicyMgtAffDomain‑>GetSAMLServiceProvider(spName)
Parameters
The GetSAMLServiceProvider method accepts the following parameter:
spName (string)
Specifies the name of the Service Provider to retrieve.
Return Value
The GetSAMLServiceProvider method returns one of the following values:
The GetSAMLServiceProviderById method retrieves the specified SAML 2.0 Service Provider by its provider ID.
Syntax
The GetSAMLServiceProviderById method has the following format:
Netegrity::PolicyMgtAffDomain‑>GetSAMLServiceProviderById(spID)
Parameters
The GetSAMLServiceProviderById method accepts the following parameter:
spID (string)
Specifies the provider ID of the Service Provider to retrieve.
Return Value
The GetSAMLServiceProviderById method returns one of the following values:
The GetUserDirSearchOrder method retrieves user directory objects associated with the affiliate domain. The order of the returned objects is the same order SiteMinder uses when querying the directories.
Syntax
The GetUserDirSearchOrder method has the following format:
Netegrity::PolicyMgtAffDomain‑>GetUserDirSearchOrder( )
Parameters
The GetUserDirSearchOrder method accepts no parameters.
Return Value
The GetUserDirSearchOrder method returns one of the following values:
The GetWSFEDResourcePartner method retrieves the specified WS-Federation Resource Partner associated with the domain.
Syntax
The GetWSFEDResourcePartner method has the following format:
Netegrity::PolicyMgtAffDomain‑>GetWSFEDResourcePartner(rpName)
Parameters
The GetWSFEDResourcePartner method accepts the following parameters:
rpName (string)
Specifies the name of the Resource Partner to retrieve.
Return Value
The GetWSFEDResourcePartner method returns the following value:
The GetWSFEDResourcePartnerById method retrieves the specified Resource Partner by its Provider ID.
Syntax
The GetWSFEDResourcePartnerById method has the following format:
Netegrity::PolicyMgtAffDomain‑>GetWSFEDResourcePartnerById( rpID )
Parameters
The GetWSFEDResourcePartnerById method accepts the following parameters:
rpID (string)
Specifies the ID of the Resource Partner to retrieve.
Return Value
The GetWSFEDResourcePartnerById method returns the following value:
The Name method sets or retrieves the name of the affiliate domain.
Syntax
The Name method has the following format:
Netegrity::PolicyMgtAffDomain‑>Name( [domainName] )
Parameters
The Name method accepts the following parameter:
domainName (string)
(Optional) Specifies the name to set.
Return Value
The Name method returns one of the following values:
The RemoveAdmin method disassociates the specified administrator from the affiliate domain.
Syntax
The RemoveAdmin method has the following format:
Netegrity::PolicyMgtAffDomain‑>RemoveAdmin( admin )
Parameters
The RemoveAdmin method accepts the following parameter:
admin (PolicyMgtAdmin)
Specifies the administrator to remove from the affiliate domain.
Return Value
The RemoveAdmin method returns one of the following values:
The RemoveUserDir method disassociates the user directory from the affiliate domain.
Syntax
The RemoveUserDir method has the following format:
Netegrity::PolicyMgtAffDomain‑>RemoveUserDir( userDir )
Parameters
The RemoveUserDir method accepts the following parameter:
userDir (PolicyMgtUserDir)
Specifies the user directory to disassociate from the affiliate domain.
Return Value
The RemoveUserDir method returns one of the following values:
The SetUserDirSearchOrder method rearranges the search order of the user directory objects associated with the affiliate domain.
Syntax
The SetUserDirSearchOrder method has the following format:
Netegrity::PolicyMgtAffDomain‑>SetUserDirSearchOrder( dirArray )
Parameters
The SetUserDirSearchOrder method accepts the following parameter:
dirArray (PolicyMgtUserDir)
Specifies a reference to an array of user directory objects (for example: \@myarray).
Return Value
The SetUserDirSearchOrder method returns the following value:
The following methods act on PolicyMgtAffiliate objects:
The AddAttribute method Adds a new affiliate attribute to the affiliate object.
Syntax
The AddAttribute method has the following format:
Netegrity::PolicyMgtAffiliate‑>AddAttribute(attrType, value)
Parameters
The AddAttribute method accepts the following parameters:
attrType (int)
Specifies one of the following affiliate attribute types:
value (int)
Specifies the value for the affiliate attribute. This value specification appears in the Name Value Pair column of the SiteMinder Affiliate Dialog. The format of the value specification depends upon the kind of affiliate attribute you are adding -- Static, User Attribute, or DN Attribute:
Static. A literal attribute value. A static affiliate attribute is useful for passing specific information about the user to an application at the affiliate site -- for example, the user's credit limit at the affiliate site.
VariableName is the name that identifies the attribute in the SAML assertion, and value is the attribute value.
User Attribute. A user profile attribute name from a user's entry in an LDAP, WinNT, or ODBC user directory -- for example, the attribute name for a user's job title or email address.
UserAttrVariableName is the name that identifies the attribute in the SAML assertion, and UserAttrName (enclosed in quotes) is the name of the attribute in the user directory.
userattr= is static text that must be included in the format. The userattr= portion of the name/value pair must be enclosed by percent signs and angle brackets: <% . . . %>.
Example: email_address=<%userattr="email"%>
DN Attribute. The name of an attribute within an LDAP or ODBC directory object that is associated with the user. Groups to which a user belongs and Organizational Units (ou) that are part of a user DN are examples of directory objects whose attributes can be referenced as DN attributes. For example, a DN attribute can reference a company division for a user, based on the user's membership in a division.
DNVariableName is the name that identifies the attribute in the SAML assertion. DNSpec (enclosed in quotes) is the DN of the directory object, and DNAttrName (enclosed in quotes) is the name of the directory object attribute.
dn= and attr= are static text strings that must be included in the format. The dn= and attr= portion of the name/value pair must be enclosed by pound signs and angle brackets: <# . . . #>.
Example: GroupName=<#dn="ou=home,o=security.com" attr="cn"#>
To allow SiteMinder to retrieve DN attributes from a nested group, begin DNSpec with an exclamation mark ( ! ) -- for example:
dn="!ou=home,o=security.com"
Return Value
The AddAttribute method returns the following value:
Remarks
Affiliate attributes are name/value pairs that SiteMinder provides to an affiliate in a SAML assertion. Attributes include user entitlements (such as the user's credit limit at the affiliate site) and information from a user's profile (such as job title or email address).
When an application at the affiliate site extracts affiliate attributes from the assertion, it can make the attributes available to other applications at the site as HTTP header variables or HTTP cookie variables.
Note: The total size of an assertion passed to an affiliate cannot exceed 4K. If you include a large number of attributes in an affiliate object, you may violate this limit. A maximum assertion size of 3K is recommended.
The AddUser method adds a new user to the affiliate object.
Syntax
The AddUser method has the following format:
Netegrity::PolicyMgtAffiliate‑>AddUser( user )
Parameters
The AddUser method accepts the following parameter:
user (PolicyMgtUser)
Specifies the user to add.
Return Value
The AddUser method returns one of the following values:
The AllowNotification method sets or retrieves the event notification property. If event notifications are enabled, the affiliate sends notifications about user activities to SiteMinder on the assertion producer site.
Syntax
The AllowNotification method has the following format:
Netegrity::PolicyMgtAffiliate‑>AllowNotification( [notificationFlag] )
Parameters
The AllowNotification method accepts the following parameter:
notificationFlag (int)
(Optional) Specifies whether to enable event notification: 1 means to enable event notification; 0 means to disable event notifications.
Return Value
The AllowNotification method returns one of the following values:
The AssertionPluginClass method sets or retrieves the fully qualified class name of an assertion generator plug-in.
Syntax
The AssertionPluginClass method has the following format:
Netegrity::PolicyMgtAffiliate‑>AssertionPluginClass( [className] )
Parameters
The AssertionPluginClass method accepts the following parameter:
className (string)
(Optional) Specifies the fully qualified class name of the custom assertion generator plug-in, for example, com.samlproducer.assertionplugin.partner1.
Return Value
The AssertionPluginClass method returns one of the following values:
Remarks
The plug-in is a custom Java class that lets you modify the contents of a default SAML assertion generated by SiteMinder. SAML assertions are available in legacy federation, which is licensed separately.
The assertion generator plug-in functionality requires a Policy Management API session version of at least v6.0 SP 2. You can pass a parameter string into the assertion generator plug-in through the method PolicyMgtAffiliate‑>AssertionPluginParameters.
To create an assertion generator plug-in, implement the AssertionGeneratorPlugin interface in the Java SDK. For information, see the Programming Guide for Java.
The AssertionPluginParameters method sets or retrieves the parameter string to pass to a custom assertion generator plug-in. The syntax of the parameter string is user-defined--that is, the parameter string must conform to whatever conventions that the custom assertion generator requires.
Syntax
The AssertionPluginParameters method has the following format:
Netegrity::PolicyMgtAffiliate‑>AssertionPluginParameters( [parameter] )
Parameters
The AssertionPluginParameters method accepts the following parameter:
parameters (string)
(Optional) Specifies the parameter string to pass to the plug-in.
Return Value
The AssertionPluginParameters method returns one of the following values:
The Audience method sets or retrieves the URI of the document that describes the agreement between the assertion producer site and the affiliate.
This value is included in the SAML assertion passed to the affiliate and can be used for validation purposes. Also, the affiliate can parse the audience document to obtain relevant information. The audience value must match the Assertion Audience setting in the AffiliateConfig.xml configuration file for the SAML Affiliate Agent.
Syntax
The Audience method has the following format:
Netegrity::PolicyMgtAffiliate‑>Audience( [audience] )
Parameters
The Audience method accepts the following parameter:
audience (string)
(Optional) Specifies the audience URI to set.
Return Value
The Audience method returns one of the following values:
The AuthURL method sets or retrieves the URL used to authenticate affiliate users.
Syntax
The AuthURL method has the following format:
Netegrity::PolicyMgtAffiliate‑>AuthURL( [AuthURL] )
Parameters
The AuthURL method accepts the following parameter:
AuthURL (string)
(Optional) Specifies the authentication URL to set.
Return Value
The AuthURL method returns one of the following values:
The ConsumerURL method sets or retrieves the URL where the requesting user's browser must POST a generated assertion.
Syntax
The ConsumerURL method has the following format:
Netegrity::PolicyMgtAffiliate‑>ConsumerURL( [ConsumerURL] )
Parameters
The ConsumerURL method accepts the following parameter:
ConsumerURL (string)
(Optional) Specifies the URL where the generated assertion is to be sent.
Return Value
The ConsumerURL method returns one of the following values:
The CreateIPHostConfigName method Creates an IP configuration object from the specified host name.
Syntax
The CreateIPHostConfigName method has the following format:
Netegrity::PolicyMgtAffiliate‑>CreateIPConfigHostName( hostName )
Parameters
The CreateIPHostConfigName method accepts the following parameter:
hostName (string)
Specifies the host name upon which to base the IP configuration object.
Return Value
The CreateIPHostConfigName method returns one of the following values:
Remarks
Only those users who access the affiliate site from the specified host will be accepted at the affiliate site.
The CreateIPConfigRange method creates an IP configuration object from the specified range of IP addresses.
Syntax
The CreateIPConfigRange method has the following format:
Netegrity::PolicyMgtAffiliate‑>CreateIPConfigRange( ipAddr1, ipAddr2 )
Parameters
The CreateIPConfigRange method accepts the following parameters:
ipAddr1 (string)
Specifies the first IP address in the range of valid IP addresses from which to access the affiliate site.
ipAddr2 (int)
Specifies the last IP address in the range of valid IP addresses from which to access the affiliate site.
Return Value
The CreateIPConfigRange method returns one of the following values:
Remarks
Only those users who access the affiliate site from an IP address within the specified range are accepted at the affiliate site.
The CreateIPConfigSingleHost method creates an IP configuration object from the specified IP address.
Syntax
The CreateIPConfigSingleHost method has the following format:
Netegrity::PolicyMgtAffiliate‑>CreateIPConfigSingleHost( ipAddr )
Parameters
The CreateIPConfigSingleHost method accepts the following parameter:
ipAddr (string)
Specifies the IP address from which to access the affiliate site.
Return Value
The CreateIPConfigSingleHost method returns one of the following values:
Remarks
Only those users who access the affiliate site from the specified IP address are accepted at the affiliate site.
The CreateIPConfigSubnetMask method creates an IP configuration object from the specified IP address and subnet mask.
Syntax
The CreateIPConfigSubnetMask method has the following format:
Netegrity::PolicyMgtAffiliate‑>CreateIPConfigSubnetMask( ipAddr, subnetMask )
Parameters
The CreateIPConfigSubnetMask method accepts the following parameters:
ipAddr (string)
Specifies the IP address used to derive the subnet address.
subnetMask (unsigned long)
Specifies the subnet mask used to derive the subnet address.
Return Value
The CreateIPConfigSubnetMask method returns one of the following values:
Remarks
Only those users who access the affiliate site from the subnet address will be accepted at the affiliate site. The subnet address is derived from the passed IP address and subnet mask.
The DeleteIPConfig method deletes the specified IP configuration object.
Syntax
The DeleteIPConfig method has the following format:
Netegrity::PolicyMgtAffiliate‑>DeleteIPConfig( IPConfig )
Parameters
The DeleteIPConfig method accepts the following parameter:
IPConfig (PolicyMgtIPConfig)
Specifies the IP configuration object to delete.
Return Value
The DeleteIPConfig method returns one of the following values:
The Description method sets or retrieves the description of the affiliate object.
Syntax
The Description method has the following format:
Netegrity::PolicyMgtAffiliate‑>Description( [affDesc] )
Parameters
The Description method accepts the following parameter:
affDesc (string)
(Optional) Specifies the description to set.
Return Value
The Description method returns one of the following values:
The GetAllAttributes method retrieves all existing affiliate attributes for the affiliate object.
Syntax
The GetAllAttributes method has the following format:
Netegrity::PolicyMgtAffiliate‑>GetAllAttributes( )
Parameters
The GetAllAttributes method accepts no parameters.
Return Value
The GetAllAttributes method returns one of the following values:
The GetAllIPConfigs method retrieves all IP configuration objects for the affiliate object.
Syntax
The GetAllIPConfigs method has the following format:
Netegrity::PolicyMgtAffiliate‑>GetAllIPConfigs( )
Parameters
The GetAllIPConfigs method accepts no parameters.
Return Value
The GetAllIPConfigs method returns one of the following values:
The GetAllUsers method retrieves all users associated with the affiliate object. If a user directory is specified, the method returns only those users associated with the affiliate and the particular directory.
Syntax
The GetAllUsers method has the following format:
Netegrity::PolicyMgtAffiliate‑>GetAllUsers( [userDir] )
Parameters
The GetAllUsers method accepts the following parameter:
userDir (PolicyMgtUserDir)
(Optional) Specifies a user directory that the affiliate users must be members of.
Return Value
The GetAllUsers method returns one of the following values:
The IsEnabled method sets or retrieves the enabled flag for the affiliate object.
Syntax
The IsEnabled method has the following format:
Netegrity::PolicyMgtAffiliate‑>IsEnabled( [enableFlag] )
Parameters
The IsEnabled method accepts the following parameter:
enableFlag (int)
(Optional) Specifies whether to enable the affiliate object:
Return Value
The IsEnabled method returns one of the following values:
The Name method sets or retrieves the name of the affiliate object.
Syntax
The Name method has the following format:
Netegrity::PolicyMgtAffiliate‑>Name( [affName] )
Parameters
The Name method accepts the following parameter:
affName (string)
(Optional) Specifies the name to set.
Return Value
The Name method returns one of the following values:
The Password method sets or retrieves the password that affiliates use to access SiteMinder Federation Web Services.
Syntax
The Password method has the following format:
Netegrity::PolicyMgtAffiliate‑>Password( [affPassword] )
Parameters
The Password method accepts the following parameter:
affPassword (string)
(Optional) Specifies the password to set.
Return Value
The Password method returns one of the following values:
The RemoveAttribute method removes the specified affiliate attribute from the affiliate object.
Syntax
The RemoveAttribute method has the following format:
Netegrity::PolicyMgtAffiliate‑>RemoveAttribute( affiliateAttr )
Parameters
The RemoveAttribute method accepts the following parameter:
affiliateAttr (PolicyMgtAffiliateAttr)
Specifies the affiliate attribute to remove.
Return Value
The RemoveAttribute method returns one of the following values:
The RemoveUser method removes the specified user from the affiliate object.
Syntax
The RemoveUser method has the following format:
Netegrity::PolicyMgtAffiliate‑>RemoveUser( user )
Parameters
The RemoveUser method accepts the following parameter:
user (type)
Specifies he user to remove.
Return Value
The RemoveUser method returns one of the following values:
The SAMLProfile method sets or retrieves the type of profile used for sending and receiving SAML assertions.
Syntax
The SAMLProfile method has the following format:
Netegrity::PolicyMgtAffiliate‑>SAMLProfile([SAMLProfile])
Parameters
The SAMLProfile method accepts the following parameters:
SAMLProfile (long)
(Optional) Specifies one of the following valid SAML profile:
Return Value
The SAMLProfile method returns one of the following values:
The SAMLVersion method sets or retrieves the SAML version for the affiliate.
Syntax
The SAMLVersion method has the following format:
Netegrity::PolicyMgtAffiliate‑>SAMLVersion( [SAMLVer] )
Parameters
The SAMLVersion method accepts the following parameter:
SAMLVer (long)
(Optional) Specifies one of the following SAML versions to set:
Return Value
The SAMLVersion method returns one of the following values:
Remarks
Specifying a SAML version has effect only if the Policy Manager API's session version is at least v6.0 SP 1.
The Save method saves the affiliate object to the policy store.
Syntax
The Save method has the following format:
Netegrity::PolicyMgtAffiliate‑>Save( )
Parameters
The Save method accepts no parameters.
Return Value
The Save method returns one of the following values:
Remarks
Call this method once after making all the modifications to the affiliate object that you intend to make. This method must be called for any changes to take effect.
The SessionSyncInterval method sets or retrieves the session synchronization interval property. This property specifies the frequency, in seconds, at which the affiliate contacts the assertion producer site to validate the status of a shared session.
Syntax
The SessionSyncInterval method has the following format:
Netegrity::PolicyMgtAffiliate‑>SessionSyncInterval( [SessionSyncInterval] )
Parameters
The SessionSyncInterval method accepts the following parameter:
SessionSyncInterval (long)
(Optional) Specifies the session synchronization interval to set.
Return Value
The SessionSyncInterval method returns one of the following values:
The SharedSessioning method sets or retrieves the shared session property. With shared sessions, the sessions on both the assertion producer site and the affiliate are terminated when the session on either site ends.
Syntax
The SharedSessioning method has the following format:
Netegrity::PolicyMgtAffiliate‑>ShareSessioning([shareFlag])
Parameters
The SharedSessioning method accepts the following parameter:
shareFlag (int)
(Optional) Specifies the shared session property to set:
Return Value
The SharedSessioning method returns one of the following values:
The SkewTime method sets or retrieves the skew time property. The skew time is the difference, in seconds, between the system clock time of the assertion producer site and the system clock time of the affiliate site. Times are relative to GMT.
Syntax
The SkewTime method has the following format:
Netegrity::PolicyMgtAffiliate‑>SkewTime( [SkewTime] )
Parameters
The SkewTime method accepts the following parameter:
skewTime (long)
(Optional) Specifies the skew time to set.
Return Value
The SkewTime method returns one of the following values:
The ValidityDuration method sets or retrieves the number of seconds that a SiteMinder-generated SAML assertion is valid. If an affiliate receives the assertion after the specified time, the assertion is considered invalid.
Syntax
The ValidityDuration method has the following format:
Netegrity::PolicyMgtAffiliate‑>ValidityDuration( [ValidityDuration] )
Parameters
The ValidityDuration method accepts the following parameter:
validityDuration (long)
(Optional) Specifies the validity duration time to set.
Return Value
The ValidityDuration method returns one of the following values:
The following methods act on PolicyMgtAgent objects:
The ConvertFromLegacy method converts a v4.x agent to a v5.x agent.
Syntax
The ConvertFromLegacy method has the following format:
Netegrity::PolicyMgtAgent‑>ConvertFromLegacy( )
Parameters
The ConvertFromLegacy method accepts no parameters.
Return Value
The ConvertFromLegacy method returns one of the following values:
The ConvertToLegacy method converts a v5.x agent to a v4.x agent.
Syntax
The ConvertToLegacy method has the following format:
Netegrity::PolicyMgtAgent‑>ConvertToLegacy( )
Parameters
The ConvertToLegacy method accepts no parameters.
Return Value
The ConvertToLegacy method returns one of the following values:
The Description method sets or retrieves the agent description.
Syntax
The Description method has the following format:
Netegrity::PolicyMgtAgent‑>Description([agentDesc])
Parameters
The Description method accepts the following parameter:
agentDesc (string)
(Optional) Specifies the description to set.
Return Value
The Description method returns one of the following values:
The IPAddress method sets or retrieves the agent's IP address.
Syntax
The IPAddress method has the following format:
Netegrity::PolicyMgtAgent‑>IPAddress([ipAddress])
Parameters
The IPAddress method accepts the following parameter:
ipAddress (string)
(Optional) Specifies the IP address to set.
Return Value
The IPAddress method returns one of the following values:
The Name method sets or retrieves the name of the agent.
Syntax
The Name method has the following format:
Netegrity::PolicyMgtAgent‑>Name([agentName])
Parameters
The Name method accepts the following parameter:
agentName (string)
(Optional) Specifies the name to assign to the agent.
Return Value
The Name method returns one of the following values:
The RealmHintAttrID method sets or retrieves the hint attribute for a RADIUS agent.
Syntax
The RealmHintAttrID method has the following format:
Netegrity::PolicyMgtAgent‑>RealmHintAttrID([hintID])
Parameters
The RealmHintAttrID method accepts the following parameter:
hintID (int)
(Optional) Specifies the hint attribute ID to set.
Return Value
The RealmHintAttrID method returns one of the following values:
The SharedSecret method sets or retrieves the shared secret for a v4.x agent. This is the same shared secret used in the Web agent configuration.
The SharedSecret method has the following format:
Netegrity::PolicyMgtAgent->SharedSecret([sharedSecret])
The SharedSecret method accepts the following parameter:
sharedSecret (string)
(Optional) Specifies the shared secret to set.
The SharedSecret method returns one of the following values:
The following methods act on PolicyMgtAgentConfig objects:
The AddAssociation method adds a configuration parameter name and value for this agent configuration.
Syntax
The AddAssociation method has the following format:
Netegrity::PolicyMgtAgentConfig‑>AddAssociation(Name, Value, Flags)
Parameters
The AddAssociation method accepts the following parameters:
Name (string)
Specifies the configuration parameter name.
Value (string)
Specifies the configuration parameter value.
Flag (int)
Specifies the encryption flag value:
Return Value
The AddAssociation method returns one of the following values:
The AddAssociationMultiValue method adds a multi-valued configuration parameter for this agent configuration. If the specified configuration parameter exists, the new value is concatenated with the old value.
Note: Do not call this method more than once in a session. Otherwise, the new value overwrites the old value.
Syntax
The AddAssociationMultiValue method has the following format:
Netegrity::PolicyMgtAgentConfig‑>AddAssociationMultiValue(Name, valueArray)
Parameters
The AddAssociationMultiValue method accepts the following parameters:
Name (string)
Specifies the configuration parameter name.
valueArray (string array)
Specifies a reference to an array of values associated with this parameter name (for example: \@myarray).
Return Value
The AddAssociationMultiValue method returns one of the following values:
Remarks
Multi-valued parameters can be stored only as plain text.
The Description method sets or retrieves the description of the agent configuration object.
Syntax
The Description method has the following format:
Netegrity::PolicyMgtAgentConfig‑>Description([Description])
Parameters
The Description method accepts the following parameters:
Description (string)
(Optional) Specifies the description to set.
Return Value
The Description method returns one of the following values:
The GetAssociations method retrieves a list of all the configuration parameters for this agent configuration.
Syntax
The GetAssociations method has the following format:
Netegrity::PolicyMgtAgentConfig‑>GetAssociations( )
Parameters
The GetAssociations method accepts no parameters.
Return Value
The GetAssociations method returns one of the following values:
The Name method sets or retrieves the agent configuration object name.
Syntax
The Name method has the following format:
Netegrity::PolicyMgtAgentConfig‑>Name([Name])
Parameters
The Name method accepts the following parameters:
Name (string)
(Optional) Specifies the name to set.
Return Value
The Name method returns one of the following values:
The RemoveAssociation method removes a configuration parameter name/value pair from the agent configuration object.
Syntax
The RemoveAssociation method has the following format:
Netegrity::PolicyMgtAgentConfig‑>RemoveAssociation(assoc)
Parameters
The RemoveAssociation method accepts the following parameter:
assoc (PolicyMgtAssociation)
Specifies the configuration parameter name/value pair to remove.
Return Value
The RemoveAssociation method returns one of the following values:
An object of this type represents a configuration parameter name-value pair for an agent configuration. The following methods act on PolicyMgtAssociation objects:
The Name method sets or retrieves the name portion of the agent configuration parameter name/value pair.
Syntax
The Name method has the following format:
Netegrity::PolicyMgtAssociation‑>Name([Name])
Parameters
The Name method accepts the following parameters:
Name (string)
(Optional) Specifies the name to set.
Return Value
The Name method returns one of the following values:
The Flags method sets or retrieves the encryption flag attribute for the agent configuration name/value pair.
Syntax
The Flags method has the following format:
Netegrity::PolicyMgtAssociation‑>Flags([Flags])
Parameters
The Flags method accepts the following parameter:
Flags (int)
(Optional) Specifies the flag value to set.
Return Value
The Flags method returns one of the following values:
The Value method sets or retrieves the value portion of the agent configuration parameter name/value pair.
Syntax
The Value method has the following format:
Netegrity::PolicyMgtAssociation‑>Value([Value])
Parameters
The Value method accepts the following parameter:
Value (int)
(Optional) Specifies the value to set.
Return Value
The Value method returns one of the following values:
The following methods act on PolicyMgtAgentType objects:
The GetDescription method retrieves the description of the agent type.
Syntax
The GetDescription method has the following format:
Netegrity::PolicyMgtAgentType‑>GetDescription( )
Parameters
The GetDescription method accepts no parameters.
Return Value
The GetDescription method returns one of the following values:
The GetName method retrieves the name of the agent type, for example, Web Agent.
Syntax
The GetName method has the following format:
Netegrity::PolicyMgtAgentType‑>GetName( )
Parameters
The GetName method accepts no parameters.
Return Value
The GetName method returns one of the following values:
The following methods act on PolicyMgtAuthAzMap objects:
The AuthDir method sets or retrieves the authentication directory of the authentication and authorization map.
Syntax
The AuthDir method has the following format:
Netegrity::PolicyMgtAuthAzMap‑>AuthDir([userDir])
Parameters
The AuthDir method accepts the following parameter:
userDir (PolicyMgtUserDir)
(Optional) Specifies the authentication directory to set.
Return Value
The AuthDir method returns one of the following values:
The AzDir method sets or retrieves the authorization directory of the authentication and authorization map.
Syntax
The AzDir method has the following format:
Netegrity::PolicyMgtAuthAzMap‑>AzDir([userDir])
Parameters
The AzDir method accepts the following parameter:
userDir (PolicyMgtUserDir)
(Optional) Specifies the authorization directory to set.
Return Value
The AzDir method returns one of the following values:
The MapType method sets or retrieves the type of authentication and authorization map.
Syntax
The MapType method has the following format:
Netegrity::PolicyMgtAuthAzMap‑>MapType([mapType])
Parameters
The MapType method accepts the following parameter:
mapType (int)
(Optional) Specifies the map type. The following values are valid:
AUTHAZMAPTYPE_DN (Value=1). Mapping is based on a DN.
AUTHAZMAPTYPE_UNIVERSALID (Value=2). Mapping is based on a universal identifier.
AUTHAZMAPTYPE_ATTR (Value=3). Mapping is based on an attribute in the directory.
Return Value
The MapType method returns one of the following values:
The following methods act on PolicyMgtAuthScheme objects.:
The AddMessageConsumerPluginToSAML1xScheme method adds a message consumer plug-in class name and parameter to a SAML1x authentication scheme.
Syntax
The AddMessageConsumerPluginToSAML1xScheme method has the following format:
Netegrity::PolicyMgtAuthScheme‑>AddMessageConsumerPluginToSAML1xScheme(pluginClass, pluginParam)
Parameters
The AddMessageConsumerPluginToSAML1xScheme method accepts the following parameters:
pluginClass (string)
Specifies the message consumer plug-in class name.
pluginParam (string)
Specifies the message consumer plug-in parameter name.
Return Value
The AddMessageConsumerPluginToSAML1xScheme method returns one of the following values:
The AddRedirectURLToSAML1xScheme method adds a redirect URL, type, and mode to a SAML1x authentication scheme.
Syntax
The AddRedirectURLToSAML1xScheme method has the following format:
Netegrity::PolicyMgtAuthScheme‑>AddRedirectURLToSAML1xScheme(iTypeURL, URL, redirectMode)
Parameters
The AddRedirectURLToSAML1xScheme method accepts the following parameters:
iTypeURL (int)
Specifies the redirect URL type, which is one of the following values:
0—User Note Found
1— Invalid Message
2—Unaccepted credential
URL (string)
Specifies the redirect URL site.
redirectMode (int)
Specifies the redirect mode, which can be either of the following values:
Return Value
The AddRedirectURLToSAML1xScheme method returns one of the following values:
The AddTargetConfigToSAML1xScheme method sets the default Target and QueryParameterOverridesTarget configuration to a SAML1x authentication scheme.
Syntax
The AddTargetConfigToSAML1xScheme method has the following format:
Netegrity::PolicyMgtAuthScheme‑>AddTargetConfigToSAML1xScheme(pszTargetURL, iQPOverrideTarget)
Parameters
The AddTargetConfigToSAML1xScheme method accepts the following parameters:
pszTargetURL (string)
Specifies the default Target URL.
iQPOverrideTarget (int)
Specifies whether the query parameter overrides the default Target configuration.
Return Value
The AddTargetConfigToSAML1xScheme method returns one of the following values:
The CustomLib method sets or retrieves the name of the shared library that implements the authentication scheme.
Syntax
The CustomLib method has the following format:
Netegrity::PolicyMgtAuthScheme‑>CustomLib([libName])
Parameters
The CustomLib method accepts the following parameter:
libName (string)
(Optional) Specifies the shared library name.
Return Value
The CustomLib method returns one of the following values:
Remarks
Each pre-defined authentication scheme type is shipped with a default library, but you can use a custom library. If you use a custom authentication scheme, you must specify a custom library.
The CustomParam method sets or retrieves information that is passed to the authentication scheme. You can accept the default parameter for the authentication scheme, or you can specify a new one.
Syntax
The CustomParam method has the following format:
Netegrity::PolicyMgtAuthScheme‑>CustomParam([param])
Parameters
The CustomParam method accepts the following parameter:
param (string)
(Optional) Specifies the parameter information to pass.
Return Value
The CustomParam method returns one of the following values:
The CustomSecret method sets or retrieves the shared secret for the custom authentication scheme.
Syntax
The CustomSecret method has the following format:
Netegrity::PolicyMgtAuthScheme‑>CustomSecret([param])
Parameters
The CustomSecret method accepts the following parameter:
param (string)
(Optional) Specifies the shared secret.
Return Value
The CustomSecret method returns one of the following values:
The Description method sets or retrieves the description of the authentication scheme.
Syntax
The Description method has the following format:
Netegrity::PolicyMgtAuthScheme‑>Description([schemeDesc])
Parameters
The Description method accepts the following parameter:
schemeDesc (string)
(Optional) Specifies the description.
Return Value
The Description method returns one of the following values:
The GetMessageConsumerPluginFromSAML1xScheme method retrieves the message consumer plug-in class name and parameter from a SAML1x authentication scheme.
Syntax
The GetMessageConsumerPluginFromSAML1xScheme method has the following format:
Netegrity::PolicyMgtAuthScheme‑>GetMessageConsumerPluginFromSAML1xScheme(pluginClass, pluginParam)
Parameters
The GetMessageConsumerPluginFromSAML1xScheme method accepts the following parameters:
pluginClass (string)
Specifies the message consumer plug-in class name.
pluginParam (string)
Specifies the message consumer plug-in parameter name.
Return Value
The GetMessageConsumerPluginFromSAML1xScheme method returns one of the following values:
The GetRedirectURLFromSAML1xScheme method retrieves a redirect URL, type, and mode from a SAML1x authentication scheme.
Syntax
The GetRedirectURLFromSAML1xScheme method has the following format:
Netegrity::PolicyMgtAuthScheme‑>GetRedirectURLFromSAML1xScheme(iTypeURL, URL, redirectMode)
Parameters
The GetRedirectURLFromSAML1xScheme method accepts the following parameters:
iTypeURL (int)
Specifies the redirect URL type, which is one of the following values:
0—User Note Found
1— Invalid Message
2—Unaccepted credential
URL (string)
Specifies the redirect URL site.
redirectMode (int)
Specifies the redirect mode, which can be either of the following values:
Return Value
The GetRedirectURLFromSAML1xScheme method returns one of the following values:
The GetTargetConfigFromSAML1xScheme method retrieves the default Target and QueryParameterOverridesTarget configuration from a SAML1x authentication scheme.
Syntax
The GetTargetConfigFromSAML1xScheme method has the following format:
Netegrity::PolicyMgtAuthScheme‑>GetTargetConfigFromSAML1xScheme(pszTargetURL, iQPOverrideTarget)
Parameters
The GetTargetConfigFromSAML1xScheme method accepts the following parameters:
pszTargetURL (string)
Specifies the default Target URL.
iQPOverrideTarget (int)
Specifies whether the query parameter overrides the default Target configuration.
Return Value
The GetTargetConfigFromSAML1xScheme method returns one of the following values:
The IgnorePwd method sets or retrieves the flag that specifies whether password policies should be checked for the authentication scheme.
Syntax
The IgnorePwd method has the following format:
Netegrity::PolicyMgtAuthScheme‑>IgnorePwd([pwdFlag])
Parameters
The IgnorePwd method accepts the following parameter:
pwdFlag (int)
(Optional) Specifies whether to ignore password policies (set to 1), or enforce them (set to 0).
Return Value
The IgnorePwd method returns one of the following values:
The IsRadius method sets or retrieves the flag that specifies whether the authentication scheme supports RADIUS agents.
Syntax
The IsRadius method has the following format:
Netegrity::PolicyMgtAuthScheme‑>IsRadius([radFlag])
Parameters
The IsRadius method accepts the following parameter:
radFlag (int)
(Optional) Specifies whether the authentication scheme supports RADIUS agents (1=yes; 0=no).
Return Value
The IsRadius method returns one of the following values:
The IsTemplate method retrieves the flag value that indicates whether the authentication scheme is a template.
Syntax
The IsTemplate method has the following format:
Netegrity::PolicyMgtAuthScheme‑>IsTemplate( )
Parameters
The IsTemplate method accepts no parameters.
Return Value
The IsTemplate method returns one of the following values:
Remarks
Setting an authentication scheme as a template with the Perl Policy Management API is deprecated in SiteMinder v6.0 SP3.
The IsUsedByAdmin method determines whether the scheme should be used to authenticate administrators.
Syntax
The IsUsedByAdmin method has the following format:
Netegrity::PolicyMgtAuthScheme‑>IsUsedByAdmin([useAdminFlag])
Parameters
The IsUsedByAdmin method accepts the following parameter:
useAdminFlag (int)
(Optional) Specifies whether the scheme should be used to authenticate administrators:
Return Value
The IsUsedByAdmin method returns one of the following values:
The Name method sets or retrieves the name of the authentication scheme.
Syntax
The Name method has the following format:
Netegrity::PolicyMgtAuthScheme‑>Name([authSchemeName])
Parameters
The Name method accepts the following parameter:
authSchemeName (string)
(Optional) Specifies the name to assign to the authentication scheme.
Return Value
The Name method returns one of the following values:
The ProtectionLevel method sets or retrieves the protection level of the authentication scheme.
Syntax
The ProtectionLevel method has the following format:
codefirstNetegrity::PolicyMgtAuthScheme‑>ProtectionLevel([nlevel])
Parameters
The ProtectionLevel method accepts the following parameter:
nlevel (int)
(Optional) Specifies the protection level to set.
Return Value
The ProtectionLevel method returns one of the following values:
Remarks
The level can vary from 1 to 1000. The higher the number, the more secure is the scheme. With Anonymous authentication schemes, set this value to 0.
The Save method saves the authentication scheme to the policy store.
Syntax
The Save method has the following format:
Netegrity::PolicyMgtAuthScheme‑>Save( )
Parameters
The Save method accepts no parameters.
Return Value
The Save method returns one of the following values:
Remarks
Call this method once after making all the modifications to the authentication scheme that you intend to make. This method must be called for any changes to take effect.
The SaveCredentials method sets or retrieves the flag that allows user credentials to be saved.
Syntax
The SaveCredentials method has the following format:
Netegrity::PolicyMgtAuthScheme‑>SaveCredentials([credFlag])
Parameters
The SaveCredentials method accepts the following parameter:
credFlag (int)
(Optional) Specifies the flag value:
Return Value
The SaveCredentials method returns one of the following values:
The Type method sets or retrieves the authentication scheme type.
Syntax
The Type method has the following format:
Netegrity::PolicyMgtAuthScheme‑>Type([template])
Parameters
The Type method accepts the following parameter:
template (PolicyMgtAuthScheme)
(Optional) Specifies the authentication scheme type.
Return Value
The Type method returns one of the following values:
The following methods act on PolicyMgtCertMap objects:
The AttrMap method sets or retrieves the attribute map for Certificate mapping.
Syntax
The AttrMap method has the following format:
Netegrity::PolicyMgtCertMap‑>AttrMap ([attribute_map])
Parameters
The AttrMap method accepts the following parameter:
attribute_map (string)
(Optional) Specifies the attribute map to be set.
Return Value
The AttrMap method returns one of the following values:
The CacheCRL method sets or retrieves the flag that determines whether to cache Certificate Revocation List (CRL) entries. Setting this flag causes SiteMinder to use cached CRL information until the date specified in the NextUpdate field in the CRL.
Syntax
The CacheCRL method has the following format:
Netegrity::PolicyMgtCertMap‑>CacheCRL([cacheFlag])
Parameters
The CacheCRL method accepts the following parameter:
cacheFlag (int)
(Optional) Specifies whether to cache CRL entries:
Return Value
The CacheCRL method returns one of the following values:
The CertRequired method sets or retrieves the flag that requires SiteMinder to verify that the certificate presented by the user matches the certificate stored in the user's entry in the user directory. The user directory must be an LDAP user directory.
Syntax
The CertRequired method has the following format:
Netegrity::PolicyMgtCertMap‑>CertRequired([certFlag])
Parameters
The CertRequired method accepts the following parameter:
certFlag (int)
(Optional) Specifies whether certificate verification is required:
Return Value
The CertRequired method returns one of the following values:
The CRLUserDirectory method specifies or retrieves the LDAP user directory where the Certificate Revocation List (CRL) is located.
Syntax
The CRLUserDirectory method has the following format:
Netegrity::PolicyMgtCertMap‑>CRLUserDirectory([crlDir])
Parameters
The CRLUserDirectory method accepts the following parameter:
crlDir (PolicyMgtUserDir)
(Optional) Specifies the user directory where the CRL is located.
Return Value
The CRLUserDirectory method returns one of the following values:
The Description method sets or retrieves the description of the certificate map.
Syntax
The Description method has the following format:
Netegrity::PolicyMgtCertMap‑>Description([certMapDesc])
Parameters
The Description method accepts the following parameter:
certMapDesc (string)
(Optional) Specifies the description to set.
Return Value
The Description method returns one of the following values:
The DirectoryType method sets or retrieves the type of user directory involved in the user authentication.
Syntax
The DirectoryType method has the following format:
Netegrity::PolicyMgtCertMap‑>DirectoryType([dirType])
Parameters
The DirectoryType method accepts the following parameter:
dirType (int)
(Optional) Specifies one of the following types of user directory:
Return Value
The DirectoryType method returns one of the following values:
The EnableCRL method sets or retrieves the flag that determines whether to check the Certificate Revocation List (CRL) for revoked certificates.
Syntax
The EnableCRL method has the following format:
Netegrity::PolicyMgtCertMap‑>EnableCRL([ckCRLFlag])
Parameters
The EnableCRL method accepts the following parameter:
ckCRLFlag (int)
(Optional) Specifies whether to check certificates against the CRL:
Return Value
The EnableCRL method returns one of the following values:
Remarks
A CRL is a list of revoked X.509 client certificates published by the Certificate Authority. Comparing a certificate against a CRL is one way to ensure that certificates are valid. When a user with such a certificate tries to access a protected resource, SiteMinder finds the user's certificate in the CRL and rejects the authentication.
Before you enable CRL checking, call the method PolicyMgtCertMap‑>CRLUserDirectory to specify the user directory where the CRL is located.
The IssuerDN method sets or retrieves the DN of the certificate issuer.
Syntax
The IssuerDN method has the following format:
Netegrity::PolicyMgtCertMap‑>IssuerDN([issuerDN])
Parameters
The IssuerDN method accepts the following parameter:
issuerDN (string)
(Optional) Specifies the issuer DN to set.
Return Value
The IssuerDN method returns one of the following values:
The UseDistributionPoints method sets or retrieves the flag indicating whether Certificate Revocation List (CRL) searches should use a distribution point as a starting point for a search.
Syntax
The UseDistributionPoints method has the following format:
Netegrity::PolicyMgtCertMap‑>UseDistributionPoints([distPointsFlag])
Parameters
The UseDistributionPoints method accepts the following parameters:
distPointsFlag (int)
(Optional) Specifies whether to use distribution points for CRL searches:
Return Value
The UseDistributionPoints method returns one of the following values:
Remarks
Large CRLs may contain multiple distribution points that can be used to locate a revoked user. Distribution points indicate a starting point in the CRL LDAP directory. By providing a starting point for a CRL check, distribution points save the processing time that it would take to search the entire CRL.
The VerifySignature method sets or retrieves the flag indicating whether SiteMinder should verify the Certificate Authority's signature in the Certificate Revocation List (CRL).
Syntax
The VerifySignature method has the following format:
Netegrity::PolicyMgtCertMap‑>VerifySignature([verifyFlag])
Parameters
The VerifySignature method accepts the following parameter:
verifyFlag (int)
(Optional) Specifies whether to verify the CA's signature in the CRL:
Return Value
The VerifySignature method returns one of the following values:
The following methods act on PolicyMgtCluster objects:
The AddServer method adds a server to the cluster.
Syntax
The AddServer method has the following format:
Netegrity::PolicyMgtCluster‑>AddServer(Host, Port)
Parameters
The AddServer method accepts the following parameters:
Host (string)
Specifies the host IP address.
Port (int)
Specifies the server port.
Return Value
The AddServer method returns one of the following values:
Remarks
The servers in a cluster are referenced in an array. When you add a server to a cluster, it is added to the end of the server array.
Due to dynamic load balancing, in which requests are sent to the highest-capacity available server in the cluster, the order in which servers are added to the cluster does not matter.
To add a non-clustered server to a host configuration, call the PolicyMgtHostConfig‑>AddServer method.
The GetAllServers method retrieves an array of all the servers in the cluster.
Syntax
The GetAllServers method has the following format:
Netegrity::PolicyMgtCluster‑>GetAllServers( )
Parameters
The GetAllServers method accepts no parameters.
Return Value
The GetAllServers method returns one of the following values:
Remarks
To retrieve the servers that are not members of clusters, call the PolicyMgtHostConfig‑>GetAllServers method.
The following methods act on PolicyMgtDomain objects:
The AddAdmin method adds an administrator to the domain.
Syntax
The AddAdmin method has the following format:
Netegrity::PolicyMgtDomain‑>AddAdmin(admin)
Parameters
The AddAdmin method accepts the following parameter:
admin (type)
Specifies the administrator to add to the domain.
Return Value
The AddAdmin method returns one of the following values:
Remarks
Administrators can create, edit, and delete SiteMinder objects within the domain.
You cannot use the Policy Management API to create an administrator for a particular domain. However, if you use the Administrative UI to create an administrator for a domain, you can add that administrator to another domain by calling the PolicyMgtAffDomain‑>AddAdmin method.
The AddUserDir method associates a user directory with the domain.
Syntax
The AddUserDir method has the following format:
Netegrity::PolicyMgtDomain‑>AddUserDir(userDir)
Parameters
The AddUserDir method accepts the following parameter:
userDir (PolicyMgtUserDir)
Specifies the user directory to associate with the domain.
Return Value
The AddUserDir method returns one of the following values:
Remarks
During user authentication, the user's supplied credentials are checked against the credentials stored in this user directory.
The directory object is appended to the end of the search order. To change the search order, call the PolicyMgtAffDomain‑>SetUserDirSearchOrder method.
The CreatePolicy method creates and configures a policy in the domain.
Syntax
The CreatePolicy method has the following format:
Netegrity::PolicyMgtDomain‑>CreatePolicy(policyName [, policyDesc] [, enableFlag] [, activeExpr])
Parameters
The CreatePolicy method accepts the following parameters:
policyName (string)
Specifies the name of the policy.
policyDesc (string)
(Optional) Specifies the description of the policy.
enableFlag (int)
(Optional) Specifies whether to enable (1) or disable (0) the policy. Default is enabled.
activeExpr (string)
(Optional) Specifies the active expression of the policy.
Return Value
The CreatePolicy method returns one of the following values:
The CreateRealm method creates and configures a top-level realm in the domain.
Syntax
The CreateRealm method has the following format:
Netegrity::PolicyMgtDomain‑>CreateRealm(realmName, agent, authScheme [, realmDesc] [, resFilter] [, procAuthEvents] [, procAzEvents] [, protectAll] [, maxTimeout] [, idleTimeout] [, syncAudit] [, azUserDir] [, regScheme])
Parameters
The CreateRealm method accepts the following parameters:
realmName (string)
Specifies the name of the realm.
agent (PolicyMgtAgent)
Specifies the agent or agent group that protects the realm.
authScheme (PolicyMgtAuthScheme)
Specifies the authentication scheme to associate with the realm.
realmDesc (string)
(Optional) Specifies the realm description.
resFilter (string)
(Optional) Specifies the resource filter for the realm.
procAuthEvents (int)
(Optional) Specifies whether to process authentication events -- 1 to enable or 0 to disable. Default is enabled. Authentication event processing affects performance. If no rules in the realm are to be triggered by authentication events, set this flag to 0.
procAzEvents (int)
(Optional) Specifies whether to process authorization events -- 1 to enable or 0 to disable. Default is enabled. Authorization event processing affects performance. If no rules in the realm are to be triggered by authorization events, set this flag to 0.
protectAll (int)
(Optional) Specifies whether to activate default resource protection -- 1 to enable or 0 to disable. Default is enabled.
maxTimeout (int)
(Optional) Specifies the maximum time, in seconds, a user can access the realm before re-authentication is required. Default is 7200 (2 hours).
idleTimeout (int)
(Optional) Specifies the maximum time, in seconds, a user can remain inactive in the realm before re-authentication is required. Default is 3600 (1 hour).
syncAudit (int)
(Optional) Specifies lag for enabling synchronous auditing -- 1 to enable or 0 to disable. When this flag is enabled, SiteMinder logs Policy Server and agent actions before it allows access to resources. Default is disabled.
azUserDir (PolicyMgtUserDir)
(Optional) Specifies The directory where users in the realm will be authorized. Default is the default directory.
regScheme (type)
(Optional) Specifies the registration scheme used to register new users accessing resources in the realm.
Return Value
The CreateRealm method returns one of the following values:
Remarks
This method creates a realm that is configured for non-persistent sessions. To configure the realm for SiteMinder 5.0 persistent sessions, edit the realm in the Administrative UI.
Note: The Policy Management API only manipulates realms that are direct descendants of the object whose method has been called, as follows:
The CreateResponse method creates a response.
Syntax
The CreateResponse method has the following format:
Netegrity::PolicyMgtDomain‑>CreateResponse(resName, agentType [, resDesc])
Parameters
The CreateResponse method accepts the following parameters:
resName (string)
Specifies the name of the response.
agentType (PolicyMgtAgentType)
Specifies the agent type associated with the response. Call the PolicyMgtSession‑>GetAgentType method to get the agent type object.
resDesc (string)
(Optional) Specifies the description of the response.
Return Value
The CreateResponse method returns one of the following values:
Remarks
The agent returns responses based on certain events. For example, if an unauthorized user attempts to access a protected Web page, a response can redirect the user to an HTML page that displays an appropriate message.
The CreateResponseGroup method creates a response group for the domain.
Syntax
The CreateResponseGroup method has the following format:
Netegrity::PolicyMgtDomain‑>CreateResponseGroup(groupName, agentType, [, groupDesc])
Parameters
The CreateResponseGroup method accepts the following parameters:
groupName (string)
Specifies the name of the group.
agentType (PolicyMgtAgentType)
Specifies the agent type associated with this response group. Call the PolicyMgtSession‑>GetAgentType method to get the agent type object.
groupDesc (string)
(Optional) Specifies the description of the group.
Return Value
The CreateResponseGroup method returns one of the following values:
The CreateRuleGroup method creates a rule group for the domain.
Syntax
The CreateRuleGroup method has the following format:
Netegrity::PolicyMgtDomain‑>CreateRuleGroup(groupName, agentType [, groupDesc])
Parameters
The CreateRuleGroup method accepts the following parameters:
groupName (string)
Specifies the name of the group.
agentType (PolicyMgtAgentType)
Specifies the agent type associated with this rule group. Call the PolicyMgtSession‑>GetAgentType method to get the agent type object.
groupDesc (string)
(Optional) Specifies the description of the group.
Return Value
The CreateRuleGroup method returns one of the following values:
The DeleteGroup method deletes the specified group in the domain.
Syntax
The DeleteGroup method has the following format:
Netegrity::PolicyManagementDomain‑>DeleteGroup(group)
Parameters
The DeleteGroup method accepts the following parameter:
group (PolicyMgrGroup)
Specifies the group to delete.
Return Value
The DeleteGroup method returns one of the following values:
The DeletePolicy method deletes a policy.
Syntax
The DeletePolicy method has the following format:
Netegrity::PolicyMgtDomain‑>DeletePolicy(policy)
Parameters
The DeletePolicy method accepts the following parameter:
policy (PolicyMgtPolicy)
Specifies the policy to delete.
Return Value
The DeletePolicy method returns one of the following values:
The DeleteRealm method deletes a top-level realm in the domain.
Syntax
The DeleteRealm method has the following format:
Netegrity::PolicyMgtDomain‑>DeleteRealm(realm)
Parameters
The DeleteRealm method accepts the following parameter:
realm (PolicyMgtRealm)
Specifies the realm to delete.
Return Value
The DeleteRealm method returns one of the following values:
The DeleteResponse method deletes a response.
Syntax
The DeleteResponse method has the following format:
Netegrity::PolicyMgtDomain‑>DeleteResponse(response)
Parameters
The DeleteResponse method accepts the following parameter:
response (PolicyMgtResponse)
Specifies the response to delete.
Return Value
The DeleteResponse method returns one of the following values:
The Description method sets or retrieves the description of the domain.
Syntax
The Description method has the following format:
Netegrity::PolicyMgtDomain‑>Description([domainDesc])
Parameters
The Description method accepts the following parameter:
domainDesc (string)
(Optional) Specifies the description to set.
Return Value
The Description method returns one of the following values:
The GetAllPolicies method retrieves all policies associated the domain.
Syntax
The GetAllPolicies method has the following format:
Netegrity::PolicyMgtDomain‑>GetAllPolicies( )
Parameters
The GetAllPolicies method accepts no parameters.
Return Value
The GetAllPolicies method returns one of the following values
The GetAllRealms method Retrieves all top-level realms in the domain.
Syntax
The GetAllRealms method has the following format:
Netegrity::PolicyMgtDomain‑>GetAllRealms( )
Parameters
The GetAllRealms method accepts no parameters.
Return Value
The GetAllRealms method returns one of the following values
Remarks
To retrieve all top-level realms under a realm, call the PolicyMgtRealm‑>GetAllChildRealms method.
The GetAllResponseGroups method retrieves all of the response groups associated with the domain.
Syntax
The GetAllResponseGroups method has the following format:
Netegrity::PolicyMgtDomain‑>GetAllResponseGroups( )
Parameters
The GetAllResponseGroups method accepts no parameters.
Return Value
The GetAllResponseGroups method returns one of the following values
The GetAllResponses method retrieves all responses associated with the domain.
Syntax
The GetAllResponses method has the following format:
Netegrity::PolicyMgtDomain‑>GetAllResponses()
Parameters
The GetAllResponses method accepts no parameters.
Return Value
The GetAllResponses method returns one of the following values
The GetAllRuleGroups method retrieves all rule groups associated with the domain.
Syntax
The GetAllRuleGroups method has the following format:
Netegrity::PolicyMgtDomain‑>GetAllRuleGroups( )
Parameters
The GetAllRuleGroups method accepts no parameters.
Return Value
The GetAllRuleGroups method returns one of the following values:
The GetPolicy method retrieves a policy in the domain.
Syntax
The GetPolicy method has the following format:
Netegrity::PolicyMgtDomain‑>GetPolicy(policyName)
Parameters
The GetPolicy method accepts the following parameter:
policyName (string)
Specifies the policy to retrieve.
Return Value
The GetPolicy method returns one of the following values
The GetRealm method retrieves a top-level realm in the domain.
Syntax
The GetRealm method has the following format:
Netegrity::PolicyMgtDomain‑>GetRealm(realmName)
Parameters
The GetRealm method accepts the following parameter:
realmName (string)
Specifies the realm to retrieve.
Return Value
The GetRealm method returns one of the following values:
The GetResponse method retrieves a response associated with the domain.
Syntax
The GetResponse method has the following format:
Netegrity::PolicyMgtDomain‑>GetResponse(resName)
Parameters
The GetResponse method accepts the following parameter:
resName (string)
Specifies the response to retrieve.
Return Value
The GetResponse method returns one of the following values:
The GetResponseGroup method retrieves the specified response group.
Syntax
The GetResponseGroup method has the following format:
Netegrity::PolicyMgtDomain‑>GetResponseGroup(groupName)
Parameters
The GetResponseGroup method accepts the following parameter:
groupName (string)
Specifies the name of the response group to retrieve.
Return Value
The GetResponseGroup method returns one of the following values:
The GetRuleGroup method retrieves the specified rule group.
Syntax
The GetRuleGroup method has the following format:
Netegrity::PolicyMgtDomain‑>GetRuleGroup(groupName)
Parameters
The GetRuleGroup method accepts the following parameter:
groupName (string)
Specifies the name of the group to retrieve.
Return Value
The GetRuleGroup method returns one of the following values:
The GetUserDirSearchOrder method retrieves user directory objects associated with the domain.
Syntax
The GetUserDirSearchOrder method has the following format:
Netegrity::PolicyMgtDomain‑>GetUserDirSearchOrder( )
Parameters
The GetUserDirSearchOrder method accepts no parameters:
Return Value
The GetUserDirSearchOrder method returns one of the following values:
Remarks
The order of the returned objects is the same order that SiteMinder uses when querying the directories. To change the search order, call the PolicyMgtAffDomain‑>SetUserDirSearchOrder method.
The GlobalPoliciesApply method sets or retrieves the flag indicating whether the domain is enabled for global policies. If the domain is enabled for global policies, both global and domain-specific policies can apply to the domain.
Syntax
The GlobalPoliciesApply method has the following format:
Netegrity::PolicyMgtDomain‑>GlobalPoliciesApply([globalFlag])
Parameters
The GlobalPoliciesApply method accepts the following parameter:
globalFlag (int)
(Optional) Specifies whether to enable the domain for global polices:
Return Value
The GlobalPoliciesApply method returns one of the following values:
The Name method sets or retrieves the domain name.
Syntax
The Name method has the following format:
Netegrity::PolicyMgtDomain‑>Name([domainName])
Parameters
The Name method accepts the following parameter:
domainName (string)
(Optional) Specifies the name to assign to the domain.
Return Value
The Name method returns one of the following values:
The RemoveAdmin method disassociates an administrator from the domain.
Syntax
The RemoveAdmin method has the following format:
Netegrity::PolicyMgtDomain‑>RemoveAdmin(admin)
Parameters
The RemoveAdmin method accepts the following parameter:
admin (PolicyMgtAdmin)
Specifies the administrator to remove from the domain.
Return Value
The RemoveAdmin method returns one of the following values:
Remarks
See also the PolicyMgtSession‑>DeleteAdmin method to delete an administrator from the policy store.
You cannot use the Policy Management API to create an administrator for a particular domain. However, if an administrator is associated with a domain either through the Administrative UI or the PolicyMgtAffDomain‑>AddAdmin method, you can remove that administrator from the domain by calling the RemoveAdmin method.
The RemoveUserDir method disassociates the user directory from the domain.
Syntax
The RemoveUserDir method has the following format:
Netegrity::PolicyMgtDomain‑>RemoveUserDir(userDir)
Parameters
The RemoveUserDir method accepts the following parameter:
userDir (PolicyMgtUserDir)
Specifies the user directory to disassociate from the domain.
Return Value
The RemoveUserDir method returns one of the following values:
The SetUserDirSearchOrder method rearranges the search order of the user directory objects associated with the domain.
Syntax
The SetUserDirSearchOrder method has the following format:
Netegrity::PolicyMgtDomain‑>SetUserDirSearchOrder(dirArray)
Parameters
The SetUserDirSearchOrder method accepts the following parameter:
dirArray ()
Specifies a reference to an array of user directory objects (for example: \@myarray).
Return Value
The SetUserDirSearchOrder method returns one of the following values:
The following methods act on PolicyMgtGroup objects. This object can contain either PolicyMgtAgent objects, PolicyMgtResponse objects, PolicyMgtRule objects, or nested PolicyMgtGroup objects.
The Add method adds an agent, response, rule, or nested group object to the group.
Syntax
The Add method has the following format:
Netegrity::PolicyMgtGroup‑>Add(newMember)
Parameters
The Add method accepts the following parameter:
newMember (objectType)
Specifies the member to add to the group. objectType can be any one of the following:
Return Value
The Add method returns one of the following values:
The Contains method determines whether the group contains the specified agent, response, rule, or nested group object.
Syntax
The Contains method has the following format:
Netegrity::PolicyMgtGroup‑>Contains(object)
Parameters
The Contains method accepts the following parameter:
object (objectType)
Specifies the object to check. objectType can be any one of the following:
Return Value
The Contains method returns one of the following values:
The Description method sets or retrieves the description of the group object.
Syntax
The Description method has the following format:
Netegrity::PolicyMgtGroup‑>Description([Description])
Parameters
The Description method accepts the following parameter:
Description (string)
(Optional) Specifies the description to set.
Return Value
The Description method returns one of the following values:
The GetAgent method retrieves the specified agent object from the group.
Syntax
The GetAgent method has the following format:
Netegrity::PolicyMgtGroup‑>GetAgent(agentName)
Parameters
The GetAgent method accepts the following parameter:
agentName (string)
Specifies the name of the agent to retrieve.
Return Value
The GetAgent method returns one of the following values:
The GetAgentGroup method retrieves an agent group object nested within the group.
Syntax
The GetAgentGroup method has the following format:
Netegrity::PolicyMgtGroup‑>GetAgentGroup(groupName)
Parameters
The GetAgentGroup method accepts the following parameter:
groupName (string)
Specifies the name of the agent group to retrieve.
Return Value
The GetAgentGroup method returns one of the following values:
The GetAgentType method retrieves the type of the agent objects contained in the group (for example, Web Agent).
Syntax
The GetAgentType method has the following format:
Netegrity::PolicyMgtGroup‑>GetAgentType( )
Parameters
The GetAgentType method accepts no parameters:
Return Value
The GetAgentType method returns one of the following values:
The GetAllAgentGroups method retrieves all the agent group objects nested within the group.
Syntax
The GetAllAgentGroups method has the following format:
Netegrity::PolicyMgtGroup‑>GetAllAgentGroups( )
Parameters
The GetAllAgentGroups method accepts no parameters.
Return Value
The GetAllAgentGroups method returns one of the following values:
The GetAllAgents method retrieves all the agent objects in the group.
Syntax
The GetAllAgents method has the following format:
Netegrity::PolicyMgtGroup‑>GetAllAgents( )
Parameters
The GetAllAgents method accepts no parameters.
Return Value
The GetAllAgents method returns one of the following values:
The GetAllResponseGroups method retrieves all the response group objects nested within the group.
Syntax
The GetAllResponseGroups method has the following format:
Netegrity::PolicyMgtGroup‑>GetAllResponseGroups( )
Parameters
The GetAllResponseGroups method accepts no parameters.
Return Value
The GetAllResponseGroups method returns one of the following values:
The GetAllResponses method retrieves all the response objects in the group.
Syntax
The GetAllResponses method has the following format:
Netegrity::PolicyMgtGroup‑>GetAllResponses( )
Parameters
The GetAllResponses method accepts no parameters.
Return Value
The GetAllResponses method returns one of the following values:
The GetAllRuleGroups method retrieves all the rule group objects nested within the group.
Syntax
The GetAllRuleGroups method has the following format:
Netegrity::PolicyMgtGroup‑>GetAllRuleGroups( )
Parameters
The GetAllRuleGroups method accepts no parameters.
Return Value
The GetAllRuleGroups method returns one of the following values:
The GetAllRules method retrieves all the rule objects in the group.
Syntax
The GetAllRules method has the following format:
Netegrity::PolicyMgtGroup‑>GetAllRules( )
Parameters
The GetAllRules method accepts no parameters.
Return Value
The GetAllRules method returns one of the following values:
The GetResponse method retrieves the specified response object from the group.
Syntax
The GetResponse method has the following format:
Netegrity::PolicyMgtGroup‑>GetResponse(responseName)
Parameters
The GetResponse method accepts the following parameter:
responseName (type)
Specifies the name of the response to retrieve.
Return Value
The GetResponse method returns one of the following values:
The GetResponseGroup method retrieves a response group object nested within the group.
Syntax
The GetResponseGroup method has the following format:
Netegrity::PolicyMgtGroup‑>GetResponseGroup(groupName)
Parameters
The GetResponseGroup method accepts the following parameter:
groupName (string)
Specifies the name of the response group to retrieve.
Return Value
The GetResponseGroup method returns one of the following values:
The GetRule method retrieves the specified rule object from the group.
Syntax
The GetRule method has the following format:
Netegrity::PolicyMgtGroup‑>GetRule(ruleName)
Parameters
The GetRule method accepts the following parameter:
ruleName (string)
Specifies the name of the rule to retrieve.
Return Value
The GetRule method returns one of the following values:
The GetRuleGroup method retrieves a rule group object nested within the group.
Syntax
The GetRuleGroup method has the following format:
Netegrity::PolicyMgtGroup‑>GetRuleGroup(groupName)
Parameters
The GetRuleGroup method accepts the following parameter:
groupName (string)
Specifies the name of the rule group to retrieve.
Return Value
The GetRuleGroup method returns one of the following values:
The Name method sets or retrieves the name of the group object.
Syntax
The Name method has the following format:
Netegrity::PolicyMgtGroup‑>Name([Name])
Parameters
The Name method accepts the following parameter:
Name (string)
(Optional) Specifies the name to set.
Return Value
The Name method returns one of the following values:
The Remove method removes the specified group member from the group.
Syntax
The Remove method has the following format:
Netegrity::PolicyMgtGroup‑>Remove(member)
Parameters
The Remove method accepts the following parameters:
member (objectType)
Specifies the group member to remove, which can be any of the following object types:
Return Value
The Remove method returns one of the following values:
The following methods act on PolicyMgtHostConfig objects:
The AddCluster method adds an empty cluster to the host configuration. Call the AddServer method to populate the cluster with servers.
Syntax
The AddCluster method has the following format:
Netegrity::PolicyMgtHostConfig‑>AddCluster( )
Parameters
The AddCluster method accepts no parameters.
Return Value
The AddCluster method returns one of the following values:
Remarks
The clusters in a host configuration are referenced in a cluster array. When you add a cluster, the cluster is added to the end of the cluster array. The order in which you add clusters to a host configuration object determines the failover sequence. The first cluster you add (that is, the first cluster in the cluster array) is the primary cluster. This is the first cluster in the failover sequence that SiteMinder sends requests to. If there are not enough available servers in the primary cluster (that is, if the number of available servers in the cluster falls below the failover threshold), failover to the next cluster occurs (the second cluster that was added to the host configuration object). If that cluster also fails, failover to the third cluster added to the host configuration object occurs, and so on.
The AddServer method adds a non-clustered server to the host configuration.
Syntax
The AddServer method has the following format:
Netegrity::PolicyMgtHostConfig‑>AddServer(Host [, AcctPort] [, AuthPort] [, AzPort])
Parameters
The AddServer method accepts the following parameters:
Host (string)
Specifies the IP address of the Policy Server.
AcctPort (string)
(Optional) Specifies the IP port for the accounting server.
AuthPort (string)
(Optional) Specifies the IP port for the authentication server.
AzPort (string)
(Optional) Specifies the IP port for the authorization server.
Return Value
The AddServer method returns one of the following values:
Remarks
The single-process Policy Server introduced in SiteMinder v6.0 combines the previously separate Authentication, Authorization, and Accounting processes into one combined process whose requests go through one TCP port. As a result, the arguments AcctPort, AuthPort, and AzPort all reference the same port number. The three arguments are maintained for backward compatibility.
To add a server to a cluster, call the PolicyMgtCluster‑>AddServer method.
The Description method sets or retrieves the description of the host configuration object.
Syntax
The Description method has the following format:
Netegrity::PolicyMgtHostConfig‑>Description([Description])
Parameters
The method accepts the following parameter:
Description (string)
(Optional) Specifies the description to set.
Return Value
The Description method returns one of the following values:
The EnableFailover method Sets or retrieves the enable failover flag. This flag determines whether an agent and the Policy Server should communicate through failover or round-robin.
Syntax
The EnableFailover method has the following format:
Netegrity::PolicyMgtHostConfig‑>EnableFailover([EnableFailover])
Parameters
The EnableFailover method accepts the following parameter:
EnableFailover (int)
(Optional) Specifies the value of the flag to set.
Return Value
The EnableFailover method returns one of the following values:
The FailoverThreshold method sets or retrieves the failover threshold percentage for the clusters in the host configuration.
Syntax
The FailoverThreshold method has the following format:
Netegrity::PolicyMgtHostConfig‑>FailoverThreshold([FailoverThreshold])
Parameters
The FailoverThreshold method accepts the following parameter:
FailoverThreshold (int)
(Optional) Specifies the failover threshold percentage to set.
Return Value
The FailoverThreshold method returns one of the following values:
Remarks
The threshold percentage represents the minimum number of servers in a cluster that must be available for requests. If the number of available servers falls below the threshold, failover to the next cluster occurs. To determine the number of servers represented by the percentage, multiply the threshold percentage by the number of servers in a cluster, rounding up to the next highest integer. For example:
The GetAllClusters method retrieves an array of Policy Management Cluster objects.
Syntax
The GetAllClusters method has the following format:
Netegrity::PolicyMgtHostConfig‑>GetAllClusters()
Parameters
The GetAllClusters method accepts no parameters.
Return Value
The GetAllClusters method returns one of the following values:
The GetAllServers method retrieves an array of non-clustered server objects for the host configuration.
Syntax
The GetAllServers method has the following format:
Netegrity::PolicyMgtHostConfig‑>GetAllServers( )
Parameters
The GetAllServers method accepts no parameters.
Return Value
The GetAllServers method returns one of the following values:
Remarks
To retrieve the servers that are members of clusters, call the PolicyMgtCluster‑>GetAllServers method.
The MaxSocketsPerPort method sets or retrieves the maximum number of TCP/IP sockets that can be opened between an agent and the Policy Server.
Syntax
The MaxSocketsPerPort method has the following format:
Netegrity::PolicyMgtHostConfig‑>MaxSocketsPerPort([MaxSocketsPerPort])
Parameters
The MaxSocketsPerPort method accepts the following parameter:
MaxSocketsPerPort (int)
(Optional) Specifies the new maximum number of sockets per port.
Return Value
The MaxSocketsPerPort method returns one of the following values:
The MinSocketsPerPort method sets or retrieves the minimum number of TCP/IP sockets that should be opened between an agent and the Policy Server.
Syntax
The MinSocketsPerPort method has the following format:
Netegrity::PolicyMgtHostConfig‑>MinSocketsPerPort([MinSocketsPerPort])
Parameters
The MinSocketsPerPort method accepts the following parameter:
MinSocketsPerPort (int)
(Optional) Specifies the new minimum socket value.
Return Value
The MinSocketsPerPort method returns one of the following values:
The Name method sets or retrieves the name of the host configuration object.
Syntax
The Name method has the following format:
Netegrity::PolicyMgtHostConfig‑>Name([Name])
Parameters
The Name method accepts the following parameter:
Name (string)
(Optional) Specifies the name to set.
Return Value
The Name method returns one of the following values:
The NewSocketStep method sets or retrieves the new socket step value for the host configuration. This value is an incremental number of TCP/IP sockets that should be opened between an agent and the Policy Server when demand increases.
Syntax
The NewSocketStep method has the following format:
Netegrity::PolicyMgtHostConfig‑>NewSocketStep([NewSocketStep])
Parameters
The NewSocketStep method accepts the following parameter:
NewSocketStep (int)
(Optional) Specifies the new sockets step value to set.
Return Value
The NewSocketStep method returns one of the following values:
The RemoveAllClusters method removes all cluster objects associated with this host configuration.
Syntax
The RemoveAllClusters method has the following format:
Netegrity::PolicyMgtHostConfig‑>RemoveAllClusters()
Parameters
The RemoveAllClusters method accepts no parameters.
Return Value
The RemoveAllClusters method returns one of the following values:
The RemoveAllServers method removes all non-clustered PolicyMgtServer objects from the host configuration.
Syntax
The RemoveAllServers method has the following format:
Netegrity::PolicyMgtHostConfig‑>RemoveAllServers()
Parameters
The RemoveAllServers method accepts no parameters.
Return Value
The RemoveAllServers method returns one of the following values:
The RequestTimeout method sets or retrieves the request timeout value, in seconds. This value represents the length of time that an agent will wait for a response from the Policy Server.
Syntax
The RequestTimeout method has the following format:
Netegrity::PolicyMgtHostConfig‑>RequestTimeout([RequestTimeout])
Parameters
The RequestTimeout method accepts the following parameter:
RequestTimeout (int)
(Optional) Specifies the new timeout value to set.
Return Value
The RequestTimeout method returns one of the following values:
The following methods act on PolicyMgtAPI objects:
The CreateSession method creates a Policy Server session. A session is required before Policy Server objects can be manipulated. All necessary initializations and logging are performed at this stage.
Syntax
The CreateSession method has the following format:
Netegrity::PolicyMgtAPI‑>CreateSession(username, userpwd[, clientIP])
Parameters
The CreateSession method accepts the following parameters:
username (string)
Specifies the administrator's login ID.
userpwd (string)
Specifies the administrator's password.
clientIP (string)
(Optional) Specifies the IP address of the local machine.
The CreateSession method returns one of the following values:
The DisableAudit method sets a flag to enable or disable auditing.
Syntax
The DisableAudit method has the following format:
Netegrity::PolicyMgtAPI‑>DisableAudit([auditFlag])
Parameters
The DisableAudit method accepts the following parameter:
auditFlag (int)
(Optional) Specifies the value to set the flag:
Return Value
The DisableAudit method returns one of the following values:
Remarks
Reads or sets the enabled state for the following operations:
The default state is enabled. The enabled state reverts to the default at the start of each new session.
Attempting to set the enabled state has no effect after the PolicyMgtAPI‑>CreateSession method is called.
The DisbleCacheUpdates method is deprecated in SiteMinder v6.0. Caches affected by this method are automatically enabled.
The DisableManagementWatchdog method reads or sets the enabled state of the SiteMinder Management Watchdog.
Note: The watchdog is used internally and should not be disabled.
Syntax
The DisableManagementWatchdog method has the following format:
Netegrity::PolicyMgtAPI‑>DisableManagementWatchDog([watchDogFlag])
Parameters
The DisableManagementWatchdog method accepts the following parameter:
watchDogFlag (int)
(Optional) Specifies the value of the flag to set:
Return Value
The DisableManagementWatchdog method returns one of the following values:
Remarks
The default state is enabled. The enabled state reverts to the default at the start of each new session.
Attempting to set the enabled state has no effect after PolicyMgtAPI‑>CreateSession is called.
The DisableValidation method reads or sets the enabled state regarding validation of Policy Server objects.
Syntax
The DisableValidation method has the following format:
Netegrity::PolicyMgtAPI‑>DisableValidation([validationFlag])
Parameters
The DisableValidation method accepts the following parameter:
validationFlag (int)
(Optional) Specifies the value to set the flag::
Return Value
The DisableValidation method returns one of the following values:
Remarks
The default state is enabled. The enabled state reverts to the default at the start of each new session.
Attempting to set the enabled state has no effect after the PolicyMgtAPI‑>CreateSession method is called.
The EnableCache method is deprecated in SiteMinder v6.0. Beginning with this release, caches affected by this method are automatically enabled.
The LoadAgentTypeDirectory method reads or sets the enabled state for the loading of the agent type dictionary by the Policy Server.
Syntax
The LoadAgentTypeDirectory method has the following format:
Netegrity::PolicyMgtAPI‑>LoadAgentTypeDictionary([loadFlag])
Parameters
The LoadAgentTypeDirectory method accepts the following parameter:
loadFlag (int)
(Optional) Specifies the value to set the flag:
0 to disable loading the agent type dictionary
1 to enable loading the agent type dictionary
Return Value
The LoadAgentTypeDirectory method returns one of the following values:
Remarks
The default state is disabled. The enabled state reverts to the default at the start of each new session.
Attempting to set the enabled state has no effect after the PolicyMgtAPI‑>CreateSession method is called.
The New method is the constructor for the Policy Management API. This method must be called before the Policy Management API can be used.
Syntax
The New method has the following format:
Netegrity::PolicyMgtAPI‑>New( )
Parameters
The New method accepts no parameters.
Return Value
The New method returns one of the following values:
The PreLoadCache method reads or sets the enabled state for preloading of caches by the Policy Server.
Syntax
The PreLoadCache method has the following format:
Netegrity::PolicyMgtAPI‑>PreLoadCache([cacheFlag])
Parameters
The PreLoadCache method accepts the following parameter:
cacheFlag (int)
(Optional) Specifies the value to set the flag:
Return Value
The PreLoadCache method returns one of the following values:
Remarks
The default state is disabled. The enabled state reverts to the default at the start of each new session.
Attempting to set the enabled state has no effect after the PolicyMgtAPI‑>CreateSession method is called.
Note: By disabling this flag, you can reduce the time it takes for Policy Management scripts to make policy store changes.
The PrintDebugTrace method enables or disables the printing of debug (trace) information to the console.
Syntax
The PrintDebugTrace method has the following format:
Netegrity::PolicyMgtAPI‑>PrintDebugTrace([debugFlag])
Parameters
The PrintDebugTrace method accepts the following parameter:
debugFlag (int)
(Optional) Specifies the value to set the flag:
Return Value
The PrintDebugTrace method returns one of the following values:
The following methods act on PolicyMgtIPConfig objects. These methods manage IP address restrictions (that is, IP addresses where requests must originate).
The GetEndIPAddress method retrieves the ending IP address for an IP address range.
Syntax
The GetEndIPAddress method has the following format:
Netegrity::PolicyMgtIPConfig‑>GetEndIPAddress( )
Parameters
The GetEndIPAddress method accepts no parameters.
Return Value
The GetEndIPAddress method returns one of the following values:
Remarks
See the method PolicyMgtAffiliate‑>CreateIPConfigRange for more information.
The GetHostName method retrieves the host name associated with a host name IP address restriction.
Syntax
The GetHostName method has the following format:
Netegrity::PolicyMgtIPConfig‑>GetHostName()
Parameters
The GetHostName method accepts no parameters.
Return Value
The GetHostName method returns one of the following values:
Remarks
See the method PolicyMgtAffiliate‑>CreateIPConfigHostName for more information.
The GetIPAddress method retrieves an IP address for an IP address restriction, as follows:
To determine the type of IP address restriction, call the GetType method.
Syntax
The GetIPAddress method has the following format:
Netegrity::PolicyMgtIPConfig‑>GetIPAddress()
Parameters
The GetIPAddress method accepts no parameters.
Return Value
The GetIPAddress method returns one of the following values:
The GetSubnetMask method retrieves the subnet mask for a subnet address derived from a specified subnet mask and IP address.
Syntax
The GetSubnetMask method has the following format:
Netegrity::PolicyMgtIPConfig‑>GetSubnetMask( )
Parameters
The GetSubnetMask method accepts no parameters.
Return Value
The GetSubnetMask method returns one of the following values:
Remarks
See the description of the PolicyMgtPolicy‑>CreateIPConfigSubnetMask method for more information.
The GetType method retrieves the type of the IP address restriction. An IP address restriction specifies where a request must originate before it can be honored.
Syntax
The GetType method has the following format:
Netegrity::PolicyMgtIPConfig‑>GetType()
Parameters
The GetType method accepts no parameters.
Return Value
The GetType method returns one of the following values:
The following methods act on PolicyMgtODBCQueryScheme objects:
The Description method sets or retrieves the description of the ODBC query scheme.
Syntax
The Description method has the following format:
Netegrity::PolicyMgtODBCQueryScheme‑>Description([schemeDesc])
Parameters
The Description method accepts the following parameter:
schemeDesc (string)
(Optional) Specifies the description of the ODBC query scheme.
Return Value
The Description method returns one of the following values:
The Name method sets or retrieves the ODBC query scheme name.
Syntax
The Name method has the following format:
Netegrity::PolicyMgtODBCQueryScheme‑>Name([schemeName])
Parameters
The Name method accepts the following parameter:
schemeName (string)
Specifies the ODBC query scheme name.
Return Value
The Name method returns one of the following values:
The QueryAuthenticateUser method sets or retrieves a query that fetches a user's password.
Syntax
The QueryAuthenticateUser method has the following format:
Netegrity::PolicyMgtODBCQueryScheme‑>QueryAuthenticateUser([queryAuthUser])
Parameters
The QueryAuthenticateUser method accepts the following parameter:
queryAuthUser (string)
(Optional) Specifies the query that fetches a user's password.
Return Value
The QueryAuthenticateUser method returns one of the following values:
Remarks
Sample query (based on the SiteMinder sample database schema SmSampleUsers). The %s expression is a placeholder for the user's name parameter to be supplied by SiteMinder when the query is executed:
select Name from SmUser where Name = '%s' and Password = '%s'
If you are configuring a query scheme for an Oracle database and you are using Oracle's encrypted password feature, replace the entire query string with the word connect. Using the word connect for this query indicates to SiteMinder that a user's name and password should be evaluated by the Oracle encrypted password feature.
The QueryEnumerate method sets or retrieves a query that lists the names of user objects in the directory.
Syntax
The QueryEnumerate method has the following format:
Netegrity::PolicyMgtODBCQueryScheme‑>QueryEnumerate([queryEnumerate])
Parameters
The QueryEnumerate method accepts the following parameter:
queryEnumerate (string)
(Optional) Specifies the query that lists the names of user objects in the directory.
Return Value
The QueryEnumerate method returns one of the following values:
Remarks
Sample query (based on the SiteMinder sample database schema SmSampleUsers):
select Name, 'Group' as Class from SmGroup order by Class
The QueryGetGroupProp method sets or retrieves a query that fetches the value of a group property. The property must be one of the properties specified through the QueryGetGroupProps method.
Syntax
The QueryGetGroupProp method has the following format:
Netegrity::PolicyMgtODBCQueryScheme‑>QueryGetGroupProp([queryGetGroupProp])
Parameters
The QueryGetGroupProp method accepts the following parameter:
queryGetGroupProp (string)
(Optional) Specifies the query that fetches the group property.
Return Value
The QueryGetGroupProp method returns one of the following values:
Remarks
Sample query (based on the SiteMinder sample database schema SmSampleUsers). The %s expressions are placeholders for property name and group name parameters to be supplied by SiteMinder when the query is executed:
select %s from SmGroup where Name = '%s'
The QueryGetGroupProps method sets or retrieves a comma-separated list of group properties. These attributes are used to search the contents of a group, or to bind policies to group attributes. The attributes are expected to reside in the same table as the group name.
Syntax
The QueryGetGroupProps method has the following format:
Netegrity::PolicyMgtODBCQueryScheme‑>QueryGetGroupProps([queryGetGroupProps])
Parameters
The QueryGetGroupProps method accepts the following parameters:
queryGetGroupProps (string)
(Optional) Specifies the comma-separated list of group properties.
Return Value
The QueryGetGroupProps method returns one of the following values:
Remarks
Sample list:
Name, GroupId
The QueryGetGroups method sets or retrieves a query that fetches the names of the groups that the user is a member of.
Syntax
The QueryGetGroups method has the following format:
Netegrity::PolicyMgtODBCQueryScheme‑>QueryGetGroups([queryGetGroups])
Parameters
The QueryGetGroups method accepts the following parameters:
queryGetGroups (string)
(Optional) Specifies the query that fetches the names of the user's groups.
Return Value
The QueryGetGroups method returns one of the following values:
Remarks
Sample query (based on the SiteMinder sample database schema SmSampleUsers). The %s expression is a placeholder for a user name parameter to be supplied by SiteMinder when the query is executed:
select SmGroup.Name from SmGroup, SmUser, SmUserGroup where SmUser.Name = '%s' and SmUser.UserId = SmUserGroup.UserId and SmGroup.GroupId = SmUserGroup.GroupId
The QueryGetObjInfo method sets or retrieves a query that fetches the class of the object.
Syntax
The QueryGetObjInfo method has the following format:
Netegrity::PolicyMgtODBCQueryScheme‑>QueryGetObjInfo([queryGetObjInfo])
Parameters
The QueryGetObjInfo method accepts the following parameter:
queryGetObjInfo (string)
(Optional) Specifies the query that fetches the class of the object.
Return Value
The QueryGetObjInfo method returns one of the following values:
Remarks
Sample query (based on the SiteMinder sample database schema SmSampleUsers). The %s expression is a placeholder for a user or group object name to be supplied by SiteMinder when the query is executed:
select Name, 'User' from SmUser where Name = '%s' Union select Name, 'Group' from SmGroup where Name = '%s'
The QueryGetUserProp method sets or retrieves a query that fetches the value of a user property. The property must be one of the properties specified through the PolicyMgtODBCQueryScheme‑>QueryGetUserProps method.
Syntax
The QueryGetUserProp method has the following format:
Netegrity::PolicyMgtODBCQueryScheme‑>QueryGetUserProp([queryGetUserProp])
Parameters
The QueryGetUserProp method accepts the following parameter:
queryGetUserProp (string)
(Optional) Specifies the query that fetches the user property.
Return Value
The QueryGetUserProp method returns one of the following values:
Remarks
Sample query (based on the SiteMinder sample database schema SmSampleUsers). The %s expressions are placeholders for property name and user name parameters to be supplied by SiteMinder when the query is executed:
select %s from SmUser where Name = '%s'
The QueryGetUserProps method sets or retrieves a comma-separated list of user properties. The properties reside in the same table as the user name.
Syntax
The QueryGetUserProps method has the following format:
Netegrity::PolicyMgtODBCQueryScheme‑>QueryGetUserProps([queryGetUserProps])
Parameters
The QueryGetUserProps method accepts the following parameter:
queryGetUserProps (string)
(Optional) Specifies the comma-separated list of user properties.
Return Value
The QueryGetUserProps method returns one of the following values:
Remarks
Sample list:
Name, UserId, FirstName, LastName, TelephoneNumber, EmailAddress, PIN, Mileage, Disabled
The QueryInitUser method sets or retrieves a query that determines whether a particular user exists in the database.
Syntax
The QueryInitUser method has the following format:
Netegrity::PolicyMgtODBCQueryScheme‑>QueryInitUser([queryGetInitUser])
Parameters
The QueryInitUser method accepts the following parameter:
queryGetInitUser (string)
(Optional) Specifies the query that determines whether the user exists in the database.
Return Value
The QueryInitUser method returns one of the following values:
Remarks
Sample query (based on the SiteMinder sample database schema SmSampleUsers). The %s expression is a placeholder for the user name parameter to be supplied by SiteMinder when the query is executed:
select Name from SmUser where Name = '%s'
The QueryIsGroupMember method sets or retrieves a query that lists the group membership for a particular user.
Syntax
The QueryIsGroupMember method has the following format:
Netegrity::PolicyMgtODBCQueryScheme‑>QueryIsGroupMember([queryIsGroupMember])
Parameters
The QueryIsGroupMember method accepts the following parameters:
queryIsGroupMember (string)
(Optional) Specifies the query that determines a user's group membership.
Return Value
The QueryIsGroupMember method returns one of the following values:
Remarks
Sample query (based on the SiteMinder sample database schema SmSampleUsers). The %s expressions are placeholders for user name and group name parameters to be supplied by SiteMinder when the query is executed:
select Id from SmUserGroup where UserId = (select UserId from SmUser where Name = '%s') and GroupId = (select GroupId from SmGroup where Name = '%s')
The QueryLookup method sets or retrieves a query that fetches objects based on a property specified in a group table.
Syntax
The QueryLookup method has the following format:
Netegrity::PolicyMgtODBCQueryScheme‑>QueryLookup([queryLookup])
Parameters
The QueryLookup method accepts the following parameter:
queryLookup (string)
(Optional) Specifies the query that fetches the objects.
Return Value
The QueryLookup method returns one of the following values:
Remarks
Sample query (based on the SiteMinder sample database schema SmSampleUsers). The %s expression is a placeholder for a parameter to be supplied by SiteMinder when the query is executed:
select Name, 'User' as Class from SmUser where Name %s Union select Name, 'Group' as Class from SmGroup where Name %s order by Class
The QueryLookupGroup method sets or retrieves a query that fetches a group name based on a property specified in a group table.
Syntax
The QueryLookupGroup method has the following format:
Netegrity::PolicyMgtODBCQueryScheme‑>QueryLookupGroup([queryLookupGrp])
Parameters
The QueryLookupGroup method accepts the following parameter:
queryLookupGrp (string)
(Optional) Specifies the query that fetches the group name.
Return Value
The QueryLookupGroup method returns one of the following values:
Remarks
Sample query (based on the SiteMinder sample database schema SmSampleUsers). The %s expression is a placeholder for a parameter to be supplied by SiteMinder when the query is executed:
select Name, 'Group' as Class from SmGroup where %s
The QueryLookupUser method sets or retrieves a query that fetches a user name based on a property specified in the user table.
Syntax
The QueryLookupUser method has the following format:
Netegrity::PolicyMgtODBCQueryScheme‑>QueryLookupUser([queryLookupUsr])
Parameters
The QueryLookupUser method accepts the following parameter:
queryLookupUsr (string)
(Optional) Specifies the query that fetches the user name.
Return Value
The QueryLookupUser method returns one of the following values:
Remarks
Sample query (based on the SiteMinder sample database schema SmSampleUsers). The %s expression is a placeholder for a parameter to be supplied by SiteMinder when the query is executed:
select Name, 'User' as Class from SmUser where %s
The QuerySetGroupProp method sets or retrieves a query that sets the value of a group property. The property must be one of the properties specified through the QueryGetGroupProps method.
Syntax
The QuerySetGroupProp method has the following format:
Netegrity::PolicyMgtODBCQueryScheme‑>QuerySetGroupProp([querySetGroupProp])
Parameters
The QuerySetGroupProp method accepts the following parameter:
querySetGroupProp (string)
(Optional) Specifies the query that sets the property value for the group.
Return Value
The QuerySetGroupProp method returns one of the following values:
Remarks
Sample query (based on the SiteMinder sample database schema SmSampleUsers). The %s expressions are placeholders for property name, property value, and group name parameters to be supplied by SiteMinder when the query is executed:
update SmGroup set %s = %s where Name = '%s'
The QuerySetPassword method sets or retrieves a query that changes a user password.
Syntax
The QuerySetPassword method has the following format:
Netegrity::PolicyMgtODBCQueryScheme‑>QuerySetPassword([querySetPassword])
Parameters
The QuerySetPassword method accepts the following parameter:
querySetPassword (string)
(Optional) Specifies the query that changes a user password.
Return Value
The QuerySetPassword method returns one of the following values:
Remarks
Sample query (based on the SiteMinder sample database schema SmSampleUsers). The %s expressions are placeholders for user password and user name parameters to be supplied by SiteMinder when the query is executed:
update SmUser set Password = '%s' where Name = '%s'
The QuerySetUserProp method sets or retrieves a query that sets the value of a user property. The property must be one of the properties specified through the PolicyMgtODBCQueryScheme‑>QueryGetUserProps method.
Syntax
The QuerySetUserProp method has the following format:
Netegrity::PolicyMgtODBCQueryScheme‑>QuerySetUserProp([querySetUserProp])
Parameters
The QuerySetUserProp method accepts the following parameters:
querySetUserProp (string)
(Optional) Specifies the query that sets the property value for the group.
Return Value
The QuerySetUserProp method returns one of the following values:
Remarks
Sample query (based on the SiteMinder sample database schema SmSampleUsers). The %s expressions are placeholders for property name, property value, and user name parameters to be supplied by SiteMinder when the query is executed:
update SmUser set %s = %s where Name = '%s'
The following methods act on PolicyMgtPwdPolicy objects:
The AllowNestedGroups method allows the password policy to be configured for nested groups. This method applies only to LDAP directories.
Syntax
The AllowNestedGroups method has the following format:
Netegrity::PolicyMgtPwdPolicy‑>AllowNestedGroups([groupFlag])
Parameters
The AllowNestedGroups method accepts the following parameter:
groupFlag (int)
(Optional) Specifies whether to allow nested groups:
Return Value
The AllowNestedGroups method returns one of the following values:
The ApplyLowerPriorityPolicies method sets or retrieves the flag that determines whether password policies with lower priority should be evaluated after the current password policy is evaluated.
Syntax
The ApplyLowerPriorityPolicies method has the following format:
Netegrity::PolicyMgtPwdPolicy‑>ApplyLowerPriorityPolicies([lowerPriorityFlag])
Parameters
The ApplyLowerPriorityPolicies method accepts the following parameters:
lowerPriorityFlag (int)
(Optional) Specifies whether to enable evaluation of lower-priority password policies:
Return Value
The ApplyLowerPriorityPolicies method returns one of the following values:
The AuthLoginTrackFailure method sets or retrieves the flag for allowing a user to log in if login tracking data fails to be written to the user directory. Login tracking data includes login attempts and successful logins.
Syntax
The AuthLoginTrackFailure method has the following format:
Netegrity::PolicyMgtPwdPolicy‑>AuthLoginTrackFailure([trackingFlag])
Parameters
The AuthLoginTrackFailure method accepts the following parameter:
trackingFlag (int)
(Optional) Specifies whether to allow the user to login when login tracking fails:
Return Value
The AuthLoginTrackFailure method returns one of the following values:
Remarks
If you enable this flag, users are allowed to log in even if login tracking data cannot be written to the user directory. If you disable this flag, users are not allowed to log in if login tracking data cannot be written to the user directory.
The BadLoginDisablementPeriod method sets or retrieves the number of minutes before a user account is disabled after too many failed login attempts.
Syntax
The BadLoginDisablementPeriod method has the following format:
Netegrity::PolicyMgtPwdPolicy‑>BadLoginDisablementPeriod([disablementPeriod])
Parameters
The BadLoginDisablementPeriod method accepts the following parameters:
disablementPeriod (int)
(Optional) Specifies the number of minutes to allow before the user account is disabled.
Return Value
The BadLoginDisablementPeriod method returns one of the following values:
The Description method sets or retrieves the description of the password policy.
Syntax
The Description method has the following format:
Netegrity::PolicyMgtPwdPolicy‑>Description([policyDesc])
Parameters
The Description method accepts the following parameter:
policyDesc (string)
(Optional) Specifies the description of the password policy.
Return Value
The Description method returns one of the following values:
The DictionaryMatch method sets the minimum number of letters required to qualify a password for dictionary checking.
Syntax
The DictionaryMatch method has the following format:
Netegrity::PolicyMgtPwdPolicy‑>DictionaryMatch([dicMatchLen])
Parameters
The DictionaryMatch method accepts the following parameter:
dicMatchLen (int)
(Optional) Specifies the minimum number of letters required.
Return Value
The DictionaryMatch method returns one of the following values:
The DictionaryPath method sets or retrieves the location of a dictionary file that lists words that cannot be used in a password.
Syntax
The DictionaryPath method has the following format:
Netegrity::PolicyMgtPwdPolicy‑>DictionaryPath([dicPath])
Parameters
The DictionaryPath method accepts the following parameter:
dicPath (string)
(Optional) Specifies the new dictionary path.
Return Value
The DictionaryPath method returns one of the following values:
Remarks
The dictionary file must be a text file located in a directory that all Policy Servers can access.
The DisableAfterInactivityExpiration method sets or retrieves the flag for disabling a user's account if it has been inactive for a specified period.
Syntax
The DisableAfterInactivityExpiration method has the following format:
Netegrity::PolicyMgtPwdPolicy‑>DisableAfterInactivityExpiration([inactivityFlag])
Parameters
The DisableAfterInactivityExpiration method accepts the following parameters:
inactivityFlag (int)
(Optional) Specifies whether to disable the user's account
1 disables the user's account after a specified period of inactivity
0 keeps the account enabled and forces a password change
Return Value
The DisableAfterInactivityExpiration method returns one of the following values:
Remarks
If the flag is set not to disable the user's account after the inactivity period, the user is required to change the password at the next login.
The DisableAfterPwdExpiration method sets or retrieves the flag for disabling a user's account after the user's password expires.
Syntax
The DisableAfterPwdExpiration method has the following format:
Netegrity::PolicyMgtPwdPolicy‑>DisableAfterPwdExpiration([expireFlag])
Parameters
The DisableAfterPwdExpiration method accepts the following parameter:
expireFlag (type)
(Optional) Specifies whether to disable the user's account:
1 disable the user's account after the user's password expires
0 keeps the account enabled and forces a password change
Return Value
The DisableAfterPwdExpiration method returns one of the following values:
Remarks
If the flag is set not to disable the user's account after the password expires, the user is required to change the password at next login.
The EntireDir method determines whether the password policy applies to the entire directory or just a part of it.
Syntax
The EntireDir method has the following format:
Netegrity::PolicyMgtPwdPolicy‑>EntireDir([dirFlag])
Parameters
The EntireDir method accepts the following parameters:
dirFlag (int)
(Optional) Specifies whether to apply the password policy to an entire directory:
1 applies the password policy to the entire directory
0 applies the password policy to just a portion of the directory
Return Value
The EntireDir method returns one of the following values:
Remarks
For information about specifying a part of an entire directory, see the descriptions of the PolicyMgtPwdPolicy‑>UserDirPath method and the PolicyMgtPwdPolicy‑>UserDirClass method.
The ExpirationDelay method specifies the number of days a password can be used until it must be changed.
Syntax
The ExpirationDelay method has the following format:
Netegrity::PolicyMgtPwdPolicy‑>ExpirationDelay([expDelay])
Parameters
The ExpirationDelay method accepts the following parameter:
expDelay (int)
(Optional) Specifies the number of days that the password can be used.
Return Value
The ExpirationDelay method returns one of the following values:
The IsEnabled method enables or disables a password policy.
Syntax
The IsEnabled method has the following format:
Netegrity::PolicyMgtPwdPolicy‑>IsEnabled([enableFlag])
Parameters
The IsEnabled method accepts the following parameter:
enableFlag (int)
(Optional) Specifies whether the password policy is enabled:
Return Value
The IsEnabled method returns one of the following values:
The MaxLoginFailures method sets or retrieves the maximum number of failed login attempts a user can make before the user account is disabled.
Syntax
The MaxLoginFailures method has the following format:
Netegrity::PolicyMgtPwdPolicy‑>MaxLoginFailures([maxLogin])
Parameters
The MaxLoginFailures method accepts the following parameter:
maxLogin (int)
(Optional) Specifies the number of failed login attempts.
Return Value
The MaxLoginFailures method returns one of the following values:
The MaxLoginInactive method sets or retrieves the number of days of inactivity allowed before a user's password expires.
Syntax
The MaxLoginInactive method has the following format:
Netegrity::PolicyMgtPwdPolicy‑>MaxLoginInactive([maxLoginInactive])
Parameters
The MaxLoginInactive method accepts the following parameters:
maxLoginInactive (int)
(Optional) Specifies the number of days of inactivity.
Return Value
The MaxLoginInactive method returns one of the following values:
The Name method sets or retrieves the password policy name.
Syntax
The Name method has the following format:
Netegrity::PolicyMgtPwdPolicy‑>Name([policyName])
Parameters
The Name method accepts the following parameter:
policyName (string)
(Optional) Specifies the password policy name.
Return Value
The Name method returns one of the following values:
The PwdAddRegExpMatch method adds a regular expression to the list of expressions that new passwords must match.
Syntax
The PwdAddRegExpMatch method has the following format:
Netegrity::PolicyMgtPwdPolicy‑>PwdAddRegExpMatch([tag] [, expression])
Parameters
The PwdAddRegExpMatch method accepts the following parameters:
tag (string)
(Optional) Specifies the name of the regular expression.
expression (string)
(Optional) Specifies the regular expression.
Return Value
The PwdAddRegExpMatch method returns one of the following values:
The PwdAddRegExpNoMatch method adds a regular expression to the list of expressions that new passwords must not match.
Syntax
The PwdAddRegExpNoMatch method has the following format:
Netegrity::PolicyMgtPwdPolicy‑>PwdAddRegExpNoMatch([tag] [, expression])
Parameters
The PwdAddRegExpNoMatch method accepts the following parameters:
tag (string)
(Optional) Specifies the name of the regular expression.
expression (string)
(Optional) Specifies the regular expression.
Return Value
The PwdAddRegExpNoMatch method returns one of the following values:
The PwdAllowDigits method sets or retrieves the flag that specifies whether passwords are allowed to have numeric characters.
Syntax
The PwdAllowDigits method has the following format:
Netegrity::PolicyMgtPwdPolicy‑>PwdAllowDigits([digitFlag])
Parameters
The PwdAllowDigits method accepts the following parameter:
digitFlag (int)
(Optional) Specifies whether passwords are allowed to have numeric characters:
1 numeric characters are allowed
0 if numeric characters are not allowed
Return Value
The PwdAllowDigits method returns one of the following values:
The PwdAllowLowercase method sets or retrieves the flag that specifies whether passwords are allowed to have lower case letters.
Syntax
The PwdAllowLowercase method has the following format:
Netegrity::PolicyMgtPwdPolicy‑>PwdAllowLowercase([lcFlag])
Parameters
The PwdAllowLowercase method accepts the following parameters:
lcFlag (int)
(Optional) Specifies whether lowercase letters are allowed in passwords:
Return Value
The PwdAllowLowercase method returns one of the following values:
The PwdAllowNonAlphNum method sets or retrieves the flag that specifies whether passwords are allowed to have non-alphanumeric characters.
Syntax
The PwdAllowNonAlphNum method has the following format:
Netegrity::PolicyMgtPwdPolicy‑>PwdAllowNonAlphaNum([nonAlphaNumFlag])
Parameters
The PwdAllowNonAlphNum method accepts the following parameters:
nonAlphaNumFlag (int)
(Optional) Specifies whether non-alphanumeric characters are allowed in passwords
Return Value
The PwdAllowNonAlphNum method returns one of the following values:
The PwdAllowNonPrintable method sets or retrieves the flag that specifies whether passwords are allowed to have non-printable characters. These characters cannot be displayed on a computer screen.
Syntax
The PwdAllowNonPrintable method has the following format:
Netegrity::PolicyMgtPwdPolicy‑>PwdAllowNonPrintable([nonPrintFlag])
Parameters
The PwdAllowNonPrintable method accepts the following parameters:
nonPrintFlag (int)
(Optional) Specifies whether non-printable characters are allowed in passwords:
Return Value
The PwdAllowNonPrintable method returns one of the following values:
The PwdAllowPunctuation method sets or retrieves the flag that specifies whether passwords are allowed to have punctuation mark characters.
Syntax
The PwdAllowPunctuation method has the following format:
Netegrity::PolicyMgtPwdPolicy‑>PwdAllowPunctuation([punctuationMarkFlag])
Parameters
The PwdAllowPunctuation method accepts the following parameters:
punctuationMarkFlag (int)
(Optional) Specifies whether punctuation mark characters are allowed in passwords:
Return Value
The PwdAllowPunctuation method returns one of the following values:
The PwdAllowUpperCase method sets or retrieves the flag that specifies whether passwords are allowed to have upper case letters.
Syntax
The PwdAllowUpperCase method has the following format:
Netegrity::PolicyMgtPwdPolicy‑>PwdAllowUppercase([upperCaseFlag])
Parameters
The PwdAllowUpperCase method accepts the following parameter:
upperCaseFlag (int)
(Optional) Specifies whether upper case letters are allowed in passwords:
Return Value
The PwdAllowUpperCase method returns one of the following values:
The PwdExpiryWarning method sets or retrieves the number of days in advance to notify the user that the password will expire.
Syntax
The PwdExpiryWarning method has the following format:
Netegrity::PolicyMgtPwdPolicy‑>PwdExpiryWarning([warningDays])
Parameters
The PwdExpiryWarning method accepts the following parameters:
warningDays (int)
(Optional) Specifies the number of days of advance notice.
Return Value
The PwdExpiryWarning method returns one of the following values:
The PwdForceLowerCase method sets or retrieves the flag that determines whether to convert any upper case letters in a new password to lower case.
Syntax
The PwdForceLowerCase method has the following format:
Netegrity::PolicyMgtPwdPolicy‑>PwdForceLowerCase([forceLCFlag])
Parameters
The PwdForceLowerCase method accepts the following parameters:
forceLCFlag (int)
(Optional) Specifies whether for force new passwords into lower vase:
Return Value
The PwdForceLowerCase method returns one of the following values:
The PwdForceUpperCase method sets or retrieves the flag that determines whether to convert any lower case letters in a new password to upper case.
Syntax
The PwdForceUpperCase method has the following format:
Netegrity::PolicyMgtPwdPolicy‑>PwdForceUpperCase([forceUCFlag])
Parameters
The PwdForceUpperCase method accepts the following parameters:
forceUCFlag (int)
(Optional) Specifies whether to force new passwords to use only upper case:
Return Value
The PwdForceUpperCase method returns one of the following values:
The PwdGetAllRegExpMatch method retrieves the name tags of all the regular expressions that new passwords must match.
Syntax
The PwdGetAllRegExpMatch method has the following format:
Netegrity::PolicyMgtPwdPolicy‑>PwdGetAllRegExpMatch()
Parameters
The PwdGetAllRegExpMatch method accepts no parameters.
Return Value
The PwdGetAllRegExpMatch method returns one of the following values:
The PwdGetAllRegExpNoMatch method retrieves the name tags of all the regular expressions that new passwords must not match.
Syntax
The PwdGetAllRegExpNoMatch method has the following format:
Netegrity::PolicyMgtPwdPolicy‑>PwdGetAllRegExpNoMatch()
Parameters
The PwdGetAllRegExpNoMatch method accepts no parameters.
Return Value
The PwdGetAllRegExpNoMatch method returns one of the following values:
The PwdGetRegExp method retrieves the regular expression for the specified name tag.
Syntax
The PwdGetRegExp method has the following format:
Netegrity::PolicyMgtPwdPolicy‑>PwdGetRegExp(tag)
Parameters
The PwdGetRegExp method accepts the following parameter:
tag (string)
Specifies the name of the regular expression to retrieve.
Return Value
The PwdGetRegExp method returns one of the following values:
The PwdIgnoreSequence method specifies whether to ignore sequence (that is, character position) when the different-from-previous-characters percentage is calculated.
Syntax
The PwdIgnoreSequence method has the following format:
Netegrity::PolicyMgtPwdPolicy‑>PwdIgnoreSequence([pwdPctSeq])
Parameters
The PwdIgnoreSequence method accepts the following parameter:
pwdPctSeq (int)
(Optional) Specifies whether to ignore the sequence of characters when creating a new password:
Return Value
The PwdIgnoreSequence method returns one of the following values:
Remarks
For example, suppose a user's previous password is BASEBALL12:
For greater security, pass 1 into this method.
The PwdMaxLength method sets or retrieves the maximum length for user passwords.
Syntax
The PwdMaxLength method has the following format:
Netegrity::PolicyMgtPwdPolicy‑>PwdMaxLength([maxPwdLength])
Parameters
The PwdMaxLength method accepts the following parameter:
maxPwdLength (int)
(Optional) Specifies the maximum password length.
Return Value
The PwdMaxLength method returns the new or existing password length setting.
The PwdMaxRepeatingChar method sets or retrieves the maximum number of identical characters that can appear consecutively in a password.
Syntax
The PwdMaxRepeatingChar method has the following format:
Netegrity::PolicyMgtPwdPolicy‑>PwdMaxRepeatingChar([maxPwdRepeat])
Parameters
The PwdMaxRepeatingChar method accepts the following parameter:
maxPwdRepeat (int)
(Optional) Specifies the maximum number of repeating characters.
Return Value
The PwdMaxRepeatingChar method returns the new or existing setting for repeating characters.
The PwdMinAlpha method sets or retrieves the minimum number of alphabetic characters (A-Z, a-z) that a password must contain.
Syntax
The PwdMinAlpha method has the following format:
Netegrity::PolicyMgtPwdPolicy‑>PwdMinAlpha([pwdMinAlpha])
Parameters
The PwdMinAlpha method accepts the following parameter:
pwdMinAlpha (int)
(Optional) Specifies the minimum number of alphabetic characters required.
Return Value
The PwdMinAlpha method returns the new or existing minimum number of alphabetic characters.
The PwdMinAlphaNum method sets or retrieves the minimum number of alphanumeric characters (A-Z, a-z, 0-9) that a password must contain.
Syntax
The PwdMinAlphaNum method has the following format:
Netegrity::PolicyMgtPwdPolicy‑>PwdMinAlphaNum([pwdMinAlphaNum])
Parameters
The PwdMinAlphaNum method accepts the following parameters:
pwdMinAlphaNum (int)
(Optional) Specifies the minimum number of alphanumeric characters required.
Return Value
The PwdMinAlphaNum method returns the new or existing minimum number of alphanumeric characters.
The PwdMinLength method sets or retrieves the minimum length for user passwords.
Syntax
The PwdMinLength method has the following format:
Netegrity::PolicyMgtPwdPolicy‑>PwdMinLength([minPwdLength])
Parameters
The PwdMinLength method accepts the following parameters:
minPwdLength (int)
(Optional) Specifies the minimum length for user passwords.
Return Value
The PwdMinLength method returns the new or existing minimum password length.
The PwdMinLowercase method sets or retrieves the minimum number of lower case letters that a password must contain.
Syntax
The PwdMinLowercase method has the following format:
Netegrity::PolicyMgtPwdPolicy‑>PwdMinLowercase([pwdMinLC])
Parameters
The PwdMinLowercase method accepts the following parameter:
pwdMinLC (int)
(Optional) Specifies the minimum number of lower case letters that a password must contain.
Return Value
The PwdMinLowercase method returns new or existing minimum for lower case letters.
The PwdMinNonAlpha method sets or retrieves the minimum number of non-alphanumeric characters that a password must contain. These characters include punctuation marks and other symbols located on the keyboard, such as @, $, and *.
Syntax
The PwdMinNonAlpha method has the following format:
Netegrity::PolicyMgtPwdPolicy‑>PwdMinNonAlpha([pwdMinNonAlpha])
Parameters
The PwdMinNonAlpha method accepts the following parameters:
pwdMinNonAlpha (int)
(Optional) Specifies the minimum number of non-alphanumeric characters required.
Return Value
The PwdMinNonAlpha method returns the new or existing minimum number of non-alphanumeric characters.
The PwdMinNonPrintable method sets or retrieves the minimum number of non-printable characters that a password must contain. These characters cannot be displayed on a computer screen.
Syntax
The PwdMinNonPrintable method has the following format:
Netegrity::PolicyMgtPwdPolicy‑>PwdMinNonPrintable([pwdMinNonPrint])
Parameters
The PwdMinNonPrintable method accepts the following parameter:
pwdMinNonPrint (int)
(Optional) Specifies the minimum number of non-printable characters required.
Return Value
The PwdMinNonPrintable method returns The new or existing minimum number of non-printable characters.
The PwdMinNumbers method sets or retrieves the minimum number of numeric characters (0-9) that a password must contain.
Syntax
The PwdMinNumbers method has the following format:
Netegrity::PolicyMgtPwdPolicy‑>PwdMinNumbers([pwdMinNum])
Parameters
The PwdMinNumbers method accepts the following parameter:
pwdMinNum (int)
(Optional) Specifies the minimum number of numeric characters required.
Return Value
The PwdMinNumbers method returns the new or existing minimum number of numeric characters.
The PwdMinProfileMatch method specifies the minimum character sequence to check against the user's personal information.
Syntax
The PwdMinProfileMatch method has the following format:
Netegrity::PolicyMgtPwdPolicy‑>PwdMinProfileMatch([pwdMatchAttr])
Parameters
The PwdMinProfileMatch method accepts the following parameter:
pwdMatchAttr (int)
(Optional) Specifies the minimum number of sequential characters to check.
Return Value
The PwdMinProfileMatch method returns the new or existing minimum setting.
Remarks
For example, if this value is set to 4, SiteMinder prohibits the use of any four consecutive characters found in the user's personal information, such as the four last digits of the user's telephone number.
This field prevents a user from incorporating personal information in a password. SiteMinder checks the password against attributes in the user's directory entry.
The PwdMinPunctuation method sets or retrieves the minimum number of punctuation marks that a password must contain. These characters include periods, commas, exclamation marks, slashes, hyphens, dashes, and other punctuation marks.
Syntax
The PwdMinPunctuation method has the following format:
Netegrity::PolicyMgtPwdPolicy‑>PwdMinPunctuation([pwdMinPunc])
Parameters
The PwdMinPunctuation method accepts the following parameter:
pwdMinPunc (int)
(Optional) Specifies the minimum number of punctuation marks required.
Return Value
The PwdMinPunctuation method returns the new or existing minimum number of punctuation marks.
The PwdMinUppercase method sets or retrieves the minimum number of upper case letters that a password must contain.
Syntax
The PwdMinUppercase method has the following format:
Netegrity::PolicyMgtPwdPolicy‑>PwdMinUppercase([pwdMinUC])
Parameters
The PwdMinUppercase method accepts the following parameter:
pwdMinUC (int)
(Optional) Specifies the minimum number of upper case letters that a password must contain.
Return Value
The PwdMinUppercase method returns the new or existing minimum for upper case letters.
The PwdPercentDiff method sets or retrieves the percentage of characters that a new password must contain that differ from characters in the previous password. If the value is set to 100, the new password cannot contain any characters that were in the previous password (unless the parameter PwdIgnoreSeq is set to 0).
Syntax
The PwdPercentDiff method has the following format:
Netegrity::PolicyMgtPwdPolicy‑>PwdPercentDiff([pwdPctDiff])
Parameters
The PwdPercentDiff method accepts the following parameter:
pwdPctDiff (int)
(Optional) Specifies the minimum percentage setting.
Return Value
The PwdPercentDiff method returns the new or existing minimum percentage setting.
The PwdPolicyPriority method sets or retrieves the password's evaluation priority setting (1-1000). Policies are evaluated in descending order (1000 first, 1 last).
Syntax
The PwdPolicyPriority method has the following format:
Netegrity::PolicyMgtPwdPolicy‑>PwdPolicyPriority([priority])
Parameters
The PwdPolicyPriority method accepts the following parameters:
priority (int)
(Optional) Specifies the evaluation priority of this password policy.
Return Value
The PwdPolicyPriority method returns new or existing evaluation priority setting.
The PwdRedirectionURL method sets or retrieves the URL where the user is redirected when an invalid password is provided. This must be the URL of the Password Services CGI.
Syntax
The PwdRedirectionURL method has the following format:
Netegrity::PolicyMgtPwdPolicy‑>PwdRedirectionURL([URL])
Parameters
The PwdRedirectionURL method accepts the following parameter:
URL (string)
(Optional) Specifies the redirection URL.
Return Value
The PwdRedirectionURL method returns one of the following values:
The PwdRemoveRegExp method removes the regular expression associated with the specified name tag.
Syntax
The PwdRemoveRegExp method has the following format:
Netegrity::PolicyMgtPwdPolicy‑>PwdRemoveRegExp(tag)
Parameters
The method accepts the following parameter:
tag (string)
Specifies the name of the regular expression to move.
Return Value
The PwdRemoveRegExp method returns one of the following values:
The PwdReuseCount method specifies the number of new passwords that must be used before an old password can be reused.
Syntax
The PwdReuseCount method has the following format:
Netegrity::PolicyMgtPwdPolicy‑>PwdReuseCount([pwdReuseCount])
Parameters
The PwdReuseCount method accepts the following parameters:
pwdReuseCount (int)
(Optional) Specifies the password reuse setting.
Return Value
The PwdReuseCount method returns the new or existing password reuse setting.
The PwdReuseDelay method specifies the number of days a user must wait before reusing a password.
Syntax
The PwdReuseDelay method has the following format:
Netegrity::PolicyMgtPwdPolicy‑>PwdReuseDelay([pwdReuseDelay])
Parameters
The PwdReuseDelay method accepts the following parameter:
pwdReuseDelay (type)
(Optional) Specifies the password reuse delay setting.
Return Value
The PwdReuseDelay method returns the new or existing password reuse delay setting.
The ReEnableAfterIncorrectPwd method determines whether to re-enable a user account after the entry of an incorrect password or passwords.
Syntax
The ReEnableAfterIncorrectPwd method has the following format:
Netegrity::PolicyMgtPwdPolicy‑>ReEnableAfterIncorrectPwd([groupFlag])
Parameters
The ReEnableAfterIncorrectPwd method accepts the following parameter:
groupFlag (int)
(Optional) Specifies whether to re-enable a user account after the entry of an incorrect password:
Return Value
The ReEnableAfterIncorrectPwd method returns one of the following values:
The Save method saves the password policy to the policy store.
Syntax
The Save method has the following format:
Netegrity::PolicyMgtPwdPolicy‑>Save( )
Parameters
The Save method accepts no parameters.
Return Value
The Save method returns one of the following values:
Remarks
Call this method once after making all the modifications to the password policy that you intend to make. This method must be called for any changes to take effect.
The StripEmbeddedWhitespace method sets or retrieves the flag that determines whether to strip new passwords of embedded white space.
Syntax
The StripEmbeddedWhitespace method has the following format:
Netegrity::PolicyMgtPwdPolicy‑>StripEmbeddedWhitespace([stripEmbeddedFlag])
Parameters
The StripEmbeddedWhitespace method accepts the following parameter:
stripEmbeddedFlag (int)
(Optional) Specifies whether to strip embedded white space from new passwords:
Return Value
The StripEmbeddedWhitespace method returns the new or existing flag setting.
The StripLeadingWhitespace method sets or retrieves the flag that determines whether to strip new passwords of leading white space.
Syntax
The StripLeadingWhitespace method has the following format:
Netegrity::PolicyMgtPwdPolicy‑>StripLeadingWhitespace([stripLeadingFlag])
Parameters
The StripLeadingWhitespace method accepts the following parameter:
stripLeadingFlag (int)
(Optional) Specifies whether to strip leading white space from passwords:
Return Value
The StripLeadingWhitespace method returns the new or existing flag setting.
The StripTrailingWhitespace method sets or retrieves the flag that determines whether to strip new passwords of trailing white space.
Syntax
The StripTrailingWhitespace method has the following format:
Netegrity::PolicyMgtPwdPolicy‑>StripTrailingWhitespace([stripTrailingFlag])
Parameters
The StripTrailingWhitespace method accepts the following parameter:
stripTrailingFlag (int)
(Optional) Specifies whether to strip trailing white space from passwords:
Return Value
The StripTrailingWhitespace method returns the new or existing flag setting.
The TrackLoginDetails method sets or retrieves the flag that determines whether to track authentication attempts and successful logins.
Syntax
The TrackLoginDetails method has the following format:
Netegrity::PolicyMgtPwdPolicy‑>TrackLoginDetails([trackingFlag])
Parameters
The TrackLoginDetails method accepts the following parameter:
trackingFlag (int)
(Optional) Specifies whether to enable login tracking:
Return Value
The TrackLoginDetails method returns the new or existing flag setting.
The UserDirClass method sets or retrieves the directory class if the password policy applies to a part of the directory.
Syntax
The UserDirClass method has the following format:
Netegrity::PolicyMgtPwdPolicy‑>UserDirClass([path])
Parameters
The UserDirClass method accepts the following parameter:
path (string)
(Optional) Specifies the directory class.
Return Value
The UserDirClass method returns the new or existing directory class.
The UserDirectory method sets or retrieves the user directory for the password policy.
Syntax
The UserDirectory method has the following format:
Netegrity::PolicyMgtPwdPolicy‑>UserDirectory([userDir])
Parameters
The UserDirectory method accepts the following parameter:
userDir (PolicyMgtUserDir)
(Optional) Specifies the user directory for the password policy.
Return Value
The UserDirectory method returns a PolicyMgtUserDir object.
The UserDirPath method sets or retrieves the directory path if the password policy applies to a part of the directory.
Syntax
The UserDirPath method has the following format:
Netegrity::PolicyMgtPwdPolicy‑>UserDirPath([path])
Parameters
The UserDirPath method accepts the following parameter:
path (type)
(Optional) Specifies the directory path.
Return Value
The UserDirPath method returns the new or existing directory path.
The following methods act on PolicyMgtPolicy objects:
The ActiveExpr method sets or retrieves the active expression associated with the policy.
Syntax
The ActiveExpr method has the following format:
Netegrity::PolicyMgtPolicy‑>ActiveExpr([activeExpr])
Parameters
The ActiveExpr method accepts the following parameter:
activeExpr (string)
(Optional) Specifies the active expression to set.
Return Value
The ActiveExpr method returns one of the following values:
The AddRule method adds a rule to the policy.
Syntax
The AddRule method has the following format:
Netegrity::PolicyMgtPolicy‑>AddRule(rule)
Parameters
The AddRule method accepts the following parameter:
rule (PolicyMgtRule)
Specifies the rule to add.
Return Value
The AddRule method returns one of the following values:
The AddUser method adds a user to the policy.
Syntax
The AddUser method has the following format:
Netegrity::PolicyMgtPolicy‑>AddUser(user [, iExcludeUser] [, iRecursiveFlag] [, iANDUserFlag])
Parameters
The AddUser method accepts the following parameters:
user (PolicyMgtUser)
Specifies the user to add.
iExcludeUser (int)
(Optional) Specifies whether to exclude a user:
iRecursiveFlag (int)
(Optional) Specifies the setting for the AllowNested flag:
iANDUserFlag (int)
(Optional) Specifies the setting for the AND flag:
1 set the AND flag
0 disables the AND flag
Return Value
The AddUser method returns one of the following values:
The AllowNested method sets or retrieves the AllowNested flag.
Syntax
The AllowNested method has the following format:
Netegrity::PolicyMgtPolicy‑>AllowNested(user[, iRecursiveFlag])
Parameters
The AllowNested method accepts the following parameters:
user (PolicyMgtUser)
Specifies the user for which to set or retrieve the AllowNested flag.
iRecursiveFlag (int)
(Optional) Specifies the value of the AllowNested flag:
If this is not passed, the function returns the current value of the AllowNested flag. The flag applies to all the users added to the policy for a particular user directory.
Return Value
The AllowNested method returns one of the following values:
The CreateIPConfigHostName method creates an IP Address configuration based on the host name passed to the method. For the policy to fire, a request must come from the machine with the passed host name.
Syntax
The CreateIPConfigHostName method has the following format:
Netegrity::PolicyMgtPolicy‑>CreateIPConfigHostName(hostName)
Parameters
The CreateIPConfigHostName method accepts the following parameter:
hostName (string)
Specifies the host name required for the policy to fire.
Return Value
The CreateIPConfigHostName method returns one of the following values:
The CreateIPConfigRange method creates an IP Address configuration based on the range of IP addresses passed to the method. For the policy to fire, a request must come from a machine with an IP address that falls within the range.
Syntax
The CreateIPConfigRange method has the following format:
Netegrity::PolicyMgtPolicy‑>CreateIPConfigRange(ipAddr1, ipAddr2)
Parameters
The CreateIPConfigRange method accepts the following parameters:
ipAddr1 (string)
Specifies the beginning IP address in the range of accepted addresses.
ipAddr2 (string)
Specifies the ending IP address in the range of accepted addresses.
Return Value
The CreateIPConfigRange method returns one of the following values:
The CreateIPConfigSingleHost method creates an IP Address configuration based on the IP address passed to the method. For the policy to fire, a request must come from the machine with the passed IP address.
Syntax
The CreateIPConfigSingleHost method has the following format:
Netegrity::PolicyMgtPolicy‑>CreateIPConfigSingleHost(ipAddr)
Parameters
The CreateIPConfigSingleHost method accepts the following parameter:
ipAddr (string)
Specifies the IP address required for the policy to fire.
Return Value
The CreateIPConfigSingleHost method returns one of the following values:
The CreateIPConfigSubnetMask method creates an IP Address configuration based on the IP address and subnet mask passed to the method. For the policy to fire, a request must come from the subnet address derived from the passed IP address and subnet mask.
Syntax
The CreateIPConfigSubnetMask method has the following format:
Netegrity::PolicyMgtPolicy‑>CreateIPConfigSubnetMask(ipAddr, subnetMask)
Parameters
The CreateIPConfigSubnetMask method accepts the following parameters:
ipAddr (string)
Specifies the IP address used to derive the subnet address.
subnetMask (unsigned long)
Specifies the subnet mask used to derive the subnet address.
Return Value
The CreateIPConfigSubnetMask method returns one of the following values:
Remarks
The subnet mask value is a number of bits. To arrive at this value, count the bits in the binary value of the address. For example, suppose the subnet mask is 255.255.255.128. The binary format is:
11111111 11111111 11111111 10000000
Counting from left to right, the number to pass in subnetMask would be 25.
The DeleteIPConfig method deletes the specified IP configuration object.
Syntax
The DeleteIPConfig method has the following format:
Netegrity::PolicyMgtPolicy‑>DeleteIPConfig(ipConfig)
Parameters
The DeleteIPConfig method accepts the following parameters:
ipConfig (PolicyMgtIPConfig)
Specifies the IP configuration object to delete.
Return Value
The DeleteIPConfig method returns one of the following values:
The Description method sets or retrieves the description of the policy.
Syntax
The Description method has the following format:
Netegrity::PolicyMgtPolicy‑>Description([policyDesc])
Parameters
The Description method accepts the following parameter:
policyDesc (string)
Specifies the description to set.
Return Value
The Description method returns one of the following values:
The EnforceANDEvaluation method sets or retrieves the ANDUser/Group flag depending on the value of the iANDUserFlag.
Syntax
The EnforceANDEvaluation method has the following format:
Netegrity::PolicyMgtPolicy‑>EnforceANDEvaluation(user[, iANDUserFlag])
Parameters
The EnforceANDEvaluation method accepts the following parameters:
user (PolicyMgtUser)
Specifies the user for which to set or retrieve iANDUserFlag.
iANDUserFlag (int)
(Optional) Specifies whether to enforce AND evaluation:
1 to enforce AND evaluation
0 to remove AND evaluation
If this argument is not passed, the function returns the current value of iANDUserFlag. This flag applies to all the users added to the policy for a particular user directory.
Return Value
The EnforceANDEvaluation method returns one of the following values:
The ExcludeUser method excludes or includes a user from the policy depending on the value of iExcludeFlag.
Syntax
The ExcludeUser method has the following format:
Netegrity::PolicyMgtPolicy‑>ExcludeUser(user[, iExcludeFlag])
Parameters
The ExcludeUser method accepts the following parameters:
user (PolicyMgtUser)
Specifies the user to exclude or include.
iExcludeFlag (int)
(Optional) Specifies whether to exclude the specified user:
If this argument is not passed, the function returns the current value of iExcludeFlag.
Return Value
The ExcludeUser method returns one of the following values:
The GetAllIPConfigs method retrieves all IP address restriction objects in the policy.
Syntax
The GetAllIPConfigs method has the following format:
Netegrity::PolicyMgtPolicy‑>GetAllIPConfigs( )
Parameters
The GetAllIPConfigs method accepts no parameters.
Return Value
The GetAllIPConfigs method returns one of the following values:
Remarks
See the PolicyMgtIPConfig‑>GetType method for information about IP address restrictions and IP address restriction types.
The GetAllRules method retrieves all rules associated with the policy.
Syntax
The GetAllRules method has the following format:
Netegrity::PolicyMgtPolicy‑>GetAllRules()
Parameters
The GetAllRules method accepts no parameters.
Return Value
The GetAllRules method returns one of the following values:
The GetAllUsers method retrieves all users associated with the policy. If a user directory is specified, only those users associated with that directory are retrieved.
Syntax
The GetAllUsers method has the following format:
Netegrity::PolicyMgtPolicy‑>GetAllUsers([userDir])
Parameters
The GetAllUsers method accepts the following parameter:
userDir (PolicyMgtUserDir)
(Optional) Specifies that only users associated with this user directory are retrieved.
Return Value
The GetAllUsers method returns one of the following values:
The IsEnabled method enables or disables the policy.
Syntax
The IsEnabled method has the following format:
Netegrity::PolicyMgtPolicy‑>IsEnabled([enableFlag])
Parameters
The IsEnabled method accepts the following parameter:
enableFlag (int)
(Optional) Specifies whether to enable or disable the policy:
Return Value
The IsEnabled method returns one of the following values:
The Name method sets or retrieves the policy name.
Syntax
The Name method has the following format:
Netegrity::PolicyMgtPolicy‑>Name([policyName])
Parameters
The Name method accepts the following parameter:
policyName (string)
(Optional) Specifies the name to assign to the policy.
Return Value
The Name method returns one of the following values:
The RemoveResponse method removes the response for a configured rule in the policy.
Syntax
The RemoveResponse method has the following format:
Netegrity::PolicyMgtPolicy‑>RemoveResponse(rule)
Parameters
The RemoveResponse method accepts the following parameter:
rule (PolicyMgtRule)
Specifies the rule whose response should be removed.
Return Value
The RemoveResponse method returns one of the following values:
The RemoveRule method Removes the specified rule from the policy.
Syntax
The RemoveRule method has the following format:
Netegrity::PolicyMgtPolicy‑>RemoveRule(rule)
Parameters
The RemoveRule method accepts the following parameter:
rule (PolicyMgtRule)
Specifies the rule to remove.
Return Value
The RemoveRule method returns one of the following values:
The RemoveUser method removes a user from the policy.
Syntax
The RemoveUser method has the following format:
Netegrity::PolicyMgtPolicy‑>RemoveUser(user)
Parameters
The RemoveUser method accepts the following parameters:
user (PolicyMgtUser)
Specifies the user to remove.
Return Value
The RemoveUser method returns one of the following values:
The SetResponse method sets the response for a configured rule in the policy.
Syntax
The SetResponse method has the following format:
Netegrity::PolicyMgtPolicy‑>SetResponse(rule, response)
Parameters
The SetResponse method accepts the following parameters:
rule (PolicyMgtRule)
Specifies the rule whose response is being set.
response (PolicyMgtResponse)
Specifies the response to set.
Return Value
The SetResponse method returns one of the following values:
The following methods define TCP/IP connectivity information for a PolicyMgtServer object:
The GetPorts method is deprecated in SiteMinder v6.0 and replaced by the GetServerPort method.
The GetServerAddress method retrieves the Host Name or IP address of the Policy Server.
Syntax
The GetServerAddress method has the following format:
Netegrity::PolicyMgtServer‑>GetServerAddress()
Parameters
The GetServerAddress method accepts no parameters.
Return Value
The GetServerAddress method returns one of the following values:
The GetServerPort method retrieves one of the following:
Syntax
The GetServerPort method has the following format:
Netegrity::PolicyMgtServer‑>GetServerPort()
Parameters
The GetServerPort method accepts no parameters:
Return Value
The GetServerPort method returns one of the following values:
Remarks
The single-process Policy Server introduced in SiteMinder v6.0 combines the previously separate Authentication, Authorization, and Accounting processes into one combined process whose requests go through one TCP port. As a result, the ports numbers retrieved in the array are all the same.
The following methods act on PolicyMgtRealm objects:
The Agent method sets or retrieves the agent for the realm.
Syntax
The Agent method has the following format:
Netegrity::PolicyMgtRealm‑>Agent([agent])
Parameters
The Agent method accepts the following parameters:
agent (PolicyMgtAgent)
(Optional) Specifies the agent to set for the realm.
Return Value
The Agent method returns one of the following values:
The AuthScheme method sets or retrieves the authentication scheme for the realm.
Syntax
The AuthScheme method has the following format:
Netegrity::PolicyMgtRealm‑>AuthScheme([authScheme])
Parameters
The AuthScheme method accepts the following parameter:
authScheme (PolicyMgtAuthScheme)
(Optional) Specifies the authentication scheme to set for the realm.
Return Value
The AuthScheme method returns one of the following values:
The AzUserDir method sets or retrieves the authorization user directory for the realm.
Syntax
The AzUserDir method has the following format:
Netegrity::PolicyMgtRealm‑>AzUserDir([dir])
Parameters
The AzUserDir method accepts the following parameter:
dir (PolicyMgtUserDirectory)
(Optional) Specifies the authorization user directory to set for the realm.
Return Value
The AzUserDir method returns one of the following values:
The CreateChildRealm method creates and configures a realm directly under the realm on which this method was called.
Syntax
The CreateChildRealm method has the following format:
Netegrity::PolicyMgtRealm‑>CreateChildRealm(realmName, agent, authScheme [, realmDesc] [, resFilter] [, procAuthEvents] [, procAzEvents] [, protectAll] [, maxTimeout] [, idleTimeout] [, syncAudit] [, azUserDir] [, regScheme])
Parameters
The CreateChildRealm method accepts the following parameters:
realmName (string)
Specifies the name of the realm.
agent (PolicyMgtAgent)
Specifies the agent or agent group for the realm.
authScheme (PolicyMgtAuthScheme)
Specifies the authentication scheme to associate with the realm.
realmDesc (string)
(Optional) Specifies the realm description.
resFilter (string)
(Optional) Specifies the resource filter for the realm.
procAuthEvents (int)
(Optional) Specifies a flag for processing authentication events: 1 to enable, or 0 to disable. The default is enabled.
procAzEvents (int)
(Optional) Specifies a flag for processing authorization events: 1 to enable, or 0 to disable. The default is enabled.
protectAll (int)
(Optional) Specifies a flag for activating default resource protection:1 to enable, or 0 to disable. The default is enabled.
maxTimeout (int)
(Optional) Specifies the maximum time, in seconds, a user can access the realm before re-authentication is required. The default is 7200 (2 hours).
idleTimeout (int)
(Optional) Specifies the maximum time a user can remain inactive in the realm before re-authentication is required. The default is 3600 (1 hour).
syncAudit (int)
(Optional) Specifies a flag for enabling synchronous auditing: 1 to enable, or 0 to disable. When this flag is enabled, SiteMinder logs Policy Server and agent actions before it allows access to resources. The default is enabled.
azUserDir (PolicyMgtUserDir)
(Optional) Specifies the directory where users in the realm will be authorized. The default is the default directory.
regScheme (PolicyMgtRegScheme)
(Optional) Specifies the registration scheme used to register new users accessing resources in the realm.
Return Value
The CreateChildRealm method returns one of the following values:
Remarks
This method creates a realm that is configured for non-persistent sessions. To configure the realm for SiteMinder 5.0 persistent sessions, edit the realm in the Administrative UI.
Note: The Policy Management API only manipulates realms that are direct descendants of the object whose method has been called, as follows:
The CreateRule method creates and configures a rule under the realm.
Syntax
The CreateRule method has the following format:
Netegrity::PolicyMgtRealm‑>CreateRule( ruleName [, ruleDesc] [, action] [, resource] [, allowAccess] [, regexMatch] [, activeExpr] [, isEnabled] )
Parameters
The CreateRule method accepts the following parameters:
ruleName (string)
Specifies the name of the rule.
ruleDesc (string)
(Optional) Specifies the description of the rule.
action (string)
(Optional) Specifies the type of action that the rule will execute. One of the following actions:
For action type Web Agent actions, use one or more of the following HTTP actions. Use commas to separate multiple actions:
For action type Authentication events:
For action type Authorization events:
resource (string)
(Optional) Specifies the resource protected by the rule. This value doesn't apply to action type Authentication events.
allowAccess (int)
(Optional) Specifies a flag to allow or deny access to the resource protected by the rule: 1 allows access, or 0 denies access. This flag applies only to action values of type GET, PUT, and/or POST. The default is 1.
regexMatch (int)
(Optional) Specifies a flag to allow regular expression pattern matching in the resource field : 1 allows regular expression matching, and 0 denies regular expression matching. This flag doesn't apply to action type Authentication events. The default is 0.
activeExpr (string)
(Optional) Specifies the active expression associated with the rule.
isEnabled (int)
(Optional) Specifies a flag to enable or disable the rule:1 to enable, or 0 to disable. The default is enabled.
Return Value
The CreateRule method returns one of the following values:
The DeleteChildRealm method deletes a top-level realm within the realm.
Syntax
The DeleteChildRealm method has the following format:
Netegrity::PolicyMgtRealm‑>DeleteChildRealm(realm)
Parameters
The DeleteChildRealm method accepts the following parameter:
realm (PolicyMgtRealm)
Specifies the child realm to delete.
Return Value
The DeleteChildRealm method returns one of the following values:
The DeleteRule method deletes an existing rule within the realm.
Syntax
The DeleteRule method has the following format:
Netegrity::PolicyMgtRealm‑>DeleteRule(rule)
Parameters
The DeleteRule method accepts the following parameter:
rule (PolicyMgtRule)
Specifies the rule to delete.
Return Value
The DeleteRule method returns one of the following values:
The Description method sets or retrieves the description of the realm.
Syntax
The Description method has the following format:
Netegrity::PolicyMgtRealm‑>Description([realmDesc])
Parameters
The Description method accepts the following parameter:
realmDesc (string)
(Optional) Specifies the description to assign to the realm.
Return Value
The Description method returns one of the following values:
The Flush method flushes the realm from the resource cache.
Syntax
The Flush method has the following format:
Netegrity::PolicyMgtRealm‑>Flush()
Parameters
The Flush method accepts no parameters.
Return Value
The Flush method returns one of the following values:
The GetAllChildRealms method retrieves all top-level realms within the realm. Returns only the children.
Syntax
The GetAllChildRealms method has the following format:
Netegrity::PolicyMgtRealm‑>GetAllChildRealms()
Parameters
The GetAllChildRealms method accepts no parameters.
Return Value
The GetAllChildRealms method returns one of the following values:
The GetAllRules method retrieves the rules associated with the realm.
Syntax
The GetAllRules method has the following format:
Netegrity::PolicyMgtRealm‑>GetAllRules()
Parameters
The GetAllRules method accepts no parameters.
Return Value
The GetAllRules method returns one of the following values:
The GetChildRealm method retrieves a top-level child realm under the realm. This method only searches child realms.
Syntax
The GetChildRealm method has the following format:
Netegrity::PolicyMgtRealm‑>GetChildRealm(realmName)
Parameters
The GetChildRealm method accepts the following parameter:
realmName (string)
Specifies the realm to check for child realms.
Return Value
The GetChildRealm method returns one of the following values:
The GetDomain method retrieves the domain associated with the realm.
Syntax
The GetDomain method has the following format:
Netegrity::PolicyMgtRealm‑>GetDomain()
Parameters
The GetDomain method accepts parameters.
Return Value
The GetDomain method returns one of the following values:
The GetRule method retrieves an existing rule in the realm.
Syntax
The GetRule method has the following format:
Netegrity::PolicyMgtRealm‑>GetRule(ruleName)
Parameters
The GetRule method accepts the following parameter:
ruleName (string)
Specifies the name of the rule to retrieve.
Return Value
The GetRule method returns one of the following values:
The IdleTimeout method sets or retrieves the maximum time a user can remain inactive in the realm before re-authentication is required.
Syntax
The IdleTimeout method has the following format:
Netegrity::PolicyMgtRealm‑>IdleTimeout([idleTimeout])
Parameters
The IdleTimeout method accepts the following parameter:
idleTimeout (type)
(Optional) Specifies the idle timeout value, in seconds.
Return Value
The IdleTimeout method returns one of the following values:
The MaxTimeout method sets or retrieves the maximum time a user can access the realm before re-authentication is required.
Syntax
The MaxTimeout method has the following format:
Netegrity::PolicyMgtRealm‑>MaxTimeout([maxTimeout])
Parameters
The MaxTimeout method accepts the following parameter:
maxTimeout (int)
(Optional) Specifies the maximum timeout value, in seconds.
Return Value
The MaxTimeout method returns one of the following values:
The Name method sets or retrieves the realm name.
Syntax
The Name method has the following format:
Netegrity::PolicyMgtRealm‑>Name([realmName])
Parameters
The Name method accepts the following parameter:
realmName (string)
(Optional) Specifies the name to assign to the realm.
Return Value
The Name method returns one of the following values:
The ProcessAuEvents method sets or retrieves the authentication event flag in the realm.
Authentication event processing affects performance. If no rules in the realm are triggered by authentication events, set this flag to 0.
Syntax
The ProcessAuEvents method has the following format:
Netegrity::PolicyMgtRealm‑>ProcessAuEvents([authFlag])
Parameters
The ProcessAuEvents method accepts the following parameter:
authFlag (int)
(Optional) Specifies whether authentication events are processed:
Return Value
The ProcessAuEvents method returns one of the following values:
The ProcessAzEvents method sets or retrieves the authorization event flag in the realm.
Syntax
The ProcessAzEvents method has the following format:
Netegrity::PolicyMgtRealm‑>ProcessAzEvents([azFlag])
Parameters
The ProcessAzEvents method accepts the following parameter:
azFlag (int)
(Optional) Specifies whether to enable authorization event processing:
Return Value
The ProcessAzEvents method returns one of the following values:
Remarks
Authorization event processing affects performance. If no rules in the realm are triggered by authorization events, set this flag to 0.
The ProtectResource method sets or retrieves the current resource protection flag.
Syntax
The ProtectResource method has the following format:
Netegrity::PolicyMgtRealm‑>ProtectResource([protectFlag])
Parameters
The ProtectResource method accepts the following parameter:
protectFlag (int)
(Optional) Specifies whether enable resource protection:
Return Value
The ProtectResource method returns one of the following values:
The RegScheme method sets or retrieves the registration scheme for the realm.
Syntax
The RegScheme method has the following format:
Netegrity::PolicyMgtRealm‑>RegScheme([regScheme])
Parameters
The RegScheme method accepts the following parameter:
regScheme (PolicyMgtRegScheme)
(Optional) Specifies the registration scheme to set.
Return Value
The RegScheme method returns one of the following values:
The SessionDrift method sets or retrieves the session drift of the realm, that is, the validation period (in seconds) if enabled on a persistent realm.
Syntax
The SessionDrift method has the following format:
Netegrity::PolicyMgtRealm‑>SessionDrift([SessionDrift])
Parameters
The SessionDrift method accepts the following parameter:
SessionDrift (int)
(Optional) Specifies the new value, or returns the current value when not specified.
Return Value
The SessionDrift method returns one of the following values:
Note: -1 (Sm_PolicyApi_Failure) is a valid return value, indicating that the session drift is not enabled
The ResourceFilter method sets or retrieves the realm resource filter.
Syntax
The ResourceFilter method has the following format:
Netegrity::PolicyMgtRealm‑>ResourceFilter([rFilter])
Parameters
The ResourceFilter method accepts the following parameter:
rFilter (string)
(Optional) Specifies the realm resource filter to set.
Return Value
The ResourceFilter method returns one of the following values:
The SyncAudit method sets or retrieves the synchronous auditing flag. When this flag is enabled, SiteMinder logs Policy Server and agent actions before it allows access to resources.
Syntax
The SyncAudit method has the following format:
Netegrity::PolicyMgtRealm‑>SyncAudit([syncFlag])
Parameters
The SyncAudit method accepts the following parameter:
syncFlag (int)
(Optional) Specifies whether synchronous auditing is enabled:
Return Value
The SyncAudit method returns one of the following values:
The following methods act on PolicyMgtRegScheme objects:
The Description method sets or retrieves the registration scheme description.
Syntax
The Description method has the following format:
Netegrity::PolicyMgtRegScheme‑>Description([regDesc])
Parameters
The Description method accepts the following parameter:
regDesc (string)
(Optional) Specifies the description of the registration scheme.
Return Value
The Description method returns one of the following values:
The EnableLogging method enables or disables registration scheme logging.
Syntax
The EnableLogging method has the following format:
Netegrity::PolicyMgtRegScheme‑>EnableLogging([logFlag])
Parameters
The EnableLogging method accepts the following parameter:
logFlag (int)
(Optional) Specifies whether registration scheme logging is enabled:
Return Value
The EnableLogging method returns one of the following values:
The Name method Sets or retrieves the registration scheme name.
Syntax
The Name method has the following format:
Netegrity::PolicyMgtRegScheme‑>Name([regName])
Parameters
The Name method accepts the following parameters:
regName (string)
(Optional) Specifies the registration scheme name.
Return Value
The Name method returns one of the following values:
The TemplatePath method sets or retrieves the path of the registration scheme template.
Syntax
The TemplatePath method has the following format:
Netegrity::PolicyMgtRegScheme‑>TemplatePath([path])
Parameters
The TemplatePath method accepts the following parameters:
path (string)
(Optional) Specifies the path of the registration scheme template.
Return Value
The TemplatePath method returns one of the following values:
The UserDirectory method sets or retrieves the user directory for the registration scheme.
Syntax
The UserDirectory method has the following format:
Netegrity::PolicyMgtRegScheme‑>UserDirectory([userDir])
Parameters
The UserDirectory method accepts the following parameters:
userDir (PolicyMgtUserDir)
(Optional) Specifies the user directory for the registration scheme.
Return Value
The UserDirectory method returns one of the following values:
The WelcomePageURL method sets or retrieves the welcome page URL for the registration scheme.
Syntax
The WelcomePageURL method has the following format:
Netegrity::PolicyMgtRegScheme‑>WelcomePageURL([URL])
Parameters
The WelcomePageURL method accepts the following parameter:
URL (string)
(Optional) Specifies the welcome page URL for the registration scheme. Users are redirected to this page after successfully registering.
Format: http://my.acme.com/hr/welcome.htm
Return Value
The WelcomePageURL method returns one of the following values:
The following methods act on PolicyMgtResponse objects:
The CreateAttribute method creates a Static response attribute for the response.
Syntax
The CreateAttribute method has the following format:
Netegrity::PolicyMgtResponse‑>CreateAttribute(attrName, varValue [, TTL])
Parameters
The CreateAttribute method accepts the following parameters:
attrName (string)
Specifies the name of the attribute to create. Valid attribute names vary with the type of agent associated with the response.
Agent type is specified in the SiteMinder Response Dialog, which is displayed when you create a response. To see the list of attributes associated with a given agent type, select the agent type in the SiteMinder Response Dialog, click Create, then view the choices in the Attribute field of the SiteMinder Response Attribute Editor.
For example, if you are creating a response with a SiteMinder Web Agent type, you can create any of the following response attributes:
varValue (string)
Specifies the value of the static attribute. This value appears in the Value column of the SiteMinder Response Dialog. The value represents either a variable or cookie value or a name/value pair. If you need to specify a name as well as a value, use the form name=value. For example, the attribute WebAgent-HTTP-Header-Variable requires a name/value pair. If the name is show_content and the value is yes, you would assign show_content=yes to varValue.
TTL (int)
(Optional) Specifies the amount of time in seconds that can elapse before the value of the response attribute is recalculated.
Return Value
The CreateAttribute method returns one of the following values:
Remarks
You cannot create response attributes of type User Attribute or DN Attribute with the Command Line Interface.
See also the descriptions of the PolicyMgtResponse‑>CreateActiveAttribute method and the PolicyMgtResponse‑>CreateVariableAttribute method.
The DeleteAttribute method deletes a response attribute in the response.
Syntax
The DeleteAttribute method has the following format:
Netegrity::PolicyMgtResponse‑>DeleteAttribute(respAttr)
Parameters
The DeleteAttribute method accepts the following parameter:
respAttr (PolicyMgtResponseAttr)
Specifies the response attribute to delete.
Return Value
The DeleteAttribute method returns one of the following values:
The Description method sets or retrieves the response description.
Syntax
The Description method has the following format:
Netegrity::PolicyMgtResponse‑>Description([resDesc])
Parameters
The Description method accepts the following parameter:
resDesc (string)
(Optional) Specifies the response description.
Return Value
The Description method returns one of the following values:
The GetAllAttributes method retrieves a list of configured response attributes.
Syntax
The GetAllAttributes method has the following format:
Netegrity::PolicyMgtResponse‑>GetAllAttributes()
Parameters
The GetAllAttributes method accepts no parameters:
Return Value
The GetAllAttributes method returns one of the following values:
The Name method sets or retrieves the response name.
Syntax
The Name method has the following format:
Netegrity::PolicyMgtResponse‑>Name([resName])
Parameters
The Name method accepts the following parameter:
resName (string)
(Optional) Specifies the response name.
Return Value
The Name method returns one of the following values:
The following methods act on PolicyMgtResponseAttr objects:
The GetAgentTypeAttrName method retrieves the name of the agent type attribute associated with this response attribute.
Syntax
The GetAgentTypeAttrName method has the following format:
Netegrity::PolicyMgtResponseAttr‑>GetAgentTypeAttrName()
Parameters
The GetAgentTypeAttrName method accepts no parameters.
Return Value
The GetAgentTypeAttrName method returns one of the following values:
The GetTTL method retrieves the Time To Live (TTL) setting.
Syntax
The GetTTL method has the following format:
Netegrity::PolicyMgtResponseAttr‑>GetTTL()
Parameters
The GetTTL method accepts no parameters.
Return Value
The GetTTL method returns one of the following values:
The GetValue method retrieves the response attribute value.
Syntax
The GetValue method has the following format:
Netegrity::PolicyMgtResponseAttr‑>GetValue()
Parameters
The GetValue method accepts no parameters.
Return Value
The GetValue method returns one of the following values:
The following methods act on PolicyMgtRule objects:
The AccessType method sets or retrieves the flag that allows or denies access to the resource protected by the rule.
Syntax
The AccessType method has the following format:
Netegrity::PolicyMgtRule‑>AccessType([allowAccess])
Parameters
The AccessType method accepts the following parameter:
allowAccess (int)
(Optional) Specifies whether the rule allows access to the resource:
Return Value
The AccessType method returns one of the following values:
The Action method sets or retrieves the action for the rule.
Syntax
The Action method has the following format:
Netegrity::PolicyMgtRule‑>Action([action])
Parameters
The Action method accepts the following parameter:
action (string)
(Optional) Specifies the action to perform, as follows:
For action type Web Agent actions, use one or more of the following HTTP actions. Use commas to separate multiple actions:
For action type Authentication events:
For action type Authorization events:
Return Value
The Action method returns one of the following values:
The ActiveExpr method sets or retrieves the active expression for the rule.
Syntax
The ActiveExpr method has the following format:
Netegrity::PolicyMgtRule‑>ActiveExpr([expr])
Parameters
The ActiveExpr method accepts the following parameters:
expr (string)
(Optional) Specifies the active expression to execute.
Return Value
The ActiveExpr method returns one of the following values:
The Agent method sets or retrieves an agent object or an agent group object associated with the global rule.
Syntax
The Agent method has the following format:
Netegrity::PolicyMgtRule‑>Agent(agentObject)
Parameters
The Agent method accepts the following parameter:
agentObject (objectType)
Specifies the agent object or agent group object to associate with the rule. objectType can be either PolicyMgtAgent or PolicyMgtGroup.
Return Value
The Agent method returns a new or existing PolicyMgtAgent object or PolicyMgtGroup object.
Remarks
After the rule is created, the agent associated with the rule can be changed only within the same agent type (such as Web Agent).
Note: Rules that have domain scope are associated with agents indirectly, through a realm.
The Description method sets or retrieves the description of the rule.
Syntax
The Description method has the following format:
Netegrity::PolicyMgtRule‑>Description([ruleDesc])
Parameters
The Description method accepts the following parameter:
ruleDesc (string)
(Optional) Specifies the description of the rule.
Return Value
The Description method returns one of the following values:
The IsEnabled method enables or disables the rule.
Syntax
The IsEnabled method has the following format:
Netegrity::PolicyMgtRule‑>IsEnabled([enableFlag])
Parameters
The IsEnabled method accepts the following parameter:
enableFlag (type)
(Optional) Specifies whether to enable the rule:
Return Value
The IsEnabled method returns one of the following values:
The Name method sets or retrieves the rule name.
Syntax
The Name method has the following format:
Netegrity::PolicyMgtRule‑>Name([ruleName])
Parameters
The Name method accepts the following parameter:
ruleName (string)
Specifies the rule name.
Return Value
The Name method returns one of the following values:
The RegexMatch method sets or retrieves the flag that determines whether regular expression pattern matching is enabled for resource-matching operations.
Syntax
The RegexMatch method has the following format:
Netegrity::PolicyMgtRule‑>RegexMatch([enableFlag])
Parameters
The RegexMatch method accepts the following parameters:
enableFlag (int)
(Optional) Specifies whether to allow regular expression pattern matching:
Return Value
The RegexMatch method returns one of the following values:
The Resource method sets or retrieves the resource protected by the rule.
Syntax
The Resource method has the following format:
Netegrity::PolicyMgtRule‑>Resource()
Parameters
The Resource method accepts no parameters.
Return Value
The Resource method returns one of the following values:
The following methods act on PolicyMgtSAMLAffiliation objects:
The GetAffiliatedSAMLAuthSchemes method retrieves all the SAML 2.0 authentication schemes associated with this SAML affiliation.
Syntax
The GetAffiliatedSAMLAuthSchemes method has the following format:
Netegrity::PolicyMgtSAMLAffiliation‑>GetAffiliatedSAMLAuthSchemes()
Parameters
The GetAffiliatedSAMLAuthSchemes method accepts no parameters.
Return Value
The GetAffiliatedSAMLAuthSchemes method returns one of the following values:
The GetAffiliatedSAMLServiceProviders method Retrieves all the SAML 2.0 Service Providers associated with this SAML affiliation.
Syntax
The GetAffiliatedSAMLServiceProviders method has the following format:
Netegrity::PolicyMgtSAMLAffiliation‑>GetAffiliatedSAMLServiceProviders()
Parameters
The GetAffiliatedSAMLServiceProviders method accepts no parameters.
Return Value
The GetAffiliatedSAMLServiceProviders method returns one of the following values:
The Property method sets or retrieves the specified SAML 2.0 metadata property for this SAML 2.0 affiliation.
Syntax
The Property method has the following format:
Netegrity::PolicyMgtSAMLAffiliation‑>Property(name [, value])
Parameters
The Property method accepts the following parameters:
name (string)
Specifies the property to set or retrieve.
value (string)
(Optional) Specifies the value of the property being set.
Return Value
The Property method returns one of the following values:
Remarks
For a list of affiliation metadata properties, see the description of the PolicyMgtSession‑>CreateSAMLAffiliation method.
Note: After modifying one or more existing affiliation properties with this method, call PolicyMgtSAMLAffiliation‑>Save to write the changes to the policy store.
The Save method saves the changes you made to the SAML 2.0 metadata properties of this SAML 2.0 affiliation.
Syntax
The Save method has the following format:
Netegrity::PolicyMgtSAMLAffiliation‑>Save()
Parameters
The Save method accepts no parameters.
Return Value
The Save method returns one of the following values:
Remarks
To modify an affiliation property, call the PolicyMgtSAMLAffiliation‑>Property method.
The following methods act on PolicyMgtSAMLSPACS objects:
The GetACSIndex method retrieves the index value of a SAML Service Provider Assertion Consumer Service object.
Syntax
The GetACSIndex method has the following format:
Netegrity::PolicyMgtSAMLSPACS‑>GetACSIndex()
Parameters
The GetACSIndex method accepts no parameters.
Return Value
The GetACSIndex method returns one of the following values:
The GetACSBinding method retrieves the protocol binding of a SAML Service Provider Assertion Consumer Service object.
Syntax
The GetACSBinding method has the following format:
Netegrity::PolicyMgtSAMLSPACS‑>GetACSBinding()
Parameters
The GetACSBinding method accepts no parameters.
Return Value
The GetACSBinding method returns one of the following values:
The GetACSURL method retrieves the URL value of a SAML Service Provider Assertion Consumer Service object.
Syntax
The GetACSURL method has the following format:
Netegrity::PolicyMgtSAMLSPACS‑>GetACSURL()
Parameters
The GetACSURL method accepts no parameters.
Return Value
The GetACSURL method returns one of the following values:
The GetIsDefault method retrieves the value of IsDefault for the SAML Service Provider Assertion Consumer Service object.
Syntax
The GetIsDefault method has the following format:
Netegrity::PolicyMgtSAMLSPACS‑>GetIsDefault()
Parameters
The GetIsDefault method accepts no parameters.
Return Value
The GetIsDefault method returns one of the following values:
The following methods act on PolicyMgtSAMLRequesterAttr objects:
The GetAttrNameFormat method retrieves a SAML Requester attribute's name format.
Syntax
The GetAttrNameFormat method has the following format:
Netegrity::PolicyMgtSAMLRequesterAttr‑>GetAttrNameFormat()
Parameters
The GetAttrNameFormat method accepts no parameters.
Return Value
The GetAttrNameFormat method returns the following value:
The GetLocalName method retrieves a SAMLRequester attribute's local name.
Syntax
The GetLocalName method has the following format:
Netegrity::PolicyMgtSAMLRequesterAttr‑>GetLocalName()
Parameters
The GetLocalName method accepts no parameters.
Return Value
The GetLocalName method returns one of the following values:
The GetName method retrieves a SAML Requester attribute's name.
Syntax
The GetName method has the following format:
Netegrity::PolicyMgtSAMLRequesterAttr‑>GetName()
Parameters
The GetName method accepts no parameters.
Return Value
The GetName method returns one of the following values:
The following methods act on PolicyMgtSAMLServiceProvider objects:
The AddAssertionConsumerService method adds an Assertion Consumer Service to a SAML Service Provider object.
Syntax
The AddAssertionConsumerService method has the following format:
Netegrity::PolicyMgtSAMLServiceProvider‑>AddAssertionConsumerService(index, protocolBinding, URL)
Parameters
The AddAssertionConsumerService method accepts the following parameters:
index (int)
Specifies the Assertion Consumer Service Indexed Endpoint index value.
protocolBinding (string)
Specifies the protocol binding of the Assertion Consumer Service, which is one of the following:
URL (string)
Specifies the URL of the Indexed Endpoint.
Return Value
The AddAssertionConsumerService method returns one of the following values:
The AddAttribute method adds an attribute to the SAML 2.0 Service Provider.
Syntax
The AddAttribute method has the following format:
Netegrity::PolicyMgtSAMLServiceProvider‑>AddAttribute(attrNameFormat, value, nEncrypted, nMode)
Parameters
The AddAttribute method accepts the following parameters:
attrNameFormat (int)
Specifies one of the following attribute formats, as defined in the SAML 2.0 standard:
value (string)
Specifies the value specification for the attribute. This value specification appears in the Name Value Pair column of the SiteMinder SAML Service Provider Properties Dialog. The format of the value specification depends upon the kind of attribute you are adding -- Static, User Attribute, or DN Attribute:
variableName=value
variableName=<%userattr="AttrName"%>
variableName=<#dn="DNSpec" attr="AttrName"#>
To allow SiteMinder to retrieve DN attributes from a nested group, begin DNSpec with an exclamation mark ( ! ) -- for example:
dn="!ou=People,o=security.com"
nEncrypted (int)
Specifies whether the attribute is encrypted. If non-zero, the attribute is encrypted after being included in the assertion.
nMode (int)
Specifies the retrieval mode of this attribute, which is one of the following:
Return Value
The AddAttribute method returns one of the following values:
Remarks
A SAML 2.0 attribute contains information about a principal who is trying to access a resource on the Service Provider -- for example, the principal's user DN.
The defined attribute is included in an attribute statement for all SAML 2.0 assertions that are produced for this Service Provider.
The AddUser method adds a user to the SAML Service Provider. Assertions can be generated for the users associated with a Service Provider.
Syntax
The AddUser method has the following format:
Netegrity::PolicyMgtSAMLServiceProvider‑>AddUser(user)
Parameters
The AddUser method accepts the following parameter:
user (PolicyMgtUser)
Specifies the user to add.
Return Value
The AddUser method returns one of the following values:
The CreateIPConfigHostName method creates an IP configuration object for the Service Provider, based on the specified host name.
Syntax
The CreateIPConfigHostName method has the following format:
Netegrity::PolicyMgtSAMLServiceProvider‑>CreateIPConfigHostName(hostName)
Parameters
The CreateIPConfigHostName method accepts the following parameters:
hostName (string)
Specifies the host name where assertions must originate.
Return Value
The CreateIPConfigHostName method returns one of the following values:
Remarks
This method creates an IP address restriction for the assertion generation policy. With this address restriction, only assertions generated from the specified host will be accepted.
The CreateIPConfigRange method creates an IP configuration object for the Service Provider, based on the specified range of IP addresses.
Syntax
The CreateIPConfigRange method has the following format:
Netegrity::PolicyMgtSAMLServiceProvider‑>CreateIPConfigRange(ipAddr1, ipAddr2)
Parameters
The CreateIPConfigRange method accepts the following parameters:
ipAddr1 (string)
Specifies the first IP address in the range of valid IP addresses.
ipAddr2 (string)
Specifies the last IP address in the range of valid IP addresses.
Return Value
The CreateIPConfigRange method returns one of the following values:
Remarks
This method creates an IP address restriction for the assertion generation policy. With this address restriction, only assertions generated from the specified range of IP addresses will be accepted.
The CreateIPConfigSingleHost method creates an IP configuration object for the Service Provider, based on the specified IP address.
Syntax
The CreateIPConfigSingleHost method has the following format:
Netegrity::PolicyMgtSAMLServiceProvider‑>CreateIPConfigSingleHost(ipAddr)
Parameters
The CreateIPConfigSingleHost method accepts the following parameter:
ipAddr (string)
Specifies the IP address where assertions must originate.
Return Value
The CreateIPConfigSingleHost method returns one of the following values:
Remarks
This method creates an IP address restriction for the assertion generation policy. With this address restriction, only assertions generated from the specified IP address will be accepted.
The CreateIPConfigSubnetMask method creates an IP configuration object for the Service Provider, based on the specified IP address and subnet mask.
Syntax
The CreateIPConfigSubnetMask method has the following format:
Netegrity::PolicyMgtSAMLServiceProvider‑>CreateIPConfigSubnetMask(ipAddr, subnetMask)
Parameters
The CreateIPConfigSubnetMask method accepts the following parameters:
ipAddr (string)
Specifies the IP address used to derive the subnet address.
subnetMask (unsigned long)
Specifies the subnet mask used to derive the subnet address.
Return Value
The CreateIPConfigSubnetMask method returns one of the following values:
Remarks
This method creates an IP address restriction for the assertion generation policy. With this address restriction, only assertions generated from the subnet address will be accepted. The subnet address is derived from the passed IP address and subnet mask. For information about defining the subnet mask value, see the description of the PolicyMgtPolicy‑>CreateIPConfigSubnetMask method.
The DeleteIPConfig method deletes the specified IP configuration object.
Syntax
The DeleteIPConfig method has the following format:
Netegrity::PolicyMgtSAMLServiceProvider‑>DeleteIPConfig(IPConfig)
Parameters
The DeleteIPConfig method accepts the following parameter:
IPConfig (PolicyMgtIPConfig object)
Specifies the IP configuration object to delete.
Return Value
The DeleteIPConfig method returns one of the following values:
Specifies that the method is successful.
Specifies that the method is unsuccessful.
The GetAllAttributes method retrieves all attributes defined for the SAML 2.0 Service Provider.
Syntax
The GetAllAttributes method has the following format:
Netegrity::PolicyMgtSAMLServiceProvider‑>GetAllAttributes()
Parameters
The GetAllAttributes method accepts no parameters.
Return Value
The GetAllAttributes method returns one of the following values:
The GetAllIPConfigs method retrieves all IP configuration objects for the SAML 2.0 Service Provider.
Syntax
The GetAllIPConfigs method has the following format:
Netegrity::PolicyMgtSAMLServiceProvider‑>GetAllIPConfigs()
Parameters
The GetAllIPConfigs method accepts no parameters.
Return Value
The GetAllIPConfigs method returns one of the following values:
The GetAllAssertionConsumerServices method retrieves all Assertion Consumer Services from the SAML 2.0 Service Provider object.
Syntax
The GetAllAssertionConsumerServices method has the following format:
Netegrity::PolicyMgtSAMLServiceProvider‑>GetAllAssertionConsumerServices()
Parameters
The GetAllAssertionConsumerServices method accepts no parameters.
Return Value
The GetAllAssertionConsumerServices method returns one of the following values:
The GetAllUsers method retrieves all users associated with the SAML 2.0 Service Provider. If a user directory is specified, only users who belong to the specified directory are returned.
Syntax
The GetAllUsers method has the following format:
Netegrity::PolicyMgtSAMLServiceProvider‑>GetAllUsers([userDir])
Parameters
The GetAllUsers method accepts the following parameter:
userDir (PolicyMgtUserDir object)
(Optional) Specifies the user directory to which all retrieved users must belong.
Return Value
The GetAllUsers method returns one of the following values:
The Property method sets or retrieves the specified SAML 2.0 metadata property for this Service Provider.
Note: After modifying one or more Service Provider properties using this method, call the PolicyMgtSAMLServiceProvider‑>Save method to write the changes to the policy store.
Syntax
The Property method has the following format:
Netegrity::PolicyMgtSAMLServiceProvider‑>Property(name[, value])
Parameters
The Property method accepts the following parameters:
name (string)
Specifies the property to set or retrieve.
Note: For a complete list of Service Provider metadata properties, see the method PolicyMgtAffDomain‑>CreateSAMLServiceProvider.
value (string)
(Optional) Specifies a new value for the property.
Return Value
The Property method returns one of the following values:
Specifies the property's new or existing value.
Specifies that the call is unsuccessful.
The RemoveAssertionConsumer method removes an existing Assertion Consumer Service from a SAML 2.0 Service Provider.
Syntax
The RemoveAssertionConsumer method has the following format:
Netegrity::PolicyMgtSAMLServiceProvider‑>RemoveAssertionConsumer(pSAMLSPACS)
Parameters
The RemoveAssertionConsumer method accepts the following parameter:
pSAMLSPACS
Specifies the Assertion Consumer Service to remove.
Return Value
The RemoveAssertionConsumer method returns one of the following values:
Specifies that the method is successful.
Specifies that the method is unsuccessful.
The RemoveAttribute method removes the specified attribute from the SAML 2.0 Service Provider.
Syntax
The RemoveAttribute method has the following format:
Netegrity::PolicyMgtSAMLServiceProvider‑>RemoveAttribute(SAMLSPAttr)
Parameters
The RemoveAttribute method accepts the following parameter:
SAMLSPAttr (PolicyMgtSAMLSPAttr object)
Specifies the attribute to remove.
Return Value
The RemoveAttribute method returns one of the following values:
Specifies that the method is successful.
Specifies that the method is unsuccessful.
The RemoveUser method removes the specified user from the SAML 2.0 Service Provider.
Syntax
The RemoveUser method has the following format:
Netegrity::PolicyMgtSAMLServiceProvider‑>RemoveUser(user)
Parameters
The RemoveUser method accepts the following parameter:
user (PolicyMgtUser object)
Specifies the user to remove.
Return Value
The RemoveUser method returns one of the following values:
Specifies that the method is successful.
Specifies that the method is unsuccessful.
The Save method saves any changes made to the SAML 2.0 metadata properties of the Service Provider. Call this method once after making all changes to the SAML 2.0 Service Provider. You must call this method for the changes to take effect. To modify a metadata property, call the PolicyMgtSAMLServiceProvider‑>Property method.
Syntax
The Save method has the following format:
Netegrity::PolicyMgtSAMLServiceProvider‑>Save()
Parameters
The Save method accepts no parameters.
Return Value
The Save method returns one of the following values:
Specifies that the method is successful.
Specifies that the method is unsuccessful.
Specifies that the user does not have the privileges required to change metadata properties.
Specifies that the path and class are empty.
The following methods act on PolicyMgtSAMLSPAttr objects:
The GetAttrNameFormat method retrieves the format of attribute names used with the SAML 2.0 Service Provider. For more information about SAML 2.0 attributes, see the method PolicyMgtSAMLServiceProvider‑>AddAttribute.
Syntax
The GetAttrNameFormat method has the following format:
Netegrity::PolicyMgtSAMLSPAttr‑>GetAttrNameFormat()
Parameters
The GetAttrNameFormat method accepts no parameters.
Return Value
The GetAttrNameFormat method returns one of the following values:
The GetValue method retrieves the value of the SAML 2.0 Service Provider attribute. To retrieve all attributes associated with a Service Provider, call the method PolicyMgtSAMLServiceProvider‑>GetAllAttributes. For more information about SAML 2.0 attributes, see the method PolicyMgtSAMLServiceProvider‑>AddAttribute.
Syntax
The GetValue method has the following format:
Netegrity::PolicyMgtSAMLSPAttr‑>GetValue()
Parameters
The GetValue method accepts no parameters.
Return Value
The GetValue method returns one of the following values:
The following methods act on PolicyMgtSession objects:
The AddAttributeToSAMLScheme method adds a new attribute to the SAML 2.0 authentication scheme definition.
Syntax
The AddAttributeToSAMLScheme method has the following format:
Netegrity::PolicyMgtSession‑>AddAttributeToSAMLScheme(scheme, AttrNameFormat, LocalName, Name)
Parameters
The AddAttributeToSAMLScheme method accepts the following parameters:
scheme (PolicyMgtAuthScheme object)
Specifies the SAML 2.0 authentication scheme.
AttrNameFormat (int)
Specifies the attribute type:
LocalName (string)
Specifies the attribute's name as used locally.
Name (string)
Specifies the attribute's name as defined on the Attribute Authority.
Return Value
The AddAttributeToSAMLScheme method returns one of the following values:
The AddTrustedHost method creates or modifies a trusted host object in the policy store.
Syntax
The AddTrustedHost method has the following format:
Netegrity::PolicyMgtSession‑>AddTrustedHost(trustedHostName[, trustedHostDescription][, trustedHostIpAddress][, sharedSecret])
Parameters
The AddTrustedHost method accepts the following parameters:
trustedHostName (string)
Specifies the name of the trusted host.
trustedHostDescription (string)
(Optional) Specifies the description of the trusted host.
trustedHostIpAddress (string)
(Optional) Specifies the IP address of the trusted host.
sharedSecret (string)
(Optional) Specifies the shared secret.
Note: You must also define the shared secret in the host configuration file by running the SiteMinder tool smreghost with the -sh option. If you do not use the -sh option to specify the shared secret, SiteMinder automatically generates one.
Return Value
The AddTrustedHost method returns one of the following values:
Remarks
You can use the AddTrustedHost method to register the trusted host without first configuring a connection between the Policy Server and the Agent. When you use this method to register the trusted host, you must also run the SiteMinder tool smreghost to define the shared secret in the host configuration file. (The host configuration file is named SmHost.conf by default.) Run smreghost with the -sh option and the shared secret. To retrieve the shared secret in clear text, call the method PolicyMgtTrustedHost‑>GetSecret.
Alternately, you can create the trusted host by calling the method CreateTrustedHost and run smreghost without the -sh option. In this case, SiteMinder automatically creates and configures the trusted host during installation.
Important! SiteMinder generates a random 128-byte ASCII shared secret. When you create the shared secret, it can be any string value. To create a strong shared secret, we strongly recommend that you call the AddTrustedHost method with the sharedSecret parameter set to an empty string. This results in the automatic generation of a shared secret that is random, long, and hard-to-guess.
The CreateAdmin method creates and configures a system-level administrator.
Syntax
The CreateAdmin method has the following format:
Netegrity::PolicyMgtSession‑>CreateAdmin(adminName[, adminDesc][, adminPwd][, userDir][, authScheme])
Parameters
The CreateAdmin method accepts the following parameters:
adminName (string)
Specifies the administrator's name.
adminDesc (string)
(Optional) Specifies the administrator's description.
adminPwd (string)
(Optional) Specifies the administrator's password.
userDir (PolicyMgtUserDir object)
(Optional) Specifies the user directory if the administrator is stored in an external directory.
authScheme (PolicyMgtAuthScheme object)
(Optional) Specifies the authentication scheme to use if the administrator is stored in an external directory.
Note: This parameter is required if an external user directory is specified.
Return Value
The CreateAdmin method returns one of the following values:
Remarks
The Policy Management API does not allow you to create an administrator for a particular domain. However, you can add an existing administrator to a particular domain by calling the method AddAdmin. To create an administrator with domain privileges, use the Administrative UI.
The CreateAffDomain method creates an affiliate domain.
Syntax
The CreateAffDomain method has the following format:
Netegrity::PolicyMgtSession‑>CreateAffDomain(domName[, domDesc])
Parameters
The CreateAffDomain method accepts the following parameters:
domName (string)
Specifies the name of the affiliate domain.
domDesc (string)
(Optional) Specifies the description of the affiliate domain.
Return Value
The CreateAffDomain method returns one of the following values:
Remarks
To implement affiliate domains, you need legacy federation.
The CreateAgent method creates and configures a SiteMinder agent.
Syntax
The CreateAgent method has the following format:
Netegrity::PolicyMgtSession‑>CreateAgent(agentName, agentType[, agentDesc][, agentIP][, agentSecret][, realmHintAttrID])
Parameters
The CreateAgent method accepts the following parameters:
agentName (string)
Specifies the name of the agent.
agentType (PolicyMgtAgentType object)
Specifies the type of agent.
agentDesc (string)
(Optional) Specifies the description of the agent.
agentIP (string)
(Optional) Specifies the agent's IP address.
Note: This parameter is required for RADIUS agents.
agentSecret (string)
(Optional) Specifies the shared secret.
Note: To create a v4.x agent, specify the shared secret. To create a v5.x agent, omit this parameter.
realmHintAttrID (int)
(Optional) Specifies the realm hint attribute ID.
Note: This parameter only applies to RADIUS agents.
Return Value
The CreateAgent method returns one of the following values:
The CreateAgentConfig method creates an agent configuration object.
Syntax
The CreateAgentConfig method has the following format:
Netegrity::PolicyMgtSession‑>CreateAgentConfig(agentConfigName[, AgentConfigDesc])
Parameters
The CreateAgentConfig method accepts the following parameters:
agentConfigName (string)
Specifies the name of the agent configuration.
AgentConfigDesc (string)
(Optional) Specifies the description of the agent configuration.
Return Value
The CreateAgentConfig method returns one of the following values:
The CreateAgentGroup method creates an agent group.
Syntax
The CreateAgentGroup method has the following format:
Netegrity::PolicyMgtSession‑>CreateAgentGroup(agentGroupName, agentType[, groupDesc])
Parameters
The CreateAgentGroup method accepts the following parameters:
agentGroupName (string)
Specifies the name of the agent group.
agentType (PolicyMgtAgentType object)
Specifies the type of agent associated with the agent group.
Note: To retrieve the agent type for this method, call the method PolicyMgtSession‑>GetAgentType.
groupDesc (string)
(Optional) Specifies the description of the agent group.
Return Value
The CreateAgentGroup method returns one of the following values:
The CreateAuthAzMap method creates an authentication and authorization directory mapping object.
Syntax
The CreateAuthAzMap method has the following format:
Netegrity::PolicyMgtSession‑>CreateAuthAzMap(authDir, azDir, mapType)
Parameters
The CreateAuthAzMap method accepts the following parameters:
authDir (PolicyMgtUserDir object)
Specifies the user directory to use when authenticating the user.
azDir (PolicyMgtUserDir object)
Specifies the user directory to use when authorizing the user.
mapType (int)
Specifies the type of directory mapping.
Specifies mapping based on a DN.
Specifies mapping based on a universal identifier.
Specifies mapping based on an attribute in the user directory.
Return Value
The CreateAuthAzMap method returns one of the following values:
Remarks
SiteMinder uses the same user directory to authenticate and authorize users. In addition, SiteMinder allows you to specify one user directory for authentication and another user directory for authorization. This feature is called directory mapping. Directory mapping is especially useful, when authentication information is stored in a central directory, but authorization information is stored in multiple directories, each one associated with a particular application.
The CreateAuthScheme method creates and configures an authentication scheme.
Syntax
The CreateAuthScheme method has the following format:
Netegrity::PolicyMgtSession‑>CreateAuthScheme(schemeName, schemeTemplate[, schemeDesc][, protLevel][, schemeLib][, schemeParam][, secret][, isTemplate][, isUsedByAdmin][, saveCreds][, isRadius][, ignorePwd])
Parameters
The CreateAuthScheme method accepts the following parameters:
schemeName (string)
Specifies the authentication scheme's name.
schemeTemplate (PolicyMgtAuthScheme object)
Specifies the template on which to base the authentication scheme.
Note: To view a list of templates, see the method PolicyMgtSession‑>GetAuthScheme.
schemeDesc (string)
(Optional) Specifies the authentication scheme's description.
protLevel (int)
(Optional) Specifies the authentication scheme's protection level.
Range: 1-1000
Note: The higher the protection level value, the more secure the authentication scheme.
schemeLib (string)
(Optional) Specifies the name of the custom library to use in place of the default library shipped with each type of authentication scheme.
schemeParam (string)
(Optional) Specifies a parameter string to pass to the authentication scheme.
Note: For help constructing the parameter string, navigate to the Scheme Type Setup tab on the Authentication Scheme Properties dialog in the Administrative UI. Select the authentication scheme type, type the values in the fields, and observe the result on the Advanced tab.
secret (string)
(Optional) Specifies the authentication scheme's shared secret.
isTemplate (int)
(Optional) Specifies whether the authentication scheme is a template for other authentication schemes.
Default: A zero (0) value specifies that the authentication scheme is not a template.
Note: This parameter is deprecated as of CA SiteMinder® v6.0 SP3.
isUsedByAdmin (int)
(Optional) Specifies whether the authentication scheme can be used to authenticate administrators.
saveCreds (int)
(Optional) Specifies whether to save user credentials.
isRadius (int)
(Optional) Specifies whether the authentication scheme type is RADIUS.
ignorePwd (int)
(Optional) Specifies whether to ignore password policies.
Return Value
The CreateAuthScheme method returns one of the following values:
The CreateCustomCertMap method creates a custom certificate map. The custom certificate map associates user attribute names defined in the certificate's Subject DN with the corresponding user attribute names in the user directory. For authentication to succeed, the values of the mapped user attribute pairs must match. Use the AttributeMap parameter to define the attribute names that are mapped.
Syntax
The CreateCustomCertMap method has the following format:
Netegrity::PolicyMgtSession‑>CreateCustomCertMap(IssuerDN, AttributeMap[, DirectoryType])
Parameters
The CreateCustomCertMap method accepts the following parameters:
IssuerDN (string)
Specifies the certificate issuer's distinguished name.
AttributeMap (string)
Specifies an expression that maps attribute names in the certificate's Subject DN to attribute names in the user directory.
Syntax: UserAttrName1=%{CertAttrName1},UserAttrName2=%{CertAttrName2}, . . . UserAttrName#=%{CertAttrName#}
Example:
Certificate's Subject DN contains: CN=John Smith, UID=JSMITH, OU=Development, O=CompanyA
AttributeMap contains: CN=%{UID}, OU=%{OU}, O=%{O}
Matching user DN in the user directory: CN=JSMITH, OU=Development, O=CompanyA
DirectoryType (int)
(Optional) Specifies the type of user directory specified as the authentication directory:
Note: This is the default.
Return Value
The CreateCustomCertMap method returns one of the following values:
Remarks
When a certificate map is created, the following flags are set to false, the default value:
For information on changing the value of these flags, see the method PolicyMgtSession‑>CreateExactCertMap.
The CreateDomain method creates a policy domain object.
Syntax
The CreateDomain method has the following format:
Netegrity::PolicyMgtSession‑>CreateDomain(domName[, domDesc][, globalPoliciesApply])
Parameters
The CreateDomain method accepts the following parameters:
domName (string)
Specifies the name of the domain.
domDesc (string)
(Optional) Specifies the description of the domain.
globalPoliciesApply (int)
(Optional) Specifies whether the domain can accept global policies:
Specifies that the domain can accept global policies.
Specifies that the domain cannot accept global policies.
Return Value
The CreateDomain method returns one of the following values:
The CreateExactCertMap method creates a certificate map object whose Subject DN attributes match the corresponding user directory attributes exactly. When the certificate map object is created, the following flags are set to FALSE:
Note: To change the value of this flag, call the method PolicyMgtCertMap‑>CertRequired.
Note: To change the value of this flag, call the method PolicyMgtCertMap‑>UseDistributionPoints.
Note: To change the value of this flag, call the method PolicyMgtCertMap‑>VerifySignature.
Note: To change the value of this flag, call the method PolicyMgtCertMap‑>EnableCRL.
Note: To change the value of this flag, call the method PolicyMgtCertMap‑>CacheCRL.
Syntax
The CreateExactCertMap method has the following format:
Netegrity::PolicyMgtSession‑>CreateExactCertMap(IssuerDN[, DirectoryType])
Parameters
The CreateExactCertMap method accepts the following parameters:
IssuerDN (string)
Specifies the distinguished name of the certificate issuer.
DirectoryType (int)
(Optional) Specifies one of the following user directory types used for authentication:
Return Value
The CreateExactCertMap method returns one of the following values:
The CreateGlobalPolicy method creates a policy that has a global scope.
Syntax
The CreateGlobalPolicy method has the following format:
Netegrity::PolicyMgtSession‑>CreateGlobalPolicy(policyName[, enableFlag][, activeExpr][, policyDesc])
Parameters
The CreateGlobalPolicy method accepts the following parameters:
policyName (string)
Specifies the global policy's name.
enableFlag (type)
(Optional) Specifies whether to enable the global policy:
Specifies that the global policy is enabled.
Specifies that the global policy is disabled.
activeExpr (string)
(Optional) Specifies ...
policyDesc (string)
(Optional) Specifies the global policy's description.
Return Value
The CreateGlobalPolicy method returns one of the following values:
The CreateGlobalResponse method creates a response that has a global scope.
Syntax
The CreateGlobalResponse method has the following format:
Netegrity::PolicyMgtSession‑>CreateGlobalResponse(respName, agentType[, respDesc])
Parameters
The CreateGlobalResponse method accepts the following parameters:
respName (string)
Specifies the global response's name.
agentType (PolicyMgtAgentType object)
Specifies the type of agent associated with the global response.
Note: To retrieve the agent type object, call the method PolicyMgtSession‑>GetAgentType.
respDesc (string)
(Optional) Specifies the global response's description.
Return Value
The CreateGlobalResponse method returns one of the following values:
The CreateGlobalResponseGroup method creates a rule group that is specific to a particular domain.
Syntax
The CreateGlobalResponseGroup method has the following format:
Netegrity::PolicyMgtSession‑>CreateGlobalResponseGroup(groupName, agentType, domain)
Parameters
The CreateGlobalResponseGroup method accepts the following parameters:
groupName (string)
Specifies the global rule group name.
agentType (PolicyMgtAgentType)
Specifies the type of agent.
domain (PolicyMgtDomain)
Specifies the domain for which the rule group applies.
Return Value
The CreateGlobalResponseGroup method returns one of the following values:
The CreateGlobalRule method creates a rule that has a global scope.
Syntax
The CreateGlobalRule method has the following format:
Netegrity::PolicyMgtSession‑>CreateGlobalRule(ruleName, resource, event, agent[, ruleDesc][, allowAccess][, regexMatch][, activeExpr][, isEnabled])
Parameters
The CreateGlobalRule method accepts the following parameters:
ruleName (string)
Specifies the global rule's name.
resource (string)
Specifies the filter for the resource that the global rule is protecting.
event (string)
Specifies the type of event that the global rule is executing.
agent (PolicyMgtAgent | PolicyMgtGroup)
Specifies the agent or agent group associated with the global rule.
ruleDesc (string)
(Optional) Specifies the global rule's description.
allowAccess (int)
(Optional) Specifies whether to allow or deny access to the resource protected by the rule:
Specifies allowing access.
Specifies denying access.
regexMatch (int)
(Optional) Specifies whether to perform regular expression pattern matching:
Specifies performing regular expression pattern matching.
Specifies not performing regular expression pattern matching.
activeExpr (string)
(Optional) Specifies the global rule's active expression.
isEnabled (int)
(Optional) Specifies whether to enable or disable the global rule:
Specifies that the global rule is enabled.
Specifies that the global rule is disabled.
Return Value
The CreateGlobalRule method returns one of the following values:
The CreateGlobalRuleGroup method creates a rule group that is specific to a particular domain.
Syntax
The CreateGlobalRuleGroup method has the following format:
Netegrity::PolicyMgtSession‑>CreateGlobalRuleGroup(groupName, agentType, domain)
Parameters
The CreateGlobalRuleGroup method accepts the following parameters:
groupName (string)
Specifies the global rule group name.
agentType (PolicyMgtAgentType)
Specifies the type of agent.
domain (PolicyMgtDomian)
Specifies the domain for which the rule group applies.
Return Value
The CreateGlobalRuleGroup method returns one of the following values:
The CreateHostConfig method creates a host configuration object.
Syntax
The CreateHostConfig method has the following format:
Netegrity::PolicyMgtSession‑>CreateHostConfig(hostConfigName[, hostConfDesc][, enableFailover][, maxSocketsPerPort][, minSocketsPerPort][, newSocketstep][, requestTimeout])
Parameters
The CreateHostConfig method accepts the following parameters:
hostConfigName (string)
Specifies the name of the host configuration object.
hostConfDesc (string)
(Optional) Specifies the description of the host configuration object.
enableFailover (int)
(Optional) Specifies whether to use failover or round-robin communication between the Policy Server and the agent:
Specifies failover communication.
Specifies round-robin communication.
maxSocketsPerPort (int)
(Optional) Specifies the maximum number of TCP/IP sockets that can be opened between an agent and the Policy Server.
minSocketsPerPort (int)
(Optional) Specifies the minimum number of TCP/IP sockets that can be opened between an agent and the Policy Server.
newSocketstep (int)
(Optional) Specifies how many sockets to open when additional sockets are required.
requestTimeout (int)
(Optional) Specifies how long, in seconds, an agent can wait for a response from the Policy Server.
Return Value
The CreateHostConfig method returns one of the following values:
The CreateODBCQueryScheme method creates and configures an ODBC query scheme. ODBC query schemes are also called SQL query schemes.
Note: Create a unique data source for each ODBC query scheme.
Syntax
The CreateODBCQueryScheme method has the following format:
Netegrity::PolicyMgtSession‑>CreateODBCQueryScheme(schemeName[, schemeDesc][, queryEnumerate][, queryGetObjInfo][, queryLookup][, queryInitUser][, queryAuthenticateUser][, queryGetUserProp][, querySetUserProp][, queryGetUserProps][, queryLookupUser][, queryGetGroups][, queryIsGroupMember][, queryGetGroupProp][, querySetGroupProp][, queryGetGroupProps][, queryLookupGroup][, querySetPassword])
Parameters
The CreateODBCQueryScheme method accepts the following parameters:
schemeName (string)
Specifies the ODBC query scheme's name.
schemeDesc (string)
(Optional) Specifies the ODBC query scheme's description.
queryEnumerate (string)
(Optional) Specifies a query that lists the names of user objects in the directory.
Note: For more information, see the method PolicyMgtODBCQueryScheme‑>QueryEnumerate.
queryGetObjInfo (string)
(Optional) Specifies a query that fetches the object's class.
Note: For more information, see the method PolicyMgtODBCQueryScheme‑>QueryGetObjInfo.
queryLookup (string)
(Optional) Specifies a query that returns objects based on the value of an attribute in a group table.
Note: For more information, see the method PolicyMgtODBCQueryScheme‑>QueryLookup.
queryInitUser (string)
(Optional) Specifies a query that determines if a user with a given name exists in the database.
Note: For more information, see the method PolicyMgtODBCQueryScheme‑>QueryInitUser.
queryAuthenticateUser (string)
(Optional) Specifies a query that retrieves the user's password.
Note: For more information, see the method PolicyMgtODBCQueryScheme‑>QueryAuthenticateUser.
queryGetUserProp (string)
(Optional) Specifies a query that retrieves the value of a user property.
Note: The property must be listed in the queryGetUserProps parameter string. For more information, see the method PolicyMgtODBCQueryScheme‑>QueryGetUserProp.
querySetUserProp (string)
(Optional) Specifies a query that sets the value of a user property.
Note: The property must be listed in the queryGetUserProps parameter string. For more information, see the method PolicyMgtODBCQueryScheme‑>QuerySetUserProp.
queryGetUserProps (string)
(Optional) Specifies a comma-separated list of user attributes that reside in the same table as the user name.
Note: For more information, see the method PolicyMgtODBCQueryScheme‑>QueryGetUserProps.
queryLookupUser (string)
(Optional) Specifies a query that retrieves a user name through an attribute of the user table.
Note: For more information, see the method PolicyMgtODBCQueryScheme‑>QueryLookupUser.
queryGetGroups (string)
(Optional) Specifies a query that retrieves the names of the groups to which the user belongs.
Note: For more information, see the method PolicyMgtODBCQueryScheme‑>QueryGetGroups.
queryIsGroupMember (string)
(Optional) Specifies a query that determines whether a particular user is a member of a group.
Note: For more information, see the method PolicyMgtODBCQueryScheme‑>QueryIsGroupMember.
queryGetGroupProp (string)
(Optional) Specifies a query that returns the value of a group property.
Note: The property must be listed in the queryGetGroupProps parameter string. For more information, see the method PolicyMgtODBCQueryScheme‑>QueryGetGroupProp.
querySetGroupProp (string)
(Optional) Specifies a query that sets the value of a group property.
Note: The property must be listed in the queryGetGroupProps parameter string. For more information, see the method PolicyMgtODBCQueryScheme‑>QuerySetGroupProp.
queryGetGroupProps (string)
(Optional) Specifies a comma-separated list of group attributes.
Note: For more information, see the method PolicyMgtODBCQueryScheme‑>QueryGetGroupProps.
queryLookupGroup (string)
(Optional) Specifies a query that retrieves a group name through an attribute of the group table.
Note: For more information, see the method PolicyMgtODBCQueryScheme‑>QueryLookupGroup.
querySetPassword (string)
(Optional) Specifies a query that changes a user's password.
Note: For more information, see the method PolicyMgtODBCQueryScheme‑>QuerySetPassword.
Return Value
The CreateODBCQueryScheme method returns one of the following values:
The CreatePwdPolicy method creates and configures a password policy.
Syntax
The CreatePwdPolicy method has the following format:
Netegrity::PolicyMgtSession‑>CreatePwdPolicy(pwdPolName, userDir[, pwdPolDesc][, enabledFlag][, entireDirFlag][, path][, class][, allowNestedGroups][, maxLoginFailures][, maxLoginInactive][, expDelay][, expWarningDays][, dicName][, dicMatchLength][, userwait][, pwdSvcRedirect][maxPwdLength][, minPwdLength][, maxPwdRepeatChar][, minPwdAlphaNum][, minPwdAlpha][, minPwdNonAlpha][, minPwdNonPrint][, minPwdNum][, minPwdPunc][, pwdReuseCount][, pwdReuseDelay][, pwdPctDiff][, pwdIgnoreSeq][, profileAttrMatch])
Parameters
The CreatePwdPolicy method accepts the following parameters:
pwdPolName (string)
Specifies the name of the password policy.
userDir (PolicyMgtUserDir object)
Specifies the user directory to which the password policy applies.
pwdPolDesc (string)
(Optional) Specifies the description of the password policy.
enabledFlag (int)
(Optional) Specifies whether the password policy is enabled.
entireDirFlag (int)
(Optional) Specifies whether the password policy applies to the entire LDAP directory or only part of the directory.
Specifies that the password policy applies to the entire LDAP directory.
Specifies that the password policy only applies to part of the LDAP directory.
Note: For part of the LDAP directory, specify the directory path in the path parameter and the class in the class parameter.
path (string)
(Optional) Specifies the part of the directory to which the password policy applies.
Note: Include this parameter when the entireDirFlag parameter is set to 0.
class (string)
(Optional) Specifies the class to which the password policy applies.
Note: Include this parameter when the entireDirFlag parameter is set to 0.
allowNestedGroups (int)
(Optional) Specifies whether the password policy is associated with the nested groups in the LDAP directory.
Note: Include this parameter when the entireDirFlag parameter is set to 0.
maxLoginFailures (int)
(Optional) Specifies the maximum number of login failures allowed before the user's account is disabled.
maxLoginInactive (int)
(Optional) Specifies the maximum number of days of inactivity allowed before the user's password expires.
expDelay (int)
(Optional) Specifies the number of days a password can be unchanged before it expires.
expWarningDays (int)
(Optional) Specifies the number of days in advance to notify the user that the password is due to expire.
dicName (string)
(Optional) Specifies the location of the dictionary file that lists the words that cannot be used in a password.
dicMatchLength (int)
(Optional) Specifies the minimum number of letters required for dictionary checking.
userwait (int)
(Optional) Specifies the number of minutes an account is disabled before the account is enabled and the user is allowed to attempt logging in again.
pwdSvcRedirect (string)
(Optional) Specifies the URL where the user is redirected when an invalid password is entered.
Note: This must be the URL of the Password Services CGI.
maxPwdLength (int)
(Optional) Specifies the maximum length of a user password.
Note: This value must be greater than the value specified by the parameter minPwdLength.
minPwdLength (int)
(Optional) Specifies the minimum length of a user password.
maxPwdRepeatChar (int)
(Optional) Specifies the maximum number of identical characters that can appear consecutively in a password.
minPwdAlphaNum (int)
(Optional) Specifies the minimum number of alphanumeric characters (A-Z, a-z, 0-9) that a password must contain.
minPwdAlpha (int)
(Optional) Specifies the minimum number of alphabetic characters (A-Z, a-z) that a password must contain.
minPwdNonAlpha (int)
(Optional) Specifies the minimum number of non-alphanumeric characters that a password must contain.
Note: The following are examples of non-alphanumeric characters: "@", "$", and "*".
minPwdNonPrint (int)
(Optional) Specifies the minimum number of non-printable characters that a password must contain.
Note: Non-printable characters are not displayed on a computer screen.
minPwdNum (int)
(Optional) Specifies the minimum number of numeric characters (0-9) that a password must contain.
minPwdPunc (int)
(Optional) Specifies the minimum number of punctuation marks that a password must contain.
Note: Punctuation marks include periods, commas, exclamation points, slashes, hyphens, and dashes.
pwdReuseCount (int)
(Optional) Specifies the number of new passwords that must be used before an old one can be reused.
pwdReuseDelay (int)
(Optional) Specifies the number of days a user must wait before reusing a password.
pwdPctDiff (int)
(Optional) Specifies the percentage of characters contained in a new password that must differ from the characters in the previous password.
Note: A value of 100 specifies that the new password cannot contain any of the characters in the previous password. For more information, see the parameter pwdIgnoreSeq.
pwdIgnoreSeq (int)
(Optional) Specifies whether character position is ignored when the new password is compared to the previous password and the percentage of characters that are different is calculated.
Specifies that character sequence is ignored.
Specifies that character sequence is considered.
Example: If the character "c" is in both the new and previous passwords, but its position in each password is different, then it is considered to be two different characters when the percentage is calculated.
profileAttrMatch (int)
(Optional) Specifies that the minimum character sequence that SiteMinder checks when checking the password against attributes in the user's directory entry.
Return Value
The CreatePwdPolicy method returns one of the following values:
The CreateRegScheme method creates and configures a registration scheme.
Syntax
The CreateRegScheme method has the following format:
Netegrity::PolicyMgtSession‑>CreateRegScheme(regName, userDir[, regDesc][, welcomeURL][, templatePath][, enableLogging])
Parameters
The CreateRegScheme method accepts the following parameters:
regName (string)
Specifies the registration scheme's name.
userDir (string)
Specifies the user directory associated with the registration scheme.
regDesc (string)
(Optional) Specifies the registration scheme's description.
welcomeURL (string)
(Optional) Specifies the URL for the welcome page.
Note: Users are redirected to this page after successfully registering.
Example: http://my.acme.com/hr/welcome.htm
templatePath (string)
(Optional) Specifies the path where the registration templates are located.
Note: For more information about the templePath parameter, see Remarks.
enableLogging (int)
(Optional) Specifies whether to enable logging.
Specifies enabling logging.
Specifies disabling logging.
Return Value
The CreateRegScheme method returns one of the following values:
Remarks
When you install a SiteMinder Web Agent, the registration templates are installed in the samples/selfreg subdirectory of the Web Agent installation directory by default. During SiteMinder installation, the virtual directory /siteminderagent is created and pointed to the samples directory in the Web Agent installation directory. Therefore, when using the default directory, specify templePath as follows: /siteminderagent/selfreg (without the final slash).
If you are using SSL for registration, you must provide the absolute path for the registration templates. The default paths are as follows:
The CreateSAMLAffiliation method creates a SAML 2.0 affiliation object. A SAML 2.0 affiliation is a set of entities that share a single federated namespace of unique Name IDs for principals. To modify the properties of an existing SAML affiliation, call the method PolicyMgtSAMLAffiliation‑>Property.
Syntax
The CreateSAMLAffiliation method has the following format:
Netegrity::PolicyMgtSession‑>CreateSAMLAffiliation(propsHash_ref)
Parameters
The CreateSAMLAffiliation method accepts the following parameter:
propsHash_ref (hash)
Specifies a reference to a hashtable of metadata properties for the SAML 2.0 affiliation.
Example: \%myhash
Return Value
The CreateSAMLAffiliation method returns one of the following values:
Remarks
The SAML 2.0 affiliation properties are grouped as follows:
SAML_NAME
SAML_DESCRIPTION
SAML_KEY_AFFILIATION_ID
SAML_MAJOR_VERSION
SAML_MINOR_VERSION
SAML_OID
SAML_SP_NAMEID_FORMAT
SAML_SP_NAMEID_TYPE
SAML_SP_NAMEID_STATIC
SAML_SP_NAMEID_ATTRNAME
SAML_SP_NAMEID_DNSPEC
SAML_IDP_XPATH
SAML_IDP_LDAP_SEARCH_SPEC
SAML_IDP_ODBC_SEARCH_SPEC
SAML_IDP_WINNT_SEARCH_SPEC
SAML_IDP_CUSTOM_SEARCH_SPEC
SAML_IDP_AD_SEARCH_SPEC
For more information, see the SAML 2.0 Property Reference in this guide.
The CreateSAMLAuthScheme method creates a SAML 2.0 authentication scheme object with its properties set to specified values. There are two types of properties associated with the object: authentication scheme properties and metadata properties.
Authentication Scheme Properties
The authentication scheme properties are based on the SAML 2.0 template and have the following initial values:
Default: smauthsaml
Default: FALSE
Default: FALSE
Default: FALSE
Default: FALSE
Default: TRUE
Default: 5
Note: You can modify the default protection level by calling the CreateSAMLAuthScheme method with the optional protLevel parameter set to a new value.
Metadata Properties
The metadata properties are the properties of the Identity Provider associated with the SAML 2.0 authentication scheme and are stored with the authentication scheme. To specify them, pass the reference to the hashtable of metadata properties to the CreateSAMLAuthScheme method in the propsHash_ref parameter. To update the metadata properties of an existing SAML 2.0 authentication scheme, call the method PolicyMgtSession‑>SAMLAuthSchemeProperties.
Syntax
The CreateSAMLAuthScheme method has the following format:
Netegrity::PolicyMgtSession‑>CreateSAMLAuthScheme(schemeName, propsHash_ref[, schemeDesc][, protLevel])
Parameters
The CreateSAMLAuthScheme method accepts the following parameters:
schemeName (string)
Specifies the name of the authentication scheme.
propsHash_ref (hash)
Specifies a reference to a hashtable of metadata properties to associate with the SAML 2.0 authentication scheme.
Example: \%myhash
Note: For a complete list of metadata properties, see Remarks.
schemeDesc (string)
(Optional) Specifies the description of the authentication scheme.
protLevel (int)
(Optional) Specifies the protection level of the authentication scheme.
Return Value
The CreateSAMLAuthScheme method returns one of the following values:
Remarks
The metadata properties associated with the SAML 2.0 authentication scheme are listed following.
SAML_NAME
SAML_DESCRIPTION
SAML_IDP_SPID
SAML_KEY_IDPID
SAML_MAJOR_VERSION
SAML_MINOR_VERSION
SAML_SKEWTIME
SAML_DISABLE_SIGNATURE_PROCESSING
SAML_DSIG_VERINFO_ISSUER_DN
SAML_DSIG_VERINFO_SERIAL_NUMBER
SAML_IDP_XPATH
SAML_IDP_LDAP_SEARCH_SPEC
SAML_IDP_ODBC_SEARCH_SPEC
SAML_IDP_WINNT_SEARCH_SPEC
SAML_IDP_CUSTOM_SEARCH_SPEC
SAML_IDP_AD_SEARCH_SPEC
SAML_AFFILIATION
SAML_IDP_SSO_REDIRECT_MODE
SAML_IDP_SSO_DEFAULT_SERVICE
SAML_AUDIENCE
SAML_IDP_SSO_TARGET
SAML_ENABLE_SSO_ARTIFACT_BINDING
SAML_KEY_IDP_SOURCEID
SAML_IDP_ARTIFACT_RESOLUTION_DEFAULT_SERVICE
SAML_IDP_BACKCHANNEL_AUTH_TYPE
SAML_IDP_SPNAME
SAML_IDP_PASSWORD
SAML_ENABLE_SSO_POST_BINDING
SAML_IDP_SSO_ENFORCE_SINGLE_USE_POLICY
SAML_SSOECPPROFILE
SAML_IDP_SIGN_AUTHNREQUESTS
SAML_SLO_REDIRECT_BINDING
SAML_SLO_SERVICE_VALIDITY_DURATION
SAML_SLO_SERVICE_URL
SAML_SLO_SERVICE_RESPONSE_URL
SAML_SLO_SERVICE_CONFIRM_URL
SAML_IDP_REQUIRE_ENCRYPTED_ASSERTION
SAML_IDP_REQUIRE_ENCRYPTED_NAMEID
SAML_IDP_SAMLREQ_ENABLE
SAML_IDP_SAMLREQ_REQUIRE_SIGNED_ASSERTION
SAML_IDP_SAMLREQ_ATTRIBUTE_SERVICE
SAML_IDP_SAMLREQ_GET_ALL_ATTRIBUTES
SAML_IDP_SAMLREQ_NAMEID_FORMAT
SAML_IDP_SAMLREQ_NAMEID_TYPE
SAML_IDP_SAMLREQ_NAMEID_STATIC
SAML_IDP_SAMLREQ_NAMEID_ATTR_NAME
SAML_IDP_SAMLREQ_NAMEID_DN_SPEC
SAML_IDP_SAMLREQ_NAMEID_ALLOW_NESTED
SAML_SP_PLUGIN_CLASS
SAML_SP_PLUGIN_PARAMS
SAML_IDP_REDIRECT_URL_USER_NOT_FOUND
SAML_IDP_REDIRECT_MODE_USER_NOT_FOUND
SAML_IDP_REDIRECT_URL_FAILURE
SAML_IDP_REDIRECT_MODE_FAILURE
SAML_IDP_REDIRECT_URL_INVALID
SAML_IDP_REDIRECT_MODE_INVALID
The CreateSingleCertMap method creates a certificate map between a single attribute in the certificate's Subject DN and the corresponding user attribute in the user directory. For authentication to succeed, the attribute's value in the Subject DN must match the value of the corresponding user attribute in the user directory.
Syntax
The CreateSingleCertMap Method method has the following format:
Netegrity::PolicyMgtSession‑>CreateSingleCertMap(IssuerDN, Attribute[, DirectoryType])
Parameters
The CreateSingleCertMap Method method accepts the following parameters:
IssuerDN (string)
Specifies the distinguished name of the certificate issuer.
Attribute (string)
Specifies the name of the attribute whose values in the certificate's Subject DN and in the user directory must match.
Syntax: %{attribute_name}
Example: %{uid}
DirectoryType (int)
(Optional) Specifies the type of the user directory specified for authentication.
Return Value
The CreateSingleCertMap Method method returns one of the following values:
Remarks
When a certificate map is created, the following flags are set to false, the default value:
For information on changing the value of these flags, see the method PolicyMgtSession‑>CreateExactCertMap.
The CreateSAMLAuthScheme method creates a trusted host object in the policy store, registers the trusted host with the Policy Server, and if registration is successful, creates the local registration file. Use this method when the Policy Server is connected to the agent host. When there is no connection between the Policy Server and the agent host, call the method PolicyMgtSession‑>AddTrustedHost instead.
Syntax
The CreateTrustedHost method has the following format:
Netegrity::PolicyMgtSession‑>CreateTrustedHost(trustedHostName [,ipAddress][, adminName][, adminPassword][, hostConfigName][, registrationDataFileName])
Parameters
The CreateTrustedHost method accepts the following parameters:
trustedHostName (string)
Specifies the name of the trusted host.
ipAddress (string)
(Optional) Specifies the IP address of the Policy Server.
adminName (string)
(Optional) Specifies the name of a Policy Server administrator.
adminPassword (string)
(Optional) Specifies the administrator's password.
hostConfigName (string)
(Optional) Specifies the name of the host configuration object.
registrationDataFileName (string)
(Optional) Specifies the name of the file where registration data is written when the host is successfully registered with the Policy Server.
Note: This filename is specified by calling the Agent API method Connect. The file is stored and managed by SiteMinder.
Return Value
The CreateTrustedHost method returns one of the following values:
The CreateUserDir method creates and configures a user directory object.
Syntax
The CreateUserDir method has the following format:
Netegrity::PolicyMgtSession‑>CreateUserDir(dirName, namespace, server[, ODBCQueryScheme][, domDesc][, searchRoot][, usrLookStart][, usrLookEnd][, username][, password][, searchResults][, searchScope][, searchTimeout][, secureConn][, requireCreds][, disabledAttr][, UIDAttr][, anonID][, pwdData][, pwdAttr][, emailAttr][, chalRespAttr])
Parameters
The CreateUserDir method accepts the following parameters:
dirName (string)
Specifies the user directory object's name.
namespace (string)
Specifies the user directory's namespace:
server (string)
Specifies one of the following directory-dependent values:
Specifies the IP address and port number of the LDAP server.
Syntax: IP_address:port_number
Note: The default port number is 389.
Specifies the data source name.
Specifies the domain name.
Specifies the name of the library that corresponds to the custom directory.
ODBCQueryScheme (PolicyMgtODBCQueryScheme object)
(Optional) Specifies a set of queries that SiteMinder uses to query the ODBC directory.
Note: If the user directory is not an ODBC directory, this parameter's value is undef.
domDesc (string)
(Optional) Specifies the description of the user directory.
searchRoot (string)
(Optional) Specifies one of the following directory-dependent values:
Specifies the location in the LDAP tree that is the starting point for the directory connection, for example, the organization (o) or organizational unit (ou). This location, called the search root, is the point where the Policy Server starts the search for a user.
Note: For more information about this parameter, see the parameter searchScope.
Specifies a string of parameters to pass to the custom library.
usrLookStart (string)
(Optional) Specifies the start value for a user DN lookup in an LDAP directory.
usrLookEnd (string)
(Optional) Specifies the end value for a user DN lookup in an LDAP directory.
Note: Specifying values for the user DN lookup starting point and endpoint allows users to enter part of the DN string when authenticating. In the following example, the user only needs to specify the string "JSmith" and not the whole DN string when logging in:
username (string)
(Optional) Specifies the user name needed for accessing the user directory.
Note: When using this parameter, set requireCreds to 1.
password (string)
(Optional) Specifies the password required for accessing the user directory.
Note: When using this parameter, set requireCreds to 1.
searchResults (int)
(Optional) Specifies the maximum number of results to return from a search of an LDAP or custom directory.
searchScope (int)
(Optional) Specifies how many levels SiteMinder searches when looking for users or user groups in an LDAP directory:
Specifies searching the root and all levels below.
Specifies searching the root and one level below.
Note: For more information, see the searchRoot parameter.
searchTimeout (int)
(Optional) Specifies the maximum time, in seconds, allowed for searching an LDAP or custom directory.
secureConn (int)
(Optional) Specifies whether an LDAP or custom user directory connection is secured by SSL:
Specifies a connection secured by SSL.
Specifies a connection that is not secure.
Note: When this flag is enabled, SiteMinder authentication is secure and transmissions are encrypted. Enable this flag when using SSL.
requireCreds (int)
(Optional) Specifies whether user credentials are required for authentication:
Specifies that credentials are required.
Specifies that credentials are not required.
disabledAttr (string)
(Optional) Specifies the name of the user directory attribute that contains the user's disabled state.
Note: This parameter applies to LDAP and ODBC directories and some custom directories.
UIDAttr (string)
(Optional) Specifies the name of the user directory's universal ID attribute.
Note: The universal ID is different from the user's login ID and is used to look up user information. This parameter applies to LDAP, ODBC, and WinNT directories and to some custom directories.
anonID (string)
(Optional) Specifies the name of the user directory's anonymous user DN attribute.
Note: The DN, which is defined in the anonymous authentication scheme, gives anonymous users access to resources protected by the anonymous authentication scheme. This parameter applies to LDAP directories and some custom directories.
pwdData (string)
(Optional) Specifies the name of the user directory's password data attribute.
Note: This parameter applies to LDAP and ODBC directories and some custom directories.
pwdAttr (string)
(Optional) Specifies the name of the user directory's password attribute.
Note: This parameter applies to LDAP and ODBC directories and some custom directories.
emailAttr (string)
Note: This optional parameter is reserved for future use.
chalRespAttr (string)
(Optional) Specifies the name of the user directory's challenge/response attribute.
Example: The challenge/response can be a hint that SiteMinder sends the user when the user forgets the password.
Note: This parameter applies to LDAP directories and some custom directories.
Return Value
The CreateUserDir method returns one of the following values:
The CreateWSFEDAuthScheme method creates an instance of a WS-Federation authentication scheme and sets the authentication scheme's properties.
Syntax
The CreateWSFEDAuthScheme method has the following format:
Netegrity::PolicyMgtSession‑>CreateWSFEDAuthScheme(name, propsHash[, desc][, level])
Parameters
The CreateWSFEDAuthScheme method accepts the following parameters:
name (string)
Specifies the name of the WS-Federation authentication scheme.
propsHash (hashtable)
Specifies a reference to the hashtable of WS-Federation authentication scheme properties to set.
Note: For a complete list of WS-Federation authentication scheme properties, see Remarks.
desc (string)
(Optional) Specifies a description of the authentication scheme.
level (int)
(Optional) Specifies the authentication scheme level.
Return Value
The CreateWSFEDAuthScheme method returns one of the following values:
Remarks
The WS-Federation authentication scheme properties are grouped in the FSS Administrative UI as follows:
WSFED_NAME
WSFED_DESCRIPTION
WSFED_KEY_APID
WSFED_RPID
WSFED_SKEW_TIME
WSFED_DISABLE_SIGNATURE_PROCESSING
WSFED_DSIG_VERINFO_ALIAS
WSFED_AP_XPATH
WSFED_AP_LDAP_SEARCH_SPEC
WSFED_AP_ODBC_SEARCH_SPEC
WSFED_AP_WINNT_SEARCH_SPEC
WSFED_AP_CUSTOM_SEARCH_SPEC
WSFED_AP_ADD_SEARCH_SPEC
WSFED_AP_SSO_REDIRECT_MODE
WSFED_AP_SSO_DEFAULT_SERVICE
WSFED_AP_SSO_TARGET
WSFED_ENFORCE_SINGLE_USE_POLICY
WSFED_AP_SLO_ENABLED
WSFED_AP_SIGNOUT_URL
WSFED_AP_PLUGIN_CLASS
WSFED_AP_PLUGIN_PARAMS
WSFED_AP_USER_NOT_FOUND_REDIRECT_URL
WSFED_AP_USER_NOT_FOUND_REDIRECT_MODE
WSFED_AP_FAILURE_REDIRECT_URL
WSFED_AP_FAILURE_REDIRECT_MODE
WSFED_AP_INVALID_REDIRECT_URL
WSFED_AP_INVALID_REDIRECT_MODE
The DeleteAdmin method deletes an administrator from the policy store.
Syntax
The DeleteAdmin method has the following format:
Netegrity::PolicyMgtSession‑>DeleteAdmin(admin)
Parameters
The DeleteAdmin method accepts the following parameter:
admin (PolicyMgtAdmin object)
Specifies the administrator object to delete.
Return Value
The DeleteAdmin method returns one of the following values:
Specifies that the method is successful or that the administrator is not found.
Specifies that the method is unsuccessful.
Remarks
To remove an administrator from a particular domain, see the method PolicyMgtAffDomain‑>RemoveAdmin.
The DeleteAffDomain method deletes an affiliate domain.
Syntax
The DeleteAffDomain method has the following format:
Netegrity::PolicyMgtSession‑>DeleteAffDomain(affDomain)
Parameters
The DeleteAffDomain method accepts the following parameter:
affDomain (PolicyMgtAffDomain object)
Specifies the affiliate domain object to delete.
Return Value
The DeleteAffDomain method returns one of the following values:
Specifies that the method is successful or that the affiliate domain is not found.
Specifies that the method is unsuccessful.
The DeleteAgent method deletes an agent.
Syntax
The DeleteAgent method has the following format:
Netegrity::PolicyMgtSession‑>DeleteAgent(agent)
Parameters
The DeleteAgent method accepts the following parameter:
agent (PolicyMgtAgent object)
Specifies the agent object to delete.
Return Value
The DeleteAgent method returns one of the following values:
Specifies that the method is successful or that the agent is not found.
Specifies that the method is unsuccessful.
The DeleteAgentConfig method deletes an agent configuration object.
Syntax
The DeleteAgentConfig method has the following format:
Netegrity::PolicyMgtSession‑>DeleteAgentConfig(AgentConfig)
Parameters
The DeleteAgentConfig method accepts the following parameter:
AgentConfig (PolicyMgtAgentConfig object)
Specifies the agent configuration object to delete.
Return Value
The DeleteAgentConfig method returns one of the following values:
Specifies that the method is successful or that the agent configuration object was not found.
Specifies that the method is unsuccessful.
The DeleteAuthAzMap method deletes an authentication and authorization map.
Syntax
The DeleteAuthAzMap method has the following format:
Netegrity::PolicyMgtSession‑>DeleteAuthAzMap(map)
Parameters
The DeleteAuthAzMap method accepts the following parameter:
map (PolicyMgtAuthAzMap object)
Specifies the authentication and authorization map object to delete.
Return Value
The DeleteAuthAzMap method returns one of the following values:
Specifies that the method is successful or that the authentication and authorization map is not found.
Specifies that the method is unsuccessful.
The DeleteAuthScheme method deletes an authentication scheme.
Syntax
The DeleteAuthScheme method has the following format:
Netegrity::PolicyMgtSession‑>DeleteAuthScheme(authScheme)
Parameters
The DeleteAuthScheme method accepts the following parameter:
authScheme (PolicyMgtAuthScheme object)
Specifies the authentication scheme object to delete.
Return Value
The DeleteAuthScheme method returns one of the following values:
Specifies that the method is successful or that the authentication scheme is not found.
Specifies that the method is unsuccessful.
The DeleteCertMap method deletes a certificate map.
Syntax
The DeleteCertMap method has the following format:
Netegrity::PolicyMgtSession‑>DeleteCertMap(map)
Parameters
The DeleteCertMap method accepts the following parameter:
map (PolicyMgtCertMap object)
Specifies the certificate map object to delete.
Return Value
The DeleteCertMap method returns one of the following values:
Specifies that the method is successful or that the certificate map is not found.
Specifies that the method is unsuccessful.
The DeleteDomain method deletes a policy domain.
Syntax
The DeleteDomain method has the following format:
Netegrity::PolicyMgtSession‑>DeleteDomain(domain)
Parameters
The DeleteDomain method accepts the following parameter:
domain (PolicyMgtDomain object)
Specifies the domain object to delete.
Return Value
The DeleteDomain method returns one of the following values:
Specifies that the method is successful or that the domain is not found.
Specifies that the method is unsuccessful.
The DeleteGlobalPolicy method deletes a global policy.
Syntax
The DeleteGlobalPolicy method has the following format:
Netegrity::PolicyMgtSession‑>DeleteGlobalPolicy(policy)
Parameters
The DeleteGlobalPolicy method accepts the following parameter:
policy (PolicyMgtPolicy object)
Specifies the global policy object to delete.
Return Value
The DeleteGlobalPolicy method returns one of the following values:
Specifies that the method is successful.
Specifies that the method is unsuccessful.
The DeleteGlobalResponse method deletes a global response.
Syntax
The DeleteGlobalResponse method has the following format:
Netegrity::PolicyMgtSession‑>DeleteGlobalResponse(response)
Parameters
The DeleteGlobalResponse method accepts the following parameter:
response (PolicyMgtResponse object)
Specifies the global response object to delete.
Return Value
The DeleteGlobalResponse method returns one of the following values:
Specifies that the method is successful.
Specifies that the method is unsuccessful.
The DeleteGlobalRule method deletes a global rule.
Syntax
The DeleteGlobalRule method has the following format:
Netegrity::PolicyMgtSession‑>DeleteGlobalRule(rule)
Parameters
The DeleteGlobalRule method accepts the following parameter:
rule (PolicyMgtRule object)
Specifies the global rule object to delete.
Return Value
The DeleteGlobalRule method returns one of the following values:
Specifies that the method is successful.
Specifies that the method is unsuccessful.
The DeleteGroup method deletes an agent group.
Syntax
The DeleteGroup method has the following format:
Netegrity::PolicyMgtSession‑>DeleteGroup(group)
Parameters
The DeleteGroup method accepts the following parameter:
group (PolicyMgtGroup object)
Specifies the agent group object to delete.
Return Value
The DeleteGroup method returns one of the following values:
Specifies that the method is successful or that the agent group is not found.
Specifies that the method is unsuccessful.
The DeleteHostConfig method deletes a host configuration object.
Syntax
The DeleteHostConfig method has the following format:
Netegrity::PolicyMgtSession‑>DeleteHostConfig(HostConfig)
Parameters
The DeleteHostConfig method accepts the following parameter:
HostConfig (PolicyMgtHostConfig object)
Specifies the host configuration object to delete.
Return Value
The DeleteHostConfig method returns one of the following values:
Specifies that the method is successful or that the host configuration object is not found.
Specifies that the method is unsuccessful.
The DeleteODBCQueryScheme method deletes an ODBC query scheme.
Syntax
The DeleteODBCQueryScheme method has the following format:
Netegrity::PolicyMgtSession‑>DeleteODBCQueryScheme(scheme)
Parameters
The DeleteODBCQueryScheme method accepts the following parameter:
scheme (PolicyMgtODBCQueryScheme object)
Specifies the ODBC query scheme object to delete.
Return Value
The DeleteODBCQueryScheme method returns one of the following values:
Specifies that the method is successful or that the ODBC query scheme is not found.
Specifies that the method is unsuccessful.
The DeletePwdPolicy method deletes a password policy.
Syntax
The DeletePwdPolicy method has the following format:
Netegrity::PolicyMgtSession‑>DeletePwdPolicy(pwdPolicy)
Parameters
The DeletePwdPolicy method accepts the following parameter:
pwdPolicy (PolicyMgtPwdPolicy object)
Specifies the password policy object to delete.
Return Value
The DeletePwdPolicy method returns one of the following values:
Specifies that the method is successful or that the password policy is not found.
Specifies that the method is unsuccessful.
The DeleteRegScheme method deletes a registration scheme.
Syntax
The DeleteRegScheme method has the following format:
Netegrity::PolicyMgtSession‑>DeleteRegScheme(regScheme)
Parameters
The DeleteRegScheme method accepts the following parameter:
regScheme (PolicyMgtRegScheme object)
Specifies the registration scheme object to delete.
Return Value
The DeleteRegScheme method returns one of the following values:
Specifies that the method is successful or that the registration scheme is not found.
Specifies that the method is unsuccessful.
The DeleteSAMLAffiliation method deletes a SAML 2.0 affiliation object.
Syntax
The DeleteSAMLAffiliation method has the following format:
Netegrity::PolicyMgtSession‑>DeleteSAMLAffiliation(SAMLAffil)
Parameters
The DeleteSAMLAffiliation method accepts the following parameter:
SAMLAffil (PolicyMgtSAMLAffiliation object)
Specifies the SAML 2.0 affiliation object to delete.
Return Value
The DeleteSAMLAffiliation method returns one of the following values:
Specifies that the method is successful or that the SAML affiliation object is not found.
Specifies that the method is unsuccessful.
The DeleteTrustedHost method deletes a trusted host.
Syntax
The DeleteTrustedHost method has the following format:
Netegrity::PolicyMgtSession‑>DeleteTrustedHost(TrustedHost)
Parameters
The DeleteTrustedHost method accepts the following parameter:
TrustedHost (PolicyMgtTrustedHost object)
Specifies the trusted host object to delete.
Return Value
The DeleteTrustedHost method returns one of the following values:
Specifies that the method is successful or that the trusted host is not found.
Specifies that the method is unsuccessful.
The DeleteUserDir method
Syntax
The DeleteUserDir method has the following format:
Netegrity::PolicyMgtSession‑>DeleteUserDir(userdir)
Parameters
The DeleteUserDir method accepts the following parameter:
userdir (PolicyMgtUserDir object)
Specifies the user directory object to delete.
Return Value
The DeleteUserDir method returns one of the following values:
Specifies that the method is successful or that the user directory is not found.
Specifies that the method is unsuccessful.
The GetAdmin method retrieves the specified administrator.
Syntax
The GetAdmin method has the following format:
Netegrity::PolicyMgtSession‑>GetAdmin(adminName)
Parameters
The GetAdmin method accepts the following parameter:
adminName (string)
Specifies the name of the administrator to retrieve.
Return Value
The GetAdmin method returns one of the following values:
The GetAffDomain method retrieves the specified affiliate domain.
Syntax
The GetAffDomain method has the following format:
Netegrity::PolicyMgtSession‑>GetAffDomain(domName)
Parameters
The GetAffDomain method accepts the following parameter:
domName (string)
Specifies the name of the affiliate domain to retrieve.
Return Value
The GetAffDomain method returns one of the following values:
The GetAgent method retrieves the specified agent.
Syntax
The GetAgent method has the following format:
Netegrity::PolicyMgtSession‑>GetAgent(agentName)
Parameters
The GetAgent method accepts the following parameter:
agentName (string)
Specifies the name of the agent to retrieve.
Return Value
The GetAgent method returns one of the following values:
The GetAgentConfig method retrieves the specified agent configuration object.
Syntax
The GetAgentConfig method has the following format:
Netegrity::PolicyMgtSession‑>GetAgentConfig(acName)
Parameters
The GetAgentConfig method accepts the following parameter:
acName (string)
Specifies the name of the agent configuration object to retrieve.
Return Value
The GetAgentConfig method returns one of the following values:
The GetAgentGroup method retrieves the specified agent group.
Syntax
The GetAgentGroup method has the following format:
Netegrity::PolicyMgtSession‑>GetAgentGroup(agentGroup)
Parameters
The GetAgentGroup method accepts the following parameter:
agentGroup (string)
Specifies the name of the agent group to retrieve.
Return Value
The GetAgentGroup method returns one of the following values:
The GetAgentType method retrieves the specified agent type.
Syntax
The GetAgentType method has the following format:
Netegrity::PolicyMgtSession‑>GetAgentType(agentTypeName)
Parameters
The GetAgentType method accepts the following parameter:
agentTypeName (string)
Specifies one of the following pre-defined agent types to retrieve:
Return Value
The GetAgentType method returns one of the following values:
The GetAllAdmins method retrieves a list of all administrators configured on the Policy Server.
Syntax
The GetAllAdmins method has the following format:
Netegrity::PolicyMgtSession‑>GetAllAdmins()
Parameters
The GetAllAdmins method accepts no parameters.
Return Value
The GetAllAdmins method returns one of the following values:
The GetAllAffDomains method retrieves a list of all configured affiliate domains.
Syntax
The GetAllAffDomains method has the following format:
Netegrity::PolicyMgtSession‑>GetAllAffDomains()
Parameters
The GetAllAffDomains method accepts no parameters.
Return Value
The GetAllAffDomains method returns one of the following values:
The GetAllAgentConfigs method retrieves a list of all agent configuration objects.
Syntax
The GetAllAgentConfigs method has the following format:
Netegrity::PolicyMgtSession‑>GetAllAgentConfigs()
Parameters
The GetAllAgentConfigs method accepts no parameters.
Return Value
The GetAllAgentConfigs method returns one of the following values:
The GetAllAgentGroups method retrieves a list of all agent group objects.
Syntax
The GetAllAgentGroups method has the following format:
Netegrity::PolicyMgtSession‑>GetAllAgentGroups()
Parameters
The GetAllAgentGroups method accepts no parameters.
Return Value
The GetAllAgentGroups method returns one of the following values:
The GetAllAgents method retrieves a list of all agents configured on the Policy Server.
Syntax
The GetAllAgents method has the following format:
Netegrity::PolicyMgtSession‑>GetAllAgents()
Parameters
The GetAllAgents method accepts no parameters.
Return Value
The GetAllAgents method returns one of the following values:
The GetAllAuthAzMaps method retrieves a list of all authentication and authorization maps.
Syntax
The GetAllAuthAzMaps method has the following format:
Netegrity::PolicyMgtSession‑>GetAllAuthAzMaps()
Parameters
The GetAllAuthAzMaps method accepts no parameters.
Return Value
The GetAllAuthAzMaps method returns one of the following values:
The GetAllAuthSchemes method retrieves a list of all authentication schemes on the Policy Server.
Syntax
The GetAllAuthSchemes method has the following format:
Netegrity::PolicyMgtSession‑>GetAllAuthSchemes([showTemplates])
Parameters
The GetAllAuthSchemes method accepts the following parameter:
showTemplates (int)
(Optional) Specifies whether to include template schemes in the list of authentication schemes.
Specifies not including template schemes in the list of authentication schemes.
Specifies including template schemes in the list of authentication schemes.
Return Value
The GetAllAuthSchemes method returns one of the following values:
The GetAllCertMaps method retrieves a list of all certificate mapping objects.
Syntax
The GetAllCertMaps method has the following format:
Netegrity::PolicyMgtSession‑>GetAllCertMaps()
Parameters
The GetAllCertMaps method accepts no parameters.
Return Value
The GetAllCertMaps method returns one of the following values:
The GetAllDomains method retrieves a list of all domains configured on the Policy Server.
Syntax
The GetAllDomains method has the following format:
Netegrity::PolicyMgtSession‑>GetAllDomains()
Parameters
The GetAllDomains method accepts no parameters.
Return Value
The GetAllDomains method returns one of the following values:
The GetAllGlobalPolicies method retrieves a list of all global policy objects.
Syntax
The GetAllGlobalPolicies method has the following format:
Netegrity::GetAllGlobalPolicies()
Parameters
The GetAllGlobalPolicies method accepts no parameters.
Return Value
The GetAllGlobalPolicies method returns one of the following values:
The GetAllGlobalResponses method retrieves a list of all global response objects.
Syntax
The GetAllGlobalResponses method has the following format:
Netegrity::PolicyMgtSession‑>GetAllGlobalResponses()
Parameters
The GetAllGlobalResponses method accepts no parameters.
Return Value
The GetAllGlobalResponses method returns one of the following values:
The GetAllGlobalRules method retrieves a list of all global rule objects.
Syntax
The GetAllGlobalRules method has the following format:
Netegrity::PolicyMgtSession‑>GetAllGlobalRules()
Parameters
The GetAllGlobalRules method accepts no parameters.
Return Value
The GetAllGlobalRules method returns one of the following values:
The GetAllHostConfigs method retrieves a list of all host configuration objects.
Syntax
The GetAllHostConfigs method has the following format:
Netegrity::PolicyMgtSession‑>GetAllHostConfigs()
Parameters
The GetAllHostConfigs method accepts no parameters.
Return Value
The GetAllHostConfigs method returns one of the following values:
The GetAllODBCQuerySchemes method retrieves a list of all ODBC query schemes on the Policy Server.
Syntax
The GetAllODBCQuerySchemes method has the following format:
Netegrity::PolicyMgtSession‑>GetAllODBCQuerySchemes()
Parameters
The GetAllODBCQuerySchemes method accepts no parameters.
Return Value
The GetAllODBCQuerySchemes method returns one of the following values:
The GetAllPwdPolicies method retrieves a list of all configured password policies.
Syntax
The GetAllPwdPolicies method has the following format:
Netegrity::PolicyMgtSession‑>GetAllPwdPolicies()
Parameters
The GetAllPwdPolicies method accepts no parameters.
Return Value
The GetAllPwdPolicies method returns one of the following values:
The GetAllRegSchemes method retrieves a list of all registration schemes configured on the Policy Server.
Syntax
The GetAllRegSchemes method has the following format:
Netegrity::PolicyMgtSession‑>GetAllRegSchemes()
Parameters
The GetAllRegSchemes method accepts no parameters.
Return Value
The GetAllRegSchemes method returns one of the following values:
The GetAllSAMLAffiliations method retrieves a list of all SAML 2.0 affiliations.
Syntax
The GetAllSAMLAffiliations method has the following format:
Netegrity::PolicyMgtSession‑>GetAllSAMLAffiliations()
Parameters
The GetAllSAMLAffiliations method accepts no parameters.
Return Value
The GetAllSAMLAffiliations method returns one of the following values:
The GetAllSAMLSchemeAttributes method retrieves a list of all defined SAML 2.0 Requester attributes.
Syntax
The GetAllSAMLSchemeAttributes method has the following format:
Netegrity::PolicyMgtSession‑>GetAllSAMLSchemeAttributes(scheme)
Parameters
The GetAllSAMLSchemeAttributes method accepts the following parameter:
scheme (PolicyMgtAuthScheme object)
Specifies the SAML 2.0 authentication scheme object.
Return Value
The GetAllSAMLSchemeAttributes method returns one of the following values:
The GetAllTrustedHosts method retrieves a list of all trusted host objects.
Syntax
The GetAllTrustedHosts method has the following format:
Netegrity::PolicyMgtSession‑>GetAllTrustedHosts()
Parameters
The GetAllTrustedHosts method accepts no parameters.
Return Value
The GetAllTrustedHosts method returns one of the following values:
The GetAllUserDirs method retrieves a list of all user directories associated with the Policy Server.
Syntax
The GetAllUserDirs method has the following format:
Netegrity::PolicyMgtSession‑>GetAllUserDirs()
Parameters
The GetAllUserDirs method accepts no parameters.
Return Value
The GetAllUserDirs method returns one of the following values:
The GetAllVariableTypes method retrieves a list of all variable type objects configured on the Policy Server.
Syntax
The GetAllVariableTypes method has the following format:
Netegrity::PolicyMgtSession‑>GetAllVariableTypes()
Parameters
The GetAllVariableTypes method accepts no parameters.
Return Value
The GetAllVariableTypes method returns one of the following values:
The GetAuthScheme method retrieves the specified authentication scheme object. Existing authentication schemes are specified by name. To create a new authentication scheme, use this method to retrieve the type of authentication scheme object or template upon which you want the new scheme to be based. Then, pass the resulting object to the PolicyMgtSession‑>CreateAuthScheme method in the schemeTemplate parameter. For information about creating a SAML 2.0 authentication scheme, see the method PolicyMgtSession‑>CreateSAMLAuthScheme.
Syntax
The GetAuthScheme method has the following format:
Netegrity::PolicyMgtSession‑>GetAuthScheme(schemeName)
Parameters
The GetAuthScheme method accepts the following parameter:
schemeName (string)
Specifies one of the following:
Return Value
The GetAuthScheme method returns one of the following values:
The GetCertMap method retrieves the certificate mapping object specified by the certificate issuer's DN.
Syntax
The GetCertMap method has the following format:
Netegrity::PolicyMgtSession‑>GetCertMap(issuerDN)
Parameters
The GetCertMap method accepts the following parameter:
issuerDN (string)
Specifies the certificate issuer's DN.
Return Value
The GetCertMap method returns one of the following values:
The GetDomain method retrieves the specified policy domain object.
Syntax
The GetDomain method has the following format:
Netegrity::PolicyMgtSession‑>GetDomain(domName)
Parameters
The GetDomain method accepts the following parameter:
domName (string)
Specifies the name of the domain to retrieve.
Return Value
The GetDomain method returns one of the following values:
The GetGlobalPolicy method retrieves the specified global policy object.
Syntax
The GetGlobalPolicy method has the following format:
Netegrity::PolicyMgtSession‑>GetGlobalPolicy(policyName)
Parameters
The GetGlobalPolicy method accepts the following parameter:
policyName (string)
Specifies the name of the global policy to retrieve.
Return Value
The GetGlobalPolicy method returns one of the following values:
The GetGlobalResponse method retrieves the specified global response object.
Syntax
The GetGlobalResponse method has the following format:
Netegrity::PolicyMgtSession‑>GetGlobalResponse(responseName)
Parameters
The GetGlobalResponse method accepts the following parameter:
responseName (string)
Specifies the name of the global response to retrieve.
Return Value
The GetGlobalResponse method returns one of the following values:
The GetGlobalRule method retrieves the specified global rule object.
Syntax
The GetGlobalRule method has the following format:
Netegrity::PolicyMgtSession‑>GetGlobalRule(ruleName)
Parameters
The GetGlobalRule method accepts the following parameter:
ruleName (string)
Specifies the name of the global rule to retrieve.
Return Value
The GetGlobalRule method returns one of the following values:
The GetHostConfig method retrieves the specified host configuration object.
Syntax
The GetHostConfig method has the following format:
Netegrity::PolicyMgtSession‑>GetHostConfig(hcName)
Parameters
The GetHostConfig method accepts the following parameter:
hcName (string)
Specifies the name of the host configuration object to retrieve.
Return Value
The GetHostConfig method returns one of the following values:
The GetODBCQueryScheme method retrieves the specified ODBC query scheme object.
Syntax
The GetODBCQueryScheme method has the following format:
Netegrity::PolicyMgtSession‑>GetODBCQueryScheme(schemeName)
Parameters
The GetODBCQueryScheme method accepts the following parameter:
schemeName (string)
Specifies the ODBC query scheme to retrieve.
Return Value
The GetODBCQueryScheme method returns one of the following values:
The GetPwdPolicy method retrieves the specified password policy object.
Syntax
The GetPwdPolicy method has the following format:
Netegrity::PolicyMgtSession‑>GetPwdPolicy(pwdPolicyName)
Parameters
The GetPwdPolicy method accepts the following parameter:
pwdPolicyName (string)
Specifies the name of the password policy to retrieve.
Return Value
The GetPwdPolicy method returns one of the following values:
The GetRegScheme method retrieves the specified registration scheme object.
Syntax
The GetRegScheme method has the following format:
Netegrity::PolicyMgtSession‑>GetRegScheme(schemeName)
Parameters
The GetRegScheme method accepts the following parameter:
schemeName (string)
Specifies the name of the registration scheme to retrieve.
Return Value
The GetRegScheme method returns one of the following values:
The GetSAMLAffiliation method retrieves the specified SAML 2.0 affiliation object.
Syntax
The GetSAMLAffiliation method has the following format:
Netegrity::PolicyMgtSession‑>GetSAMLAffiliation(affilName)
Parameters
The GetSAMLAffiliation method accepts the following parameter:
affilName (string)
Specifies the name or OID of the SAML affiliation to retrieve.
Note: When an OID is specified, it can be prefixed with the "@" character.
Return Value
The GetSAMLAffiliation method returns one of the following values:
The GetSAMLAffiliationById method retrieves the SAML 2.0 affiliation object specified by the affiliation ID passed to the method.
Syntax
The GetSAMLAffiliationById method has the following format:
Netegrity::PolicyMgtSession‑>GetSAMLAffiliationById(affilID)
Parameters
The GetSAMLAffiliationById method accepts the following parameter:
affilID (string)
Specifies the affiliation ID of the SAML affiliation to retrieve.
Return Value
The GetSAMLAffiliationById method returns one of the following values:
The GetSharedSecretPolicy method retrieves the specified shared secret rollover policy object. Because each policy store domain can have only one shared secret rollover policy, there is no need to pass the name of the policy to this method.
Syntax
The GetSharedSecretPolicy method has the following format:
Netegrity::PolicyMgtSession‑>GetSharedSecretPolicy()
Parameters
The GetSharedSecretPolicy method accepts no parameters.
Return Value
The GetSharedSecretPolicy method returns the following value:
The GetTrustedHost method retrieves the specified trusted host object.
Syntax
The GetTrustedHost method has the following format:
Netegrity::PolicyMgtSession‑>GetTrustedHost(thName)
Parameters
The GetTrustedHost method accepts the following parameter:
thName (string)
Specifies the name of the trusted host to retrieve.
Return Value
The GetTrustedHost method returns one of the following values:
The GetUserDir method retrieves the specified user directory object.
Syntax
The GetUserDir method has the following format:
Netegrity::PolicyMgtSession‑>GetUserDir(dirName)
Parameters
The GetUserDir method accepts the following parameter:
dirName (string)
Specifies the name of the user directory to retrieve.
Return Value
The GetUserDir method returns one of the following values:
The GetVariableType method retrieves the specified variable type object. To create a new variable object of the specified type, pass the resulting variable type object to the CreateVariable method in the varType parameter.
Syntax
The GetVariableType method has the following format:
Netegrity::PolicyMgtSession‑>GetVariableType(varTypeName)
Parameters
The GetVariableType method accepts the following parameter:
varTypeName (string)
Specifies one of the following variable type names:
Post
UserContext
RequestContext
Static
WebService
XMLBody
XMLAgent
XMLEnvelopeHeader
Transport
SAMLAssertion
Note: Variable type names are case-sensitive and must not contain spaces.
Return Value
The GetVariableType method returns one of the following values:
Remarks
You cannot create a TransactionMinder variable with the Command Line Interface. If you have TransactionMinder and the Option Pack installed, you can create TransactionMinder variables in the Administrative UI.
The RemoveAttributeFromSAMLScheme method removes an attribute from a SAML 2.0 authentication scheme.
Syntax
The RemoveAttributeFromSAMLScheme method has the following format:
Netegrity::PolicyMgtSession‑>RemoveAttributeFromSAMLScheme(scheme, pSAMLRequesterAttr)
Parameters
The RemoveAttributeFromSAMLScheme method accepts the following parameters:
scheme (PolicyMgtAuthScheme object)
Specifies the SAML 2.0 authentication scheme from which to remove the attribute.
pSAMLRequesterAttribute (string)
Specifies the attribute to remove.
Return Value
The RemoveAttributeFromSAMLScheme method returns one of the following values:
Specifies that the method is successful.
Specifies that the method is unsuccessful.
The SAMLAuthSchemeProperties method sets or retrieves the SAML 2.0 metadata properties that reside in an existing SAML 2.0 authentication scheme. For a complete list of SAML 2.0 metadata properties, see the method PolicyMgtSession‑>CreateSAMLAuthScheme.
Syntax
The SAMLAuthSchemeProperties method has the following format:
Netegrity::PolicyMgtSession‑>SAMLAuthSchemeProperties(scheme, propsHash_ref)
Parameters
The SAMLAuthSchemeProperties method accepts the following parameters:
scheme (PolicyMgtAuthScheme object)
Specifies the authentication scheme whose metadata properties are set or retrieved.
propsHash_ref (hash)
Specifies a reference to a hashtable of metadata properties to set or retrieve.
Return Value
The SAMLAuthSchemeProperties method returns one of the following values:
Specifies that the method is successful.
Specifies that the method is unsuccessful.
Remarks
When the hashtable is empty, the SAMLAuthSchemeProperties method retrieves all metadata properties. You can define an empty hashtable as follows:
%myhash=();
Then, you can reference the empty hashtable as follows:
\%myhash
Finally, you can pass the hashtable reference to the SAMLAuthSchemeProperties method through the propsHash_ref parameter.
The WSFEDAuthSchemeProperties method sets or retrieves the WS-Federation metadata properties in an existing WS-Federation authentication scheme. For a complete list of WS-Federation metadata properties, see the method PolicyMgtSession‑>CreateWSFEDAuthScheme.
Syntax
The WSFEDAuthSchemeProperties method has the following format:
Netegrity::PolicyMgtSession‑>WSFEDAuthSchemeProperties(scheme, propsHash_ref)
Parameters
The WSFEDAuthSchemeProperties method accepts the following parameters:
scheme (PolicyMgtAuthScheme object)
Specifies the authentication scheme whose WS-Federation metadata properties are set or retrieved.
propsHash_ref (hash)
Specifies a reference to a hashtable of metadata properties to set or retrieve.
Return Value
The WSFEDAuthSchemeProperties method returns one of the following values:
Specifies that the method is successful.
Specifies that the method is unsuccessful.
Remarks
When the hashtable is empty, the WSFEDAuthSchemeProperties method retrieves all metadata properties. You can define an empty hashtable as follows:
%myhash=();
Then, you can reference the empty hashtable as follows:
\%myhash
Finally, you can pass the hashtable reference to the WSFEDAuthSchemeProperties method through the propsHash_ref parameter.
The following methods act on PolicyMgtSharedSecretPolicy objects:
The Enabled method sets or retrieves the flag that specifies whether the shared secret rollover policy is enabled.
Syntax
The Enabled method has the following format:
Netegrity::PolicyMgtSharedSecretPolicy‑>Enabled([enableFlag])
Parameters
The Enabled method accepts the following parameter:
enableFlag (int)
(Optional) Specifies a new value for the enabled flag.
Specifies enabling the shared secret rollover policy.
Specifies disabling the shared secret rollover policy.
Return Value
The Enabled method returns the new or existing value for the enabled flag:
Specifies that the shared secret rollover policy is enabled.
Specifies that the shared secret rollover policy is disabled.
Remarks
If the shared secret rollover policy is enabled, rollover must also be enabled for any trusted host whose shared secret needs to be synchronized with the rollover policy's shared secret. To enable rollover for a trusted host object, call the method PolicyMgtTrustedHost‑>RolloverEnabled.
The RolloverFrequency method sets or retrieves the rollover frequency for the rollover policy. This value determines how often the shared secret is automatically updated in the time period specified by the method PolicyMgtSharedSecretPolicy‑>RolloverPeriod.
Syntax
The RolloverFrequency method has the following format:
Netegrity::PolicyMgtSharedSecretPolicy‑>RolloverFrequency([rollFreq])
Parameters
The RolloverFrequency method accepts the following parameter:
rollFreq (int)
(Optional) Specifies a new value for the rollover frequency.
Range: rollFreq >= 1
Return Value
The RolloverFrequency method returns the following value:
Specifies the new or existing value for the rollover frequency.
The RolloverPeriod method sets or retrieves the rollover period for the rollover policy. The rollover period can have one of four values: hourly, daily, weekly, or monthly. The rollover period is used with the rollover frequency to specify how often the shared secret is automatically changed. For example, if the rollover frequency is two and the rollover period is weekly, then the shared secret is automatically changed every two weeks. To set the rollover frequency, call the PolicyMgtSharedSecretPolicy‑>RolloverFrequency method.
Syntax
The RolloverPeriod method has the following format:
Netegrity::PolicyMgtSharedSecretPolicy‑>RolloverPeriod([rollPeriod])
Parameters
The RolloverPeriod method accepts the following parameter:
rollPeriod (int)
(Optional) Specifies a new value for the rollover period.
Specifies that the rollover period is hourly.
Specifies that the rollover period is daily.
Specifies that the rollover period is weekly.
Specifies that the rollover period is monthly.
Return Value
The RolloverPeriod method returns one of the following values:
Specifies the new or existing value for the rollover period.
Range: 0-3
Specifies that the return value is not in the 0-3 range.
The Save method saves the shared secret policy object to the policy store. Call this method once after making all changes to the shared secret policy object. You must call this method for the changes to take effect.
Syntax
The Save method has the following format:
Netegrity::PolicyMgtSharedSecretPolicy‑>Save()
Parameters
The Save method accepts no parameters.
Return Value
The Save method returns one of the following values:
Specifies that the call is successful.
Specifies that the call is unsuccessful.
The following methods act on PolicyMgtTrustedHost objects:
The GetDescription method retrieves the description of the trusted host.
Syntax
The GetDescription method has the following format:
Netegrity::PolicyMgtTrustedHost‑>GetDescription()
Parameters
The GetDescription method accepts no parameters.
Return Value
The GetDescription method returns the following value:
The GetIPAddress method retrieves the IP address of the trusted host.
Syntax
The GetIPAddress method has the following format:
Netegrity::PolicyMgtTrustedHost‑>GetIPAddress()
Parameters
The GetIPAddress method accepts no parameters.
Return Value
The GetIPAddress method returns the following value:
The GetName method retrieves the name of the trusted host.
Syntax
The GetName method has the following format:
Netegrity::PolicyMgtTrustedHost‑>GetName()
Parameters
The GetName method accepts no parameters.
Return Value
The GetName method returns the following value:
The GetSecret method retrieves the shared secret of the trusted host in clear text.
Syntax
The GetSecret method has the following format:
Netegrity::PolicyMgtTrustedHost‑>GetSecret()
Parameters
The GetSecret method accepts no parameters.
Return Value
The GetSecret method returns one of the following values:
The RolloverEnabled method sets or retrieves the shared secret rollover flag that specifies whether shared secret rollover is enabled for this trusted host.
Syntax
The RolloverEnabled method has the following format:
Netegrity::PolicyMgtTrustedHost‑>RolloverEnabled([rolloverEnabled])
Parameters
The RolloverEnabled method accepts the following parameter:
rolloverEnabled (int)
(Optional) Specifies a new value for the shared secret rollover flag.
Specifies that shared secret rollover is enabled for this trusted host.
Specifies that shared secret rollover is not enabled for this trusted host.
Return Value
The RolloverEnabled method returns the new or existing value for the shared secret rollover flag:
Specifies that shared secret rollover is enabled for this trusted host.
Specifies that shared secret rollover is not enabled for this trusted host.
Specifies that the call is unsuccessful.
Remarks
If shared secret rollover is enabled for this trusted host, it must also be enabled in the PolicyMgtSharedSecretPolicy object in the policy store domain where the trusted host is registered. If shared secret rollover is not enabled in this object, call the method PolicyMgtSharedSecretPolicy‑>Enabled to enable it.
The SetSecret method sets the shared secret of the trusted host.
Syntax
The SetSecret method has the following format:
Netegrity::PolicyMgtTrustedHost‑>SetSecret([sharedSecret])
Parameters
The SetSecret method accepts the following parameter:
sharedSecret (string)
(Optional) Specifies the shared secret to set for the trusted host.
Note: If no shared secret is specified, SiteMinder generates a random 128-byte ASCII shared secret for the trusted host.
Return Value
The SetSecret method returns one of the following values:
Specifies the new shared secret for the trusted host.
Specifies that the call is unsuccessful.
Remarks
When you use this method to set the shared secret, you must also run the SiteMinder tool smreghost to define the new shared secret in the host configuration file. (The host configuration file is named SmHost.conf by default.) Run smreghost with the -sh option. For more information, see the method PolicyMgtSession‑>AddTrustedHost.
Note: You can schedule shared secret rollovers, so that they happen automatically. For more information about this feature, see the Policy Server Configuration Guide.
The following methods act on PolicyMgtUser objects:
The DisableByAdmin method sets or retrieves the disabled-by-administrator flag which specifies whether the user account is disabled by the administrator.
Syntax
The DisableByAdmin method has the following format:
Netegrity::PolicyMgtUser‑>DisableByAdmin([disableFlag])
Parameters
The DisableByAdmin method accepts the following parameter:
disableFlag (int)
(Optional) Specifies a new value for the disabled-by-administrator flag.
Specifies that the user account is disabled by the administrator.
Specifies that the user account is not disabled by the administrator.
Note: The user account can be disabled for other reasons. For more information, see Remarks.
Return Value
The DisableByAdmin method returns the new or existing value for the disabled-by-administrator flag:
Specifies that the user account is disabled by the administrator.
Specifies that the user account is not disabled by the administrator.
Note: The user account can be disabled for other reasons. For more information, see Remarks.
Specifies that the call is unsuccessful.
Remarks
User accounts can be disabled for one or more of the following reasons:
For more information, see the method PolicyMgtUser‑>DisableInactive.
For more information, see the method PolicyMgtUser‑>DisableMaxLoginFail.
For more information, see the method PolicyMgtUser‑>DisablePwdExpired.
The DisableInactive method sets or retrieves the disabled-by-inactivity flag which specifies whether the user account is disabled because account inactivity exceeded the time allowed.
Syntax
The DisableInactive method has the following format:
Netegrity::PolicyMgtUser‑>DisableInactive([disableFlag])
Parameters
The DisableInactive method accepts the following parameter:
disableFlag (int)
(Optional) Specifies a new value for the disabled-by-inactivity flag.
Specifies that the user account is disabled because of inactivity.
Specifies that the user account is not disabled because of inactivity.
Note: The user account can be disabled for other reasons. For more information, see Remarks.
Return Value
The DisableInactive method returns the new or existing value for the disabled-by-inactivity flag:
Specifies that the user account is disabled because of inactivity.
Specifies that the user account is not disabled because of inactivity.
Note: The user account can be disabled for other reasons. For more information, see Remarks.
Specifies that the call is unsuccessful.
Remarks
User accounts can be disabled for one or more of the following reasons:
For more information, see the method PolicyMgtUser‑>DisableByAdmin.
For more information, see the method PolicyMgtUser‑>DisableMaxLoginFail.
For more information, see the method PolicyMgtUser‑>DisablePwdExpired.
The DisableMaxLoginFail method sets or retrieves the disabled-by-max-login-failure flag which specifies whether the user account is disabled because the number of login failures exceeded the maximum allowed.
Syntax
The DisableMaxLoginFail method has the following format:
Netegrity::PolicyMgtUser‑>DisableMaxLoginFail([disableFlag])
Parameters
The DisableMaxLoginFail method accepts the following parameter:
disableFlag (int)
(Optional) Specifies a new value for the disabled-by-max-login-failure flag.
Specifies that the user account is disabled because the number of login failures exceeded the maximum allowed.
Specifies that the user account is not disabled because the number of login failures exceeded the maximum allowed.
Note: The user account can be disabled for other reasons. For more information, see Remarks.
Return Value
The DisableMaxLoginFail method returns the new or existing value for the disabled-by-max-login-failure flag:
Specifies that the user account is disabled because the number of login failures exceeded the maximum allowed.
Specifies that the user account is not disabled because the number of login failures exceeded the maximum allowed.
Note: The user account can be disabled for other reasons. For more information, see Remarks.
Specifies that the call is unsuccessful.
Remarks
User accounts can be disabled for one or more of the following reasons:
For more information, see the method PolicyMgtUser‑>DisableByAdmin.
For more information, see the method PolicyMgtUser‑>DisableInactive.
For more information, see the method PolicyMgtUser‑>DisablePwdExpired.
The DisablePwdExpired method sets or retrieves the disabled-by-password-expired flag that specifies whether the user account is disabled because the password expired.
Syntax
The DisablePwdExpired method has the following format:
Netegrity::PolicyMgtUser‑>DisablePwdExpired([disableFlag])
Parameters
The DisablePwdExpired method accepts the following parameter:
disableFlag (int)
(Optional) Specifies a new value for the disabled-by-password-expired flag.
Specifies that the user account is disabled because the password expired.
Specifies that the user account is not disabled because the password expired.
Return Value
The DisablePwdExpired method returns the new or existing value for the disabled-by-password-expired flag:
Specifies that the user account is disabled because the password expired.
Specifies that the user account is not disabled because the password expired.
Note: The user account can be disabled for other reasons. For more information, see Remarks.
Specifies that the call is unsuccessful.
Remarks
User accounts can be disabled for one or more of the following reasons:
For more information, see the method PolicyMgtUser‑>DisableByAdmin.
For more information, see the method PolicyMgtUser‑>DisableInactive.
For more information, see the method PolicyMgtUser‑>DisableMaxLoginFail.
The ForcePwdChange method sets or retrieves the force-password-change flag that specifies whether to force a password change at the next user login.
Syntax
The ForcePwdChange method has the following format:
Netegrity::PolicyMgtUser‑>ForcePwdChange([forceFlag])
Parameters
The ForcePwdChange method accepts the following parameter:
forceFlag (int)
(Optional) Specifies whether to force a password change at the next user login.
Specifies forcing a password change at the next user login.
Specifies not forcing a password change at the next user login.
Return Value
The ForcePwdChange method returns the new or existing value for the force-password-change flag.
Specifies forcing a password change at the next user login.
Specifies not forcing a password change at the next user login.
Specifies that the call is unsuccessful.
The GetClass method retrieves the user class.
Syntax
The GetClass method has the following format:
Netegrity::PolicyMgtUser‑>GetClass()
Parameters
The GetClass method accepts no parameters.
Return Value
The GetClass method returns one of the following values:
Example: "organization"
The GetPath method retrieves the user path. The user path is the distinguished name (DN).
Syntax
The GetPath method has the following format:
Netegrity::PolicyMgtUser‑>GetPath()
Parameters
The GetPath method accepts no parameters.
Return Value
The GetPath method returns one of the following values:
Specifies the user path or distinguished name (DN).
Specifies that the call is unsuccessful.
The SetPassword method sets a new password for the user.
Syntax
The SetPassword method has the following format:
Netegrity::PolicyMgtUser‑>SetPassword(newPwd[, oldPwd])
Parameters
The SetPassword method accepts the following parameters:
newPwd (string)
Specifies the new password.
oldPwd (string)
(Optional) Specifies the old password to change.
Note: If provided, this value must match the existing password in the user directory.
Return Value
The SetPassword method returns one of the following values:
Specifies that the password change is successful.
Specifies that the password change is unsuccessful.
The UserPasswordState method sets or retrieves the password state object for the current user. Setting a new password state object updates the object's attributes with any changes that have been made. This method also clears the password history if specified by the empty-history flag.
Syntax
The UserPasswordState method has the following format:
Netegrity::PolicyMgtUser‑>UserPasswordState([pPwState][, emptyHistoryFlag])
Parameters
The UserPasswordState method accepts the following parameters:
pPwState (PolicyMgtUserPasswordState)
(Optional) Specifies the new password state object to set.
emptyHistoryFlag (int)
(Optional) Specifies whether to clear the password history.
Specifies not clearing the password history.
Specifies clearing the password history.
Note: Clearing the password history sets the last-password-change-time attribute to 0. For more information, see the method PolicyMgtUserPasswordState‑>LastPWChangeTime.
Return Value
The UserPasswordState method returns one of the following values:
The ValidatePassword method determines whether the user's password conforms to the password policy. Call ValidatePassword before calling the method SetPassword.
Syntax
The ValidatePassword method has the following format:
Netegrity::PolicyMgtUser‑>ValidatePassword(password)
Parameters
The ValidatePassword method accepts the following parameters:
password (string)
Specifies the password to validate.
Return Value
The ValidatePassword method returns one of the following values:
Specifies that the password is valid.
Specifies that the password is not valid.
The following methods act on PolicyMgtUserDir objects:
The AnonymousIDAttr method sets or retrieves the name of the user directory's anonymous user DN attribute. The DN, which is defined in the anonymous authentication scheme, gives anonymous users access to resources protected by the anonymous authentication scheme. You can use the AnonymousIDAttr method with LDAP directories and some custom directories.
Syntax
The AnonymousIDAttr method has the following format:
Netegrity::PolicyMgtUserDir‑>AnonymousIDAttr([anonIDAttr])
Parameters
The AnonymousIDAttr method accepts the following parameter:
anonIDAttr (string)
(Optional) Specifies a new name for the anonymous user DN attribute.
Return Value
The AnonymousIDAttr method returns one of the following values:
Specifies the new or existing name of the anonymous user DN attribute.
Specifies that the call is unsuccessful.
The ChalRespAttr method sets or retrieves the name of the user directory's challenge/response attribute. You can use the ChalRespAttr method with LDAP directories and some custom directories.
Syntax
The ChalRespAttr method has the following format:
Netegrity::PolicyMgtUserDir‑>ChalRespAttr([chalRespAttr])
Parameters
The ChalRespAttr method accepts the following parameter:
chalRespAttr (string)
(Optional) Specifies a new name for the user directory's challenge/response attribute.
Return Value
The ChalRespAttr method returns one of the following values:
Specifies the new or existing name of the user directory's challenge/response attribute.
Specifies that the call is unsuccessful.
The Description method sets or retrieves the description of the user directory.
Syntax
The Description method has the following format:
Netegrity::PolicyMgtUserDir‑>Description([userDirDesc])
Parameters
The Description method accepts the following parameter:
userDirDesc (string)
(Optional) Specifies a new description for the user directory.
Return Value
The Description method returns one of the following values:
Specifies the new or existing description of the user directory.
Specifies that the call is unsuccessful.
The DisabledAttr method sets or retrieves the name of the user directory attribute that contains the user's disabled state. This method applies to LDAP and ODBC directories and some custom directories.
Syntax
The DisabledAttr method has the following format:
Netegrity::PolicyMgtUserDir‑>DisabledAttr([disabledAttr])
Parameters
The DisabledAttr method accepts the following parameter:
disabledAttr (string)
(Optional) Specifies a new name for the user directory attribute that contains the user's disabled state.
Return Value
The DisabledAttr method returns one of the following values:
Specifies the new or existing name of the user directory attribute that contains the user's disabled state.
Specifies that the call is unsuccessful.
The EmailAttr method sets or retrieves the name of the email attribute.
Note: This method is reserved for future use.
Syntax
The EmailAttr method has the following format:
Netegrity::PolicyMgtUserDir‑>EmailAttr([emailAttr])
Parameters
The EmailAttr method accepts the following parameter:
emailAttr (string)
(Optional) Specifies a new name for the email attribute.
Return Value
The EmailAttr method returns one of the following values:
Specifies the new or existing name of the email attribute.
Specifies that the call is unsuccessful.
The EnableSecurityContext method sets or retrieves the user directory flag that specifies whether security context is enabled.
Syntax
The EnableSecurityContext method has the following format:
Netegrity::PolicyMgtUserDir‑>EnableSecurityContext([securityctxflag])
Parameters
The EnableSecurityContext method accepts the following parameter:
securityctxflag (int)
(Optional) Specifies a new value for the user directory's security context flag :
Return Value
The EnableSecurityContext method returns the new or existing value for the security context flag:
Specifies that security context is enabled.
Specifies that security context is disabled.
Specifies that the call is unsuccessful.
The GetContents method retrieves all users in the user directory.
Syntax
The GetContents method has the following format:
Netegrity::PolicyMgtUserDir‑>GetContents()
Parameters
The GetContents method accepts no parameters.
Return Value
The GetContents method returns one of the following values:
The GetNamespace method retrieves the user directory namespace.
Syntax
The GetNamespace method has the following format:
Netegrity::PolicyMgtUserDir‑>GetNamespace()
Parameters
The GetNamespace method accepts no parameters.
Return Value
The GetNamespace method returns one of the following values:
The IsSecure method sets or retrieves the flag that specifies whether SiteMinder performs secure authentication for an LDAP or custom user directory. When this flag is enabled, SiteMinder authentication is secure and transmissions are encrypted. Enable this flag when using SSL.
Syntax
The IsSecure method has the following format:
Netegrity::PolicyMgtUserDir‑>IsSecure([secureFlag])
Parameters
The IsSecure method accepts the following parameter:
secureFlag (int)
(Optional) Specifies whether SiteMinder performs secure authentication:
Return Value
The IsSecure method returns the new or existing value for the secure authentication flag:
Specifies that secure authentication is enabled.
Specifies that secure authentication is disabled.
Specifies that the call is unsuccessful.
The LookupEntry method retrieves the user or users in the user directory that match the specified search pattern.
Syntax
The LookupEntry method has the following format:
Netegrity::PolicyMgtUserDir‑>LookupEntry(srchPattern)
Parameters
The LookupEntry method accepts the following parameter:
srchPattern (string)
Specifies the pattern to match when searching for users in the user directory.
Return Value
The LookupEntry method returns one of the following values:
The MaxResults method sets or retrieves the maximum number of search results to return from a search of an LDAP or custom user directory.
Syntax
The MaxResults method has the following format:
Netegrity::PolicyMgtUserDir‑>MaxResults([nResults])
Parameters
The MaxResults method accepts the following parameter:
nResults (int)
(Optional) Specifies a new number for the maximum results to return from a user directory search.
Return Value
The MaxResults method returns one of the following values:
Specifies the new or existing maximum number of results to return from a user directory search.
Specifies that the call is unsuccessful.
The Name method sets or retrieves the name of the user directory.
Syntax
The Name method has the following format:
Netegrity::PolicyMgtUserDir‑>Name([userDirName])
Parameters
The Name method accepts the following parameter:
userDirName (string)
(Optional) Specifies a new name for the user directory.
Return Value
The Name method returns one of the following values:
Specifies the new or existing name of the user directory.
Specifies that the call is unsuccessful.
The ODBCQueryScheme method sets or retrieves the ODBC query scheme for the user directory.
Syntax
The ODBCQueryScheme method has the following format:
Netegrity::PolicyMgtUserDir‑>ODBCQueryScheme([odbcScheme])
Parameters
The ODBCQueryScheme method accepts the following parameters:
odbcScheme (PolicyMgtODBCQueryScheme)
(Optional) Specifies a new ODBC query scheme for the user directory.
Return Value
The ODBCQueryScheme method returns one of the following values:
The Password method sets or retrieves the user password for access to the user directory.
Syntax
The Password method has the following format:
Netegrity::PolicyMgtUserDir‑>Password([pwd])
Parameters
The Password method accepts the following parameter:
pwd (string)
(Optional) Specifies a new user password for access to the user directory.
Return Value
The Password method returns one of the following values:
Specifies the new or existing user password.
Specifies that the call is unsuccessful.
The PwdAttr method sets or retrieves the name of the user directory's password attribute.
Syntax
The PwdAttr method has the following format:
Netegrity::PolicyMgtUserDir‑>PwdAttr([pwdAttr])
Parameters
The PwdAttr method accepts the following parameter:
pwdAttr (string)
(Optional) Specifies a new name for the user directory's password attribute.
Return Value
The PwdAttr method returns one of the following values:
Specifies the new or existing name of the user directory's password attribute.
Specifies that the call is unsuccessful.
The PwdDataAttr method sets or retrieves the name of the user directory's password data attribute.
Syntax
The PwdDataAttr method has the following format:
Netegrity::PolicyMgtUserDir‑>PwdDataAttr([pwdDataAttr])
Parameters
The PwdDataAttr method accepts the following parameter:
pwdDataAttr (string)
(Optional) Specifies a new name for the user directory's password data attribute.
Return Value
The PwdDataAttr method returns one of the following values:
Specifies the new or existing name of the user directory's password data attribute.
Specifies that the call is unsuccessful.
The RequireCredentials method sets or retrieves the flag that specifies whether SiteMinder is required to check user credentials.
Syntax
The RequireCredentials method has the following format:
Netegrity::PolicyMgtUserDir‑>RequireCredentials([credFlag])
Parameters
The RequireCredentials method accepts the following parameter:
credFlag (int)
(Optional) Specifies whether SiteMinder is required to check user credentials:
Return Value
The RequireCredentials method returns the new or existing value for the require credentials flag:
Specifies that credentials are required.
Specifies that credentials are not required.
Specifies that the call is unsuccessful.
The SearchRoot method sets or retrieves different values for different directory types:
The SearchRoot method sets or retrieves the location in the LDAP tree that is the starting point for the directory connection, for example, the organization (o) or organizational unit (ou). This location, called the search root, is the point where the Policy Server starts the search for a user.
The SearchRoot method sets or retrieves a string of parameters to pass to the custom library.
Syntax
The SearchRoot method has the following format:
Netegrity::PolicyMgtUserDir‑>SearchRoot([srchRoot])
Parameters
The SearchRoot method accepts the following parameter:
srchRoot (string)
Specifies a new search root for an LDAP directory or parameter string for a custom directory.
Return Value
The SearchRoot method returns one of the following values:
Specifies the new or existing search root for an LDAP directory or parameter string for a custom directory.
Specifies that the call is unsuccessful.
The SearchScope method sets or retrieves the search scope for an LDAP user directory. The search scope specifies how many levels SiteMinder searches for users or user groups in the LDAP directory.
Syntax
The SearchScope method has the following format:
Netegrity::PolicyMgtUserDir‑>SearchScope([searchScope])
Parameters
The SearchScope method accepts the following parameter:
searchScope (int)
(Optional) Specifies a new search scope for an LDAP user directory:
Specifies searching the root and all levels below.
Specifies searching the root and one level below.
Return Value
The SearchScope method returns one of the following new or existing values:
Specifies searching the root and all levels below.
Specifies searching the root and one level below.
Specifies that the call is unsuccessful.
The SearchTimeout method sets or retrieves the maximum time, in seconds, allowed for searching an LDAP or custom user directory.
Syntax
The SearchTimeout method has the following format:
Netegrity::PolicyMgtUserDir‑>SearchTimeout([maxTimeout])
Parameters
The SearchTimeout method accepts the following parameter:
maxTimeout (int)
(Optional) Specifies a new maximum time (in seconds) allowed for searching an LDAP or custom user directory.
Return Value
The SearchTimeout method returns one of the following values:
Specifies the new or existing maximum time (in seconds) allowed for searching an LDAP or custom user directory.
Specifies that the call is unsuccessful.
The Server method sets or retrieves a value. The type of value depends on the type of user directory, as follows:
The Server method sets or retrieves the LDAP server's IP address and port number.
The Server method sets or retrieves the data source name.
The Server method sets or retrieves the domain name.
The Server method sets or retrieves the library name.
Syntax
The Server method has the following format:
Netegrity::PolicyMgtUserDir‑>Server([server])
Parameters
The Server method accepts the following parameter:
server (string)
(Optional) Specifies a new value for one of the following types of directories:
Specifies a new IP address and port number for the LDAP server.
Format: IP_address:port_number
Default port number: 389
Specifies a new data source name.
Specifies a new domain name.
Specifies a new library name.
Return Value
The Server method returns one of the following values:
Specifies the new or existing value for the user directory.
Specifies that the call is unsuccessful.
The UIDAttr method sets or retrieves the name of the user directory's universal ID attribute. The universal ID is different from the user's login ID and is used to look up user information. This method applies to LDAP, ODBC, and WinNT directories and to some custom directories.
Syntax
The UIDAttr method has the following format:
Netegrity::PolicyMgtUserDir‑>UIDAttr([uidAttr])
Parameters
The UIDAttr method accepts the following parameter:
uidAttr (string)
(Optional) Specifies a new name for the universal ID attribute.
Return Value
The UIDAttr method returns one of the following values:
Specifies the new or existing name of the universal ID attribute.
Specifies that the call is unsuccessful.
The UserLookupEnd method sets or retrieves the endpoint for a user DN lookup in an LDAP directory.
Syntax
The UserLookupEnd method has the following format:
Netegrity::PolicyMgtUserDir‑>UserLookupEnd([lookupEnd])
Parameters
The UserLookupEnd method accepts the following parameter:
lookupEnd (string)
(Optional) Specifies a new value for the user DN lookup endpoint.
Return Value
The UserLookupEnd method returns one of the following values:
Specifies the new or existing user DN lookup endpoint.
Specifies that the call is unsuccessful.
Remarks
Specifying values for the user DN lookup starting point and endpoint allows users to enter part of the DN string when authenticating. In the following example, the user only needs to specify the string "JSmith" and not the whole DN string when logging in:
The UserLookupStart method sets or retrieves the starting point for a user DN lookup in an LDAP directory.
Syntax
The UserLookupStart method has the following format:
Netegrity::PolicyMgtUserDir‑>UserLookupStart([lookupStart])
Parameters
The UserLookupStart method accepts the following parameter:
lookupStart (string)
(Optional) Specifies a new value for the user DN lookup starting point.
Return Value
The UserLookupStart method returns one of the following values:
Specifies the new or existing user DN lookup starting point.
Specifies that the call is unsuccessful.
Remarks
Specifying values for the user DN lookup starting point and endpoint allows users to enter part of the DN string when authenticating. In the following example, the user only needs to specify the string "JSmith" and not the whole DN string when logging in:
The Username method sets or retrieves the username required for accessing the user directory. Set the username only if the RequireCredentials method returns the value of 1.
Syntax
The Username method has the following format:
Netegrity::PolicyMgtUserDir‑>Username([username])
Parameters
The Username method accepts the following parameters:
username (string)
(Optional) Specifies a new name for the user.
Return Value
The Username method returns one of the following values:
Specifies the new or existing name of the user.
Specifies that the call is unsuccessful.
The ValidateEntry method validates a user directory entry.
Syntax
The ValidateEntry method has the following format:
Netegrity::PolicyMgtUserDir‑>ValidateEntry(path)
Parameters
The ValidateEntry method accepts the following parameter:
path (string)
Specifies the path of the user or user group to validate.
Return Value
The ValidateEntry method returns one of the following values:
Specifies that the method is successful.
Specifies that the method is unsuccessful.
The following methods act on PolicyMgtUserPasswordState objects:
The DisabledTime method sets or retrieves the time that the user object was disabled. The time is represented as the number of seconds that have elapsed since a particular instant in time that varies from system to system. One common representation is the number of seconds that have elapsed since 00:00:00 1/1/1970 UTC (Coordinated Universal Time).
Syntax
The DisabledTime method has the following format:
Netegrity::PolicyMgtUserPasswordState‑>DisabledTime([time])
Parameters
The DisabledTime method accepts the following parameter:
time (long)
(Optional) Specifies a new time for when the user object was disabled.
Return Value
The DisabledTime method returns the following value:
Specifies the new or existing time that the user object was disabled.
The LastPWChangeTime method sets or retrieves the time that the user's password was last changed. The time is represented as the number of seconds that have elapsed since a particular instant in time that varies from system to system. One common representation is the number of seconds that have elapsed since 00:00:00 1/1/1970 UTC (Coordinated Universal Time).
Syntax
The LastPWChangeTime method has the following format:
Netegrity::PolicyMgtUserPasswordState‑>LastPWChangeTime([time])
Parameters
The LastPWChangeTime method accepts the following parameter:
time (long)
Specifies a new time for when the user's password was last changed.
Return Value
The LastPWChangeTime method returns one of the following values:
Specifies the new or existing time that the user's password was changed.
Specifies that the user started to change the password, but did not complete the procedure.
The LastLoginTime method sets or retrieves the time that the user last logged in successfully. The time is represented as the number of seconds that have elapsed since a particular instant in time that varies from system to system. One common representation is the number of seconds that have elapsed since 00:00:00 1/1/1970 UTC (Coordinated Universal Time).
Syntax
The LastLoginTime method has the following format:
Netegrity::PolicyMgtUserPasswordState‑>LastLoginTime([time])
Parameters
The LastLoginTime method accepts the following parameter:
time (long)
(Optional) Specifies a new time for when the user last logged in successfully.
Return Value
The LastLoginTime method returns the following value:
Specifies the new or existing time that the user last logged in successfully.
The LoginFailures method sets or retrieves the number of times the user failed to log in since the user's last successful login.
Syntax
The LoginFailures method has the following format:
Netegrity::PolicyMgtUserPasswordState‑>LoginFailures([count])
Parameters
The LoginFailures method accepts the following parameter:
count (int)
(Optional) Specifies a new value for the number of login failures.
Return Value
The LoginFailures method returns one of the following values:
Specifies the new or existing number of login failures since the user's last successful login.
The following methods act on PolicyMgtVariableType objects. PolicyMgtVariableType objects are read-only:
The GetName method retrieves the name of the variable type object. The variable type object is read-only. See the PolicyMgtSession‑>GetVariableType method for the list of variable type object names that GetName can return.
Syntax
The GetName method has the following format:
Netegrity::PolicyMgtVariableType‑>GetName()
Parameters
The GetName method accepts no parameters.
Return Value
The GetName method returns one of the following values:
The following methods act on PolicyMgtWSFEDResourcePartner objects:
The AddAttribute method adds an attribute to the WS-Federation Resource Partner.
Syntax
The AddAttribute method has the following format:
Netgerity::PolicyMgtWSFEDResourcePartner‑>AddAttribute(attrNameFormat, value)
Parameters
The AddAttribute method accepts the following parameters:
attrNameFormat (int)
Specifies one of the following attribute types:
value (string)
Specifies an attribute value in one of the following formats:
Note: The value's format must match the attribute's type, unless the type is WSFEDRP_NAMEVALUE. In this case, the value can be in any format.
Note: To allow SiteMinder to retrieve DN attributes from a nested group, preface DNSpec with an exclamation point (!), as follows: dn="!ou=People,o=security.com"
Return Value
The AddAttribute method returns one of the following values:
The AddUser method adds a user to the WS-Federation Resource Partner.
Syntax
The AddUser method has the following format:
Netegrity::PolicyMgtWSFEDResourcePartner‑>AddUser(user)
Parameters
The AddUser method accepts the following parameter:
user (PolicyMgtUser object)
Specifies the user to add to the Resource Partner.
Return Value
The AddUser method returns one of the following values:
Specifies that the method is successful.
Specifies that the method is unsuccessful.
The CreateIPConfigHostName method creates an IP configuration object for the WS-Federation Resource Partner based on the specified host name. This method creates an IP address restriction for the assertion generation policy. With this address restriction, only assertions generated from the specified host are accepted.
Syntax
The CreateIPConfigHostName method has the following format:
Netegrity::PolicyMgtWSFEDResourcePartner‑>CreateIPConfigHostName(hostName)
Parameters
The CreateIPConfigHostName method accepts the following parameter:
hostName (string)
Specifies the name of the host where assertions must originate.
Return Value
The CreateIPConfigHostName method returns one of the following values:
The CreateIPConfigSingleHost method creates an IP configuration object for the WS-Federation Resource Partner based on the specified IP address. This method creates an IP address restriction for the assertion generation policy. With this address restriction, only assertions generated from the specified IP address are accepted.
Syntax
The method has the following format:
Netegrity::PolicyMgtWSFEDResourcePartner‑>CreateIPConfigSingleHost(ipAddr)
Parameters
The CreateIPConfigSingleHost method accepts the following parameter:
ipAddr (string)
Specifies the IP address where assertions must originate.
Return Value
The CreateIPConfigSingleHost method returns one of the following values:
The CreateIPConfigSubnetMask method creates an IP configuration object for the WS-Federation Resource Partner based on the specified IP address and subnet mask. This method creates an IP address restriction for the assertion generation policy. With this address restriction, only assertions generated from the subnet address are accepted. The subnet address is derived from the specified IP address and subnet mask.
Syntax
The CreateIPConfigSubnetMask method has the following format:
Netegrity::PolicyMgtWSFEDResourcePartner‑>CreateIPConfigSubnetMask(ipAddr, subnetMask)
Parameters
The CreateIPConfigSubnetMask method accepts the following parameters:
ipAddr (string)
Specifies the IP address used to derive the subnet address.
subnetMask (unsigned long)
Specifies the subnet mask used to derive the subnet address.
Note: For more information about the subnet mask, see the method PolicyMgtPolicy‑>CreateIPConfigSubnetMask.
Return Value
The CreateIPConfigSubnetMask method returns one of the following values:
The DeleteIPConfig method deletes the specified IP configuration object.
Syntax
The DeleteIPConfig method has the following format:
Netegrity::PolicyMgtWSFEDResourcePartner‑>DeleteIPConfig(IPConfig)
Parameters
The DeleteIPConfig method accepts the following parameter:
IPConfig (PolicyMgtIPConfig object)
Specifies the IP configuration object to delete.
Return Value
The DeleteIPConfig method returns one of the following values:
Specifies that the method is successful.
Specifies that the method is unsuccessful.
The GetAllAttributes method retrieves all attributes defined for the WS-Federation Resource Partner.
Syntax
The GetAllAttributes method has the following format:
Netegrity::PolicyMgtWSFEDResourcePartner‑>GetAllAttributes()
Parameters
The GetAllAttributes method accepts no parameters.
Return Value
The GetAllAttributes method returns one of the following values:
The GetAllIPConfigs method retrieves all IP configuration objects for the Service Provider.
Syntax
The GetAllIPConfigs method has the following format:
Netegrity::PolicyMgtWSFEDResourcePartner‑>GetAllIPConfigs()
Parameters
The GetAllIPConfigs method accepts no parameters.
Return Value
The GetAllIPConfigs method returns one of the following values:
The GetAllUsers method retrieves all users associated with the WS-Federation Resource Partner. If a user directory is specified, this method only returns the users associated with the specified directory.
Syntax
The GetAllUsers method has the following format:
Netegrity::PolicyMgtWSFEDResourcePartner‑>GetAllUsers([userDir])
Parameters
The GetAllUsers method accepts the following parameter:
userDir (PolicyMgtUserDir object)
(Optional) Specifies only those users associated with the user directory.
Return Value
The GetAllUsers method returns one of the following values:
The Property method sets or retrieves the value of the specified WS-Federation Resource Partner property. For a list of metadata properties, see the WS-Federation Property Reference in this guide.
Note: After modifying one or more properties, call Save to write the changes to the policy store.
Syntax
The Property method has the following format:
Netegrity::PolicyMgtWSFEDResourcePartner‑>Property(name, [newvalue])
Parameters
The Property method accepts the following parameters:
name (string)
Specifies the property to set or retrieve.
newvalue (string)
(Optional) Specifies a new value for the Resource Partner property.
Return Value
The Property method returns one of the following values:
Specifies the new or existing value of the property.
Specifies that the call is unsuccessful.
The RemoveAttribute method removes an attribute from the WS-Federation Resource Partner.
Syntax
The RemoveAttribute method has the following format:
Netgerity::PolicyMgtWSFEDResourcePartner‑>RemoveAttribute(attrName)
Parameters
The RemoveAttribute method accepts the following parameter:
attrName (PolicyMgtWSFEDRPAttr)
Specifies the attribute to remove.
Return Value
The RemoveAttribute method returns one of the following values:
The RemoveUser method removes the specified user from the WS-Federation Resource Partner.
Syntax
The RemoveUser method has the following format:
Netegrity::PolicyMgtWSFEDResourcePartner‑>RemoveUser(user)
Parameters
The RemoveUser method accepts the following parameter:
user (PolicyMgtUser object)
Specifies the user to remove from the Resource Partner.
Return Value
The RemoveUser method returns one of the following values:
Specifies that the method is successful.
Specifies that the method is unsuccessful.
The Save method writes the WS-Federation Resource Partner's metadata to the policy store. To modify the metadata, call the PolicyMgtWSFEDResourcePartner‑>Property method. Then, call Save to save the changes.
Syntax
The Save method has the following format:
Netegrity::PolicyMgtWSFEDResourcePartner‑>Save()
Parameters
The Save method accepts no parameters.
Return Value
The Save method returns one of the following values:
Specifies that the method is successful.
Specifies that the method is unsuccessful.
Specifies that the user lacks the privileges required to save the changes.
Specifies that the path and class are empty.
The following methods act on PolicyMgtWSFEDResourcePartnerAttr objects:
The GetAttrNameFormat method retrieves the format of attribute names used with this WS-Federation Resource Partner.
Syntax
The GetAttrNameFormat method has the following format:
Netegrity::PolicyMgtWSFEDRPattr‑>GetAttrNameFormat()
Parameters
The GetAttrNameFormat method accepts no parameters.
Return Value
The GetAttrNameFormat method returns one of the following format values:
The GetValue method retrieves the value of the WS-Federation Resource Partner attribute.
Syntax
The GetValue method has the following format:
Netegrity::PolicyMgtWSFEDRPAttr‑>GetValue()
Parameters
The GetValue method accepts no parameters.
Return Value
The GetValue method returns one of the following values:
|
Copyright © 2013 CA.
All rights reserved.
|
|