|
|
|
You create and configure a variable by calling CreateVariable() for a PolicyMgtDomain object.
One of this method's arguments is definition. The value of this argument can be a simple string or a set of XML elements, depending on the variable type. Here are the SiteMinder variable types and a description of the definition argument for each type:
The definition argument contains the name of a field on an HTML form. In a POST action, the variable value is derived from the value assigned to the field.
The definition argument contains the following XML code:
<RequestContextVariableDef> <ItemName></ItemName> </RequestContextVariableDef>
The variable value depends upon which of the following attribute names appears within the ItemName element:
The definition argument contains the actual value that will be compared against the user-supplied data at runtime. For example, a Static variable of return type VAR_RETTYPE_DATE might be assigned the string value 2004-01-01. During authorization, this assigned date is compared to a user-supplied date.
The definition argument contains some or all of the following XML code:
<UserContextVariableDef> <ItemName></ItemName> <PropertyName></PropertyName> <DN></DN> <BufferSize></BufferSize> </UserContextVariableDef>
The variable value is based on an attribute of a user directory connection (such as session ID) or on the contents of the user directory (such as user name). The name of the attribute upon which the variable value is based appears in the XML element ItemName.
The elements PropertyName, DN, and BufferSize are only used as follows:
For a complete list of the valid ItemName values, see the description of CreateVariable() in the Policy Management API Reference (PolicyMgtAPI.htm).
The definition argument contains the following basic XML structure:
<WebServiceVariableDefn xmlns:NeteWS= "http://www.netegrity.com/2003/SM6.0";> <NeteWS:RemoteURL></NeteWS:RemoteURL> <NeteWS:SSL/> <NeteWS:RemoteMethod></NeteWS:RemoteMethod> <NeteWS:ResultQuery></NeteWS:ResultQuery> <NeteWS:AuthCredentials> <NeteWS:Username></NeteWS:Username> <NeteWS:Password></NeteWS:Password> <NeteWS:Hash></NeteWS:Hash> </NeteWS:AuthCredentials> <NeteWS:Document> <SOAP:Envelope xmlns:SOAP= "http://schemas.xmlsoap.org/soap/envelope/";> <SOAP:Header></SOAP:Header> <SOAP:Body></SOAP:Body> </SOAP:Envelope> </NeteWS:Document> </WebServiceVariableDefn>
To retrieve a variable value from a Web Service, the Policy Server sends the Web Service a SOAP request document as specified in the definition argument, and then extracts the variable value from the SOAP response.
The following table describes the XML elements used to configure a WebService variable:
|
Element |
Description |
|---|---|
|
RemoteURL |
The URL to the Web Service that will resolve the WebService variable. |
|
SSL |
Specifies that the connection between the Policy Server and the Web Service should use SSL. |
|
RemoteMethod |
Set this element to POST. |
|
ResultQuery |
The return query, in XPath format. The Policy Server uses this information to search for the variable's value in the SOAP response document. |
|
AuthCredentials |
Optionally, specify the user's Web Service credentials through the following elements:
Optionally, use the Hash element to specify that a hash of the password is to be included in the WS‑Security password. |
|
Document |
Optionally, use this element to define a SOAP header and/or SOAP body through the following elements:
Nested variables of type RequestContext, UserContext, Post, and Static can be used inside the header and body. Their values are resolved and substituted before the request document is sent to the remote Web Service. Specify a nested variable as follows: $variable-name$ |
Note: The XML element structures shown above are formatted for legibility. The XML string supplied through the definition argument should not be formatted with spaces, tabs, and return characters. For example, a RequestContext variable for a Resource attribute would be passed in definition as follows:
<RequestContextVariableDef><ItemName>Resource</ItemName></RequestContextVariableDef>
The following information is required in a call to CreateVariable():
If you have both the optional TransactionMinder product and the Option Pack installed, you can use the following types of variables:
You cannot create variables of these types with the Command Line Interface. You can only do so using the Administrative UI.
Example: Create a ResourceContext Variable
The following example creates the variable MyVar as a ResourceContext variable. The variable value is the resource that is being protected (for example, /directory_name/):
use Netegrity::PolicyMgtAPI;
$pmgtapi=Netegrity::PolicyMgtAPI‑>New();
$session=$pmgtapi‑>CreateSession("adminid", "adminpwd");
$dom=$session‑>GetDomain("MyDomain");
$varName="MyVar";
$varType=$session‑>GetVariableType("RequestContext");
$varDef="<RequestContextVariableDef><ItemName>Resource</ItemName>
</RequestContextVariableDef>";
$vr=$dom‑>CreateVariable($varName,$varType,$varDef,
VAR_RETTYPE_STRING);
if ($vr==undef) {
print "Create operation failed.";
}
else {
print "Created variable " . $varName;
}
| Copyright © 2010 CA. All rights reserved. | Email CA about this topic |