|
|
|
The following script checks all the rules for each realm in the policy store. If no rules in a realm are triggered by authentication events, the script then checks whether authentication event processing is enabled for the realm. If it is, the script disables authentication event processing for the realm. The script performs the same checks for authorization events.
To simplify the example, realms in the domains are known not to have child realms.
use Netegrity::PolicyMgtAPI;
$policyapi = Netegrity::PolicyMgtAPI‑>New();
$session = $policyapi‑>CreateSession("adminid", "adminpwd");
$auAction=0; # Initialize flag for authentication actions
$azAction=0; # Initialize flag for authorization actions
$auChange="";# Realms with a changed auth event processing property
$azChange="";# Realms with a changed az event processing property
@domains=$session‑>GetAllDomains();
foreach $domain(@domains) {
@realms=$domain‑>GetAllRealms();
foreach $realm(@realms) {
@rules=$realm‑>GetAllRules();
foreach $rule(@rules) {
if ($rule‑>Action()=~/OnAuth./ ) {
$auAction=1;
}
if ($rule‑>Action()=~/OnAccess./ ) {
$azAction=1;
}
}
if($auAction==0) {
if($realm‑>ProcessAuEvents()==1) {
$realm‑>ProcessAuEvents(0);
$auChange=$auChange.$domain‑>Name().": ";
$auChange=$auChange.$realm‑>Name()."\n";
}
}
else { $auAction=0; }
if($azAction==0) {
if($realm‑>ProcessAzEvents()==1) {
$realm‑>ProcessAzEvents(0);
$azChange=$azChange.$domain‑>Name().": ";
$azChange=$azChange.$realm‑>Name()."\n";
}
}
else { $azAction=0; }
}
}
if ($auChange ne "") {
print "Stopped auth event processing for these realms:\n";
print $auChange . "\n\n";
}
if ($auChange ne "") {
print "Stopped az event processing for these realms:\n";
print $azChange . "\n";
}
| Copyright © 2010 CA. All rights reserved. | Email CA about this topic |