Programming Guides › Programming Guide for C › Authorization API › Authorization API Overview

Authorization API Overview

Using the Authorization API, you can implement custom access control functionality. To implement custom access control functionality, you must:

1. Develop a shared library that supports the Authorization API and provides the custom functionality you need.

   The shared library must contain one or more functions defined as exportable symbols. SmApi.h defines all of the data structures necessary to create custom policy, rule, and response plug-ins.

2. Install the shared library in one of the following default locations:
   • On UNIX platforms, in the SiteMinder lib directory
   • On Windows platforms, in the SiteMinder bin directory
3. Define one or more of the following in the Administrative UI:
   • Active policy—A policy that provides dynamic authorization based on external business logic.

     For example, you might define an active policy that returns true if the user belongs to a particular organizational unit (ou) in an LDAP directory as defined in the parameter (param) field of the active policy expression.

   • Active response—A custom response returned from a shared library. Using an active response is one way you can define user-specific privilege information.

     For example, you might define an active response that returns a user's common name (cn) if the user belongs to the ou specified in the param field of the active response expression.

   • Active rule—A rule that provides dynamic authorization based on external business logic.

     For example, you might define an active rule that returns true if a user is a member of a group, such as Directory Administrator, that has permission to view a realm.