|
|
|
The CreateAffiliate method creates and configures an affiliate object within an affiliate domain.
Syntax
The CreateAffiliate method has the following format:
Netegrity::PolicyMgtAffDomain‑>CreateAffiliate( affName, password, authURL, validityDuration, skewTime [, affDesc] [, allowNotification] [, audience] [, enableFlag] [, shareSessioning] [, sessionSyncInterval] [, SAMLVersion] [, SAMLProfile] [,ConsumerURL] )
Parameters
The CreateAffiliate method accepts the following parameters:
affName (string)
Specifies the name of the affiliate object. The name should be unique across all affiliate domains.
password (string)
Specifies the password that affiliates use to access SiteMinder Federation Web Services.
authURL (string)
Specifies the URL used to authenticate affiliate users.
validityDuration (long)
Specifies the number of seconds that a SiteMinder-generated SAML assertion is valid. If an affiliate receives the assertion after the specified time, the assertion is considered invalid.
skewTime (long)
Specifies the difference, in seconds, between the system clock time of the assertion producer site and the system clock time of the affiliate site. The skew time is added to validityDuration. Times are relative to GMT.
affDesc (string)
(Optional) Specifies the description of the affiliate.
allowNotification (int)
(Optional) Specifies whether to allow event notifications. Set to 1 to enable event notifications to be sent from the affiliate to SiteMinder on the assertion producer site. Set to 0 to disable the event notification service. Default is 0 (notifications disabled).
audience (string)
(Optional) Specifies the URI of the document that describes the agreement between the assertion producer and the affiliate. This value is included in the SAML assertion passed to the affiliate and can be used for validation purposes. Also, the affiliate can parse the audience document to obtain relevant information. The audience value must match the Assertion Audience setting in the AffiliateConfig.xml configuration file for the SAML Affiliate Agent.
enableFlag (int)
(Optional) Specifies whether to enable the affiliate object. Set to 1 to enable the affiliate object, or 0 to disable it. Default is 1 (object is enabled).
shareSessioning (int)
(Optional) Specifies whether to share session information. Set to 1 to allow the assertion producer and the affiliate to share session information, or set to 0 to have the producer and affiliate maintain separate sessions. Default is 0 (separate sessions). With shared sessions, the sessions on both sites are terminated when the session on either site ends.
sessionSyncInterval (long)
(Optional) Specifies the frequency, in seconds, at which the affiliate contacts the producer site to validate the status of a shared session.
SAMLVersion (long)
(Optional) Specifies the SAML version. One of the following values:
Specifying a SAML version has effect only if the Policy Manager API's session version is at least v6.0 SP 1.
SAMLProfile (long)
(Optional) Specifies the type of profile used to send and receive SAML assertions. Valid profiles:
AFFILIATE_SAML_PROFILE_ARTIFACT. The SAML assertion is retrieved from a URL associated with the assertion producer. The URL is specified during configuration of the SAML Artifact authentication scheme.
AFFILIATE_SAML_PROFILE_POST. The generated SAML assertion is POSTed to the URL specified in ConsumerURL.
This profile is supported only if the Policy Management API's session version is at least v6.0 SP 2. If an earlier version is involved, the POST profile request is ignored, and an attempt is made to create an affiliate object based on the artifact profile.
ConsumerURL (string)
(Optional) Specifies the URL where the requesting user's browser must POST a generated assertion. The site associated with the URL validates the assertion and uses its contents to make access decisions.
Return Value
The CreateAffiliate method returns one of the following values:
PolicyMgtAffiliate object if successful
undef if unsuccessful
Remarks
An affiliate object represents an affiliate site in a federated business network. Affiliate objects and affiliate domains are available through SiteMinder Federation Security Services.
| Copyright © 2010 CA. All rights reserved. | Email CA about this topic |