|
|
|
The AddAttribute method Adds a new affiliate attribute to the affiliate object.
Syntax
The AddAttribute method has the following format:
Netegrity::PolicyMgtAffiliate‑>AddAttribute(attrType, value)
Parameters
The AddAttribute method accepts the following parameters:
attrType (int)
Specifies one of the following affiliate attribute types:
value (int)
Specifies the value for the affiliate attribute. This value specification appears in the Name Value Pair column of the SiteMinder Affiliate Dialog. The format of the value specification depends upon the kind of affiliate attribute you are adding -- Static, User Attribute, or DN Attribute:
Static. A literal attribute value. A static affiliate attribute is useful for passing specific information about the user to an application at the affiliate site -- for example, the user's credit limit at the affiliate site.
VariableName is the name that identifies the attribute in the SAML assertion, and value is the attribute value.
User Attribute. A user profile attribute name from a user's entry in an LDAP, WinNT, or ODBC user directory -- for example, the attribute name for a user's job title or email address.
UserAttrVariableName is the name that identifies the attribute in the SAML assertion, and UserAttrName (enclosed in quotes) is the name of the attribute in the user directory.
userattr= is static text that must be included in the format. The userattr= portion of the name/value pair must be enclosed by percent signs and angle brackets: <% . . . %>.
Example: email_address=<%userattr="email"%>
DN Attribute. The name of an attribute within an LDAP or ODBC directory object that is associated with the user. Groups to which a user belongs and Organizational Units (ou) that are part of a user DN are examples of directory objects whose attributes can be referenced as DN attributes. For example, a DN attribute can reference a company division for a user, based on the user's membership in a division.
DNVariableName is the name that identifies the attribute in the SAML assertion. DNSpec (enclosed in quotes) is the DN of the directory object, and DNAttrName (enclosed in quotes) is the name of the directory object attribute.
dn= and attr= are static text strings that must be included in the format. The dn= and attr= portion of the name/value pair must be enclosed by pound signs and angle brackets: <# . . . #>.
Example: GroupName=<#dn="ou=home,o=security.com" attr="cn"#>
To allow SiteMinder to retrieve DN attributes from a nested group, begin DNSpec with an exclamation mark ( ! ) -- for example:
dn="!ou=home,o=security.com"
Return Value
The AddAttribute method returns the following value:
Remarks
Affiliate attributes are name/value pairs that SiteMinder provides to an affiliate in a SAML assertion. Attributes include user entitlements (such as the user's credit limit at the affiliate site) and information from a user's profile (such as job title or email address).
When an application at the affiliate site extracts affiliate attributes from the assertion, it can make the attributes available to other applications at the site as HTTP header variables or HTTP cookie variables.
Note: The total size of an assertion passed to an affiliate cannot exceed 4K. If you include a large number of attributes in an affiliate object, you may violate this limit. A maximum assertion size of 3K is recommended.
| Copyright © 2010 CA. All rights reserved. | Email CA about this topic |