|
SiteMinder Java SDK r12.0 SP2 |
|||||||||
PREV CLASS NEXT CLASS | ||||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
java.lang.Object | +--netegrity.siteminder.javaagent.AgentAPI
Provides Java access to the SiteMinder Agent API. For background information see SiteMinder Agents in the Java Developer's Guide.
This class
is essentially a one-to-one cover over the C-language version of the
SiteMinder Agent API. It relies on Java Native Interfaces (jdk 1.1.x or above), and
requires the JavaAgentAPI library (dll or shared library) to be co-located with the JVM
and accessible through PATH
or LD_LIBRARY_PATH
settings.
Field Summary | |
static int |
ACCT_SERVER
Accounting server port number. |
static int |
AFFILIATE_KEY_UPDATE
Constant denoting that the affiliate agent name was returned from . |
static int |
AGENT_KEY_UPDATE_CURRENT
Constant denoting that the "current" agent encryption key update was returned from . |
static int |
AGENT_KEY_UPDATE_LAST
Constant denoting that the "last" agent encryption key update was returned from . |
static int |
AGENT_KEY_UPDATE_NEXT
Constant denoting that the "next" agent encryption key update was returned from . |
static int |
AGENT_KEY_UPDATE_PERSISTENT
Constant denoting that the "persistent" agent encryption key update was returned from . |
static int |
ATTR_AUTH_DIR_NAME
Constant denoting the AUTH_DIR_NAME attribute id. |
static int |
ATTR_AUTH_DIR_NAMESPACE
Constant denoting the AUTH_DIR_NAMESPACE attribute id. |
static int |
ATTR_AUTH_DIR_OID
Constant denoting the AUTH_DIR_OID attribute id. |
static int |
ATTR_AUTH_DIR_SERVER
Constant denoting the AUTH_DIR_SERVER attribute id. |
static int |
ATTR_CLIENTIP
Constant denoting the client IP address |
static int |
ATTR_DEVICENAME
Constant denoting the device name |
static int |
ATTR_IDENTITYSPEC
Constant denoting the IDENTITYSPEC attribute id for the user's
identity ticket. |
static int |
ATTR_IDLESESSIONTIMEOUT
Constant denoting the session's idle timeout |
static int |
ATTR_LASTSESSIONTIME
Constant denoting the last access time for the seesion |
static int |
ATTR_MAXSESSIONTIMEOUT
Constant denoting the max session time |
static int |
ATTR_SERVICE_DATA
Service response data returned as attributes from . |
static int |
ATTR_SESSIONID
Constant denoting the session identifier |
static int |
ATTR_SESSIONSPEC
Constant denoting the session specification |
static int |
ATTR_STARTSESSIONTIME
Constant denoting the session start time |
static int |
ATTR_STATUS_MESSAGE
Status message returned as an attribute from . |
static int |
ATTR_USERDN
Constant denoting the USERDN attribute id. |
static int |
ATTR_USERMSG
Constant denoting the USERMSG attribute id. |
static int |
ATTR_USERNAME
Constant denoting the user's name |
static int |
ATTR_USERUNIVERSALID
Constant denoting the USERUNIVERSALID attribute id. |
static int |
AUTH_SERVER
Authentication server port number. |
static int |
AZ_SERVER
Authorization server port number. |
static int |
CACHE_FLUSH_ALL
Constant denoting that the FLUSH_ALL attribute id was returned from . |
static int |
CACHE_FLUSH_ALL_REALMS
Constant denoting that the FLUSH_ALL_REALMS attribute id was returned from . |
static int |
CACHE_FLUSH_ALL_USERS
Constant denoting that the FLUSH_ALL_USERS attribute id was returned from . |
static int |
CACHE_FLUSH_THIS_REALM
Constant denoting that the FLUSH_THIS_REALM attribute id was returned from . |
static int |
CACHE_FLUSH_THIS_USER
Constant denoting that the FLUSH_THIS_USER attribute id was returned from . |
static int |
CERT_HASH_SIZE
Certificate hash size. |
static int |
CHALLENGE
Return status constant denoting a challenge is required for authentication. |
static int |
CRED_ALLOWSAVECREDS
Constant denoting that credentials can be saved. |
static int |
CRED_BASIC
Constant denoting that a username and password are required |
static int |
CRED_CERT_OR_BASIC
Constant denoting that either an X.509 certificate or a username and password are required. |
static int |
CRED_CERT_OR_FORM
Constant denoting cert or form authentication scheme |
static int |
CRED_DIGEST
Constant denoting that a credentials digest is required. |
static int |
CRED_FORMREQUIRED
Constant denoting that a redirect to an HTML form is required. |
static int |
CRED_METADATA_REQUIRED
Constant denoting save credentials hint |
static int |
CRED_NONE
Constant denoting that no credentials are required |
static int |
CRED_NT_CHAL_RESP
Constant denoting that the NT challenge response authentication scheme is required. |
static int |
CRED_SAML
Constant denoting SAML authentication scheme |
static int |
CRED_SSLREQUIRED
Constant denoting that SSL required. |
static int |
CRED_X509CERT
Constant denoting that an X509 certificate is required. |
static int |
CRED_X509CERT_ISSUERDN
Constant denoting that an X509 certificate and an issuer DN are required |
static int |
CRED_X509CERT_USERDN
Constant denoting that an X509 certificate and a user DN are required. |
static int |
CRED_XML_DOCUMENT_MAPPED
Constant denoting XML Document Mapped authentication scheme |
static int |
CRED_XML_DSIG
Constant denoting XML Digital Signature authentication scheme |
static int |
CRED_XML_DSIG_XKMS
Constant denoting XML Digital Signature XKMS authentication scheme |
static int |
CRED_XML_WSSEC
Constant denoting WS-Security authentication scheme |
static int |
FAILURE
Return status constant denoting that the server could not be reached. |
static int |
INVALID_ATTRLIST
Return status constant denoting that the attribute list is invalid. |
static int |
INVALID_MGMTCTXDEF
Return status constant denoting that the management context is invalid. |
static int |
INVALID_REALMDEF
Return status constant denoting that the realm definition is invalid. |
static int |
INVALID_RESCTXDEF
Return status constant denoting that the resource context definition is invalid. |
static int |
INVALID_SESSIONDEF
Return status constant denoting that the session definition is invalid. |
static int |
INVALID_SESSIONID
Return status constant denoting that the session id is invalid. |
static int |
INVALID_TSR
Return status constant denoting that the tunnel service request is invalid. |
static int |
INVALID_USERCREDS
Return status constant denoting that the user credentials are invalid. |
static int |
NO
Return status constant denoting that the operation failed. |
static int |
NOCONNECTION
Return status constant denoting that initialization was not done. |
static int |
SM_AGENTAPI_REQATTR_FLAGS_DELETE
Constant denoting the SM_AGENTAPI_REQATTR_FLAGS_DELETE request attribute. |
static int |
SM_AGENTAPI_REQATTR_FLAGS_NONE
Constant denoting the SM_AGENTAPI_REQATTR_FLAGS_NONE request attribute. |
static int |
SM_AGENTAPI_RESPATTR_FLAGS_NONE
Constant denoting the SM_AGENTAPI_RESPATTR_FLAGS_NONE response attribute. |
static int |
SM_AGENTAPI_RESPATTR_FLAGS_UNRESOLVED
Constant denoting the SM_AGENTAPI_RESPATTR_FLAGS_UNRESOLVED response attribute. |
static int |
SUCCESS
Return status constant denoting success. |
static int |
TIMEOUT
Return status constant denoting that the method timed out. |
static int |
UNRESOLVED
Return status constant denoting unresolved session variables. |
static int |
YES
Return status constant denoting that the operation succeeded. |
Constructor Summary | |
AgentAPI()
Constructs but does not initialize an Agent API object. |
Method Summary | |
int |
audit(java.lang.String clientIPAddr,
java.lang.String transactionId,
ResourceContextDef resCon,
RealmDef realm,
SessionDef session)
Audits authorizations performed out of agent cache. |
int |
authorize(java.lang.String clientIpAddress,
java.lang.String transactionId,
ResourceContextDef rcd,
RealmDef rd,
SessionDef sd,
AttributeList al)
Determines if a defined user is authorized by SiteMinder to perform a defined action on a defined resource. |
int |
authorizeEx(java.lang.String clientIpAddress,
java.lang.String transactionId,
ResourceContextDef rcd,
RealmDef rd,
SessionDef sd,
AttributeList al,
java.lang.StringBuffer UnresolvedList,
java.lang.StringBuffer ResolvedList,
java.lang.Boolean bSimpleAuth)
For internal use only. |
int |
createSSOToken(SessionDef sd,
AttributeList al,
java.lang.StringBuffer SSOToken)
Creates and encrypts a single sign-on token. |
int |
decodeSSOToken(java.lang.String SSOToken,
TokenDescriptor td,
AttributeList al,
boolean UpdateToken,
java.lang.StringBuffer UpdatedSSOToken)
Decodes a single sign-on token. |
int |
delSessionVariables(java.lang.String sessionId,
ResourceContextDef rcd,
AttributeList requestAttributeList,
AttributeList responseAttributeList)
Deletes the specified session variables from the session store. |
int |
delSessionVariablesEx(java.lang.String sessionId,
ResourceContextDef rcd,
AttributeList requestAttributeList,
AttributeList responseAttributeList,
java.lang.String transactionId)
For internal use only. |
int |
doManagement(ManagementContextDef mc,
AttributeList al)
Checks for a pending management request (such as for cache flushing). |
int |
getAgentConfig(java.lang.String templateName,
AttributeList attributeList)
For internal use only. |
int |
getConfig(InitDef id,
java.lang.String agentName,
java.lang.String configPath)
Gets configuration information for the specified agent. |
int |
getMaxTransactBufSize()
This method is deprecated and will not be supported in the future. |
int |
getMaxTunnelBufSize()
Gets the maximum tunnel buffer size that can be transferred in a call to . |
int |
getSessionVariables(java.lang.String sessionId,
ResourceContextDef rcd,
AttributeList requestAttributeList,
AttributeList responseAttributeList)
Retrieves the values of existing session variables. |
int |
getSessionVariablesEx(java.lang.String sessionId,
ResourceContextDef rcd,
AttributeList requestAttributeList,
AttributeList responseAttributeList,
java.lang.String transactionId)
For internal use only. |
int |
init(InitDef id)
Initializes the Agent API object. |
int |
isProtected(java.lang.String clientIpAddress,
ResourceContextDef rcd,
RealmDef rd)
Checks whether a defined resource is protected by SiteMinder, and returns the relevant realm. |
int |
isProtectedEx(java.lang.String clientIpAddress,
ResourceContextDef rcd,
RealmDef rd,
java.lang.String transactionId)
For internal use only. |
int |
login(java.lang.String clientIpAddress,
ResourceContextDef rcd,
RealmDef rd,
UserCredentials uc,
SessionDef sd,
AttributeList al)
Performs session login or validates an existing session. |
int |
loginEx(java.lang.String clientIpAddress,
ResourceContextDef rcd,
RealmDef rd,
UserCredentials uc,
SessionDef sd,
AttributeList al,
java.lang.String transactionId)
For internal use only. |
int |
logout(java.lang.String clientIPAddr,
SessionDef sd)
Logs a user out of a user session and issues an event. |
int |
logoutEx(java.lang.String clientIPAddr,
SessionDef sd,
java.lang.String transactionId)
For internal use only. |
int |
makeCertificateHash(BinaryBuffer cert,
BinaryBuffer hash)
Perform a hash of a public key certificate |
int |
setSessionVariables(java.lang.String sessionId,
ResourceContextDef rcd,
AttributeList requestAttributeList,
AttributeList responseAttributeList)
Creates new session variables or updates existing session variables. |
int |
setSessionVariablesEx(java.lang.String sessionId,
ResourceContextDef rcd,
AttributeList requestAttributeList,
AttributeList responseAttributeList,
java.lang.String transactionId)
For internal use only. |
int |
transact(int serverNumber,
BinaryBuffer bb)
This method is deprecated and will not be supported in the future. |
int |
tunnel(short server,
java.lang.String clientIpAddr,
java.lang.String transactionId,
ResourceContextDef resourceContext,
TunnelServiceRequest tsr,
AttributeList responseAttribs)
Communicates with back-end services that have been registered with the Policy Server. |
int |
unInit()
Uninitializes the Agent API object. |
int |
updateAttributes(java.lang.String clientIPAddr,
java.lang.String transactionId,
ResourceContextDef resourceContext,
RealmDef realm,
SessionDef session,
AttributeList requestAttribs,
AttributeList responseAttribs)
Update response attributes when authenticating or authorizing out of agent cache. |
int |
validate(java.lang.String clientIpAddress,
ResourceContextDef rcd,
RealmDef rd,
UserCredentials uc,
SessionDef sd,
AttributeList al)
For internal use only. |
int |
validateEx(java.lang.String clientIpAddress,
ResourceContextDef rcd,
RealmDef rd,
UserCredentials uc,
SessionDef sd,
AttributeList al,
java.lang.String transactionId)
For internal use only. |
Methods inherited from class java.lang.Object |
equals, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
Field Detail |
public static final int INVALID_SESSIONID
public static final int INVALID_MGMTCTXDEF
public static final int INVALID_ATTRLIST
public static final int INVALID_TSR
public static final int INVALID_SESSIONDEF
public static final int INVALID_USERCREDS
public static final int INVALID_REALMDEF
public static final int INVALID_RESCTXDEF
public static final int NOCONNECTION
public static final int TIMEOUT
public static final int FAILURE
public static final int SUCCESS
public static final int YES
public static final int NO
public static final int CHALLENGE
public static final int UNRESOLVED
delSessionVariables()
method couldn't delete or that the getSessionVariables()
method
couldn't retreive.
public static final int CRED_NONE
public static final int CRED_BASIC
public static final int CRED_DIGEST
public static final int CRED_X509CERT
public static final int CRED_X509CERT_USERDN
public static final int CRED_X509CERT_ISSUERDN
public static final int CRED_CERT_OR_BASIC
public static final int CRED_NT_CHAL_RESP
public static final int CRED_CERT_OR_FORM
public static final int CRED_XML_DOCUMENT_MAPPED
public static final int CRED_XML_DSIG
public static final int CRED_XML_DSIG_XKMS
public static final int CRED_SAML
public static final int CRED_XML_WSSEC
public static final int CRED_SSLREQUIRED
CRED_BASIC
.
public static final int CRED_FORMREQUIRED
public static final int CRED_ALLOWSAVECREDS
public static final int CRED_METADATA_REQUIRED
public static final int ATTR_AUTH_DIR_NAME
AUTH_DIR_NAME
attribute id.
This is the "name" specification of the directory where the user
has been authenticated.
public static final int ATTR_AUTH_DIR_SERVER
AUTH_DIR_SERVER
attribute id.
This is the "server" specification of the directory where the user
has been authenticated.
public static final int ATTR_AUTH_DIR_NAMESPACE
AUTH_DIR_NAMESPACE
attribute id.
This is the "namespace" specification of the directory where the user
has been authenticated.
public static final int ATTR_USERMSG
USERMSG
attribute id.
This is text presented to the user as a result of authentication.
Some authentication schemes supply challenge text or a reason why an
authentication has failed.
public static final int ATTR_USERDN
USERDN
attribute id.
The user’s distinguished name as recognized by SiteMinder.
public static final int ATTR_AUTH_DIR_OID
AUTH_DIR_OID
attribute id.
This is the object id of the directory where the user has been authenticated.
public static final int ATTR_USERUNIVERSALID
USERUNIVERSALID
attribute id.
This is the user's universal ID.
public static final int ATTR_IDENTITYSPEC
IDENTITYSPEC
attribute id for the user's
identity ticket. This attribute is returned if the Web server's user-tracking
feature is enabled.
public static final int ATTR_STARTSESSIONTIME
public static final int ATTR_LASTSESSIONTIME
public static final int ATTR_DEVICENAME
public static final int ATTR_SESSIONID
public static final int ATTR_CLIENTIP
public static final int ATTR_SESSIONSPEC
public static final int ATTR_USERNAME
public static final int ATTR_IDLESESSIONTIMEOUT
public static final int ATTR_MAXSESSIONTIMEOUT
public static final int AFFILIATE_KEY_UPDATE
doManagement()
.
public static final int AGENT_KEY_UPDATE_NEXT
doManagement()
.
Attribute data format is binary, 24 bytes.
public static final int AGENT_KEY_UPDATE_LAST
doManagement()
.
Attribute data format is binary, 24 bytes.
public static final int AGENT_KEY_UPDATE_CURRENT
doManagement()
.
Attribute data format is binary, 24 bytes.
public static final int AGENT_KEY_UPDATE_PERSISTENT
doManagement()
.
Attribute data format is binary, 24 bytes.
public static final int CACHE_FLUSH_ALL
doManagement()
.
public static final int CACHE_FLUSH_ALL_USERS
doManagement()
.
public static final int CACHE_FLUSH_THIS_USER
doManagement()
.
Attribute data format is Dir OID + "/" + User DN
.
public static final int CACHE_FLUSH_ALL_REALMS
doManagement()
.
public static final int CACHE_FLUSH_THIS_REALM
doManagement()
.
Attribute data format is a realm OID.
public static final int ATTR_STATUS_MESSAGE
tunnel()
.
public static final int ATTR_SERVICE_DATA
tunnel()
.
public static final int CERT_HASH_SIZE
public static final int AZ_SERVER
Authorization server port number. Because of the Policy Server
single-process functionality introduced in SiteMinder v6.0, this
port number is the same as the AUTH_SERVER
and ACCT_SERVER
port number.
public static final int AUTH_SERVER
Authentication server port number. Because of the Policy Server
single-process functionality introduced in SiteMinder v6.0, this
port number is the same as the AZ_SERVER
and ACCT_SERVER
port number.
public static final int ACCT_SERVER
Accounting server port number. Because of the Policy Server
single-process functionality introduced in SiteMinder v6.0, this
port number is the same as the AUTH_SERVER
and AZ_SERVER
port number.
public static final int SM_AGENTAPI_REQATTR_FLAGS_NONE
SM_AGENTAPI_REQATTR_FLAGS_NONE
request attribute.
This constant requests default handling of the specified session variable when you
are getting, setting, or deleting the variable.
flags
field of the Attribute
object.
public static final int SM_AGENTAPI_REQATTR_FLAGS_DELETE
SM_AGENTAPI_REQATTR_FLAGS_DELETE
request attribute.
This constant requests that the session variable be deleted after it is retieved
in a call to getSessionVariables()
.
flags
field of the Attribute
object.
public static final int SM_AGENTAPI_RESPATTR_FLAGS_NONE
SM_AGENTAPI_RESPATTR_FLAGS_NONE
response attribute.
This constant denotes the default flag for the associated session variable.
flags
field of the Attribute
object.
public static final int SM_AGENTAPI_RESPATTR_FLAGS_UNRESOLVED
SM_AGENTAPI_RESPATTR_FLAGS_UNRESOLVED
response attribute.
This constant denotes that the associated session variable was unresolved, could not
be set, or could not be deleted.
flags
field of the Attribute
object.
Constructor Detail |
public AgentAPI()
init()
.
Method Detail |
public int init(InitDef id)
SUCCESS
, such as in the following circumstances:Init()
function succeeds.
id
- The object containing the initialization values.
SUCCESS
if the operation succeeded. FAILURE
otherwise.public int unInit()
SUCCESS
. The operation succeeded.
NOCONNECTION
. The object was not connected.
FAILURE
. The operation failed.
public int isProtected(java.lang.String clientIpAddress, ResourceContextDef rcd, RealmDef rd)
clientIpAddress
- The IP address of the client asking for the resource.rcd
- The resource to be checked.rd
- With return values of YES
or NO
,
contains the realm information needed to authenticate.
YES
. The resource is protected.
NO
. The resource is not protected.
NOCONNECTION
. The object was not connected.
INVALID_RESCTXDEF
. The Resource Context Definition is invalid.
INVALID_REALMDEF
. The Realm Definition is invalid.
TIMEOUT
. The server did not respond in the specified time.
FAILURE
. The operation failed.
public int isProtectedEx(java.lang.String clientIpAddress, ResourceContextDef rcd, RealmDef rd, java.lang.String transactionId)
public int login(java.lang.String clientIpAddress, ResourceContextDef rcd, RealmDef rd, UserCredentials uc, SessionDef sd, AttributeList al)
Performs session login or validates an existing session.
spec
field
of the SessionDef
object to "". This object is passed into the
login()
method in parameter sd
.
After the login()
call, the Policy Server attempts to authenticate
credentials. If authentication is successful, a new session is created
and returned in sd
. The full session specification data will now be
contained in the spec
field.
spec
field of SessionDef
to
a valid session specification returned from the login()
call
that created the session. During session re-login, the Policy Server
attempts to validate the session specification:
id
field of
SessionDef
, the id is validated against the session specification.
login()
in class SmApiSession
of the Utilities package.
clientIpAddress
- The IP address of the client requesting the resource.rcd
- The resource to be checked.rd
- The realm that the resource belongs to.uc
- The credentials of the user to be authenticated. Note: Unused
fields in the UserCredentials
object must be initialized to zero.sd
- With a return status of YES
, NO
, or CHALLENGE
,
this parameter contains the session data.al
- On return from the method, this parameter contains any response attributes,
or is cleared if there are none. Valid values:
ATTR_AUTH_DIR_OID
ATTR_AUTH_DIR_NAME
ATTR_AUTH_DIR_SERVER
ATTR_AUTH_DIR_NAMESPACE
ATTR_USERMSG
ATTR_USERDN
ATTR_USERUNIVERSALID
YES
. The authentication was successful.
NO
. The authentication was not not successful.
CHALLENGE
. A user challenge is required.
NOCONNECTION
. The object was not connected.
TIMEOUT
. The server did not respond in the specified time.
FAILURE
. The operation failed.
INVALID_RESCTXDEF
. The Resource Context Definition is invalid.
INVALID_REALMDEF
. The Realm Definition is invalid.
INVALID_USERCREDS
. The User Credentials are invalid.
INVALID_SESSIONDEF
. The Session Definition is invalid.
INVALID_ATTRLIST
. The Attribute List is invalid.
public int loginEx(java.lang.String clientIpAddress, ResourceContextDef rcd, RealmDef rd, UserCredentials uc, SessionDef sd, AttributeList al, java.lang.String transactionId)
public int validate(java.lang.String clientIpAddress, ResourceContextDef rcd, RealmDef rd, UserCredentials uc, SessionDef sd, AttributeList al)
public int validateEx(java.lang.String clientIpAddress, ResourceContextDef rcd, RealmDef rd, UserCredentials uc, SessionDef sd, AttributeList al, java.lang.String transactionId)
public int authorize(java.lang.String clientIpAddress, java.lang.String transactionId, ResourceContextDef rcd, RealmDef rd, SessionDef sd, AttributeList al)
clientIpAddress
- The client's IP address in dotted-quad notation.transactionId
- (Optional.) The ID that the agent uses to associate
application activity with security activity. The Policy Server logs
this ID.rcd
- The resource to be checked.rd
- The realm that the resource belongs to.sd
- Session information for the authenticated user.al
- On return from the method, contains any response attributes about the user
with respect to the resource, or is cleared if there are none.
YES
. The user is authorized to access the resource.
NO
. The user is not authorized to access the resource.
NOCONNECTION
. The object was not connected.
TIMEOUT
. The server did not respond in the specified time.
FAILURE
. The operation failed.
INVALID_RESCTXDEF
. The Resource Context Definition is invalid.
INVALID_REALMDEF
. The Realm Definition is invalid.
INVALID_SESSIONDEF
. The Session Definition is invalid.
INVALID_ATTRLIST
. The Attribute List is invalid.
public int authorizeEx(java.lang.String clientIpAddress, java.lang.String transactionId, ResourceContextDef rcd, RealmDef rd, SessionDef sd, AttributeList al, java.lang.StringBuffer UnresolvedList, java.lang.StringBuffer ResolvedList, java.lang.Boolean bSimpleAuth)
public int doManagement(ManagementContextDef mc, AttributeList al)
mc
- A ManagementContextDef
object that describes the requested
management action.al
- On return from the method, this parameter contains any response attributes,
or is cleared if there are none. Valid values:
AGENT_KEY_UPDATE_NEXT
AGENT_KEY_UPDATE_LAST
AGENT_KEY_UPDATE_CURRENT
AGENT_KEY_UPDATE_PERSISTENT
CACHE_FLUSH_ALL
CACHE_FLUSH_ALL_USERS
CACHE_FLUSH_THIS_USER
CACHE_FLUSH_ALL_REALMS
CACHE_FLUSH_THIS_REALM
YES
. There is a management request.
NOCONNECTION
. The object was not connected.
TIMEOUT
. The server did not respond in the specified time.
FAILURE
. The operation failed.
INVALID_MGMTCTXDEF
. The Management Context Definition is invalid.
INVALID_ATTRLIST
. The Attribute List is invalid.
public int transact(int serverNumber, BinaryBuffer bb)
public int makeCertificateHash(BinaryBuffer cert, BinaryBuffer hash)
cert
- The target certificate.hash
- On return from the method, this parameter contains the hash value.
SUCCESS
. The operation succeeded.
FAILURE
. The operation failed.
public int logout(java.lang.String clientIPAddr, SessionDef sd)
Logs a user out of a user session and issues an event. No database is updated.
To terminate the session, you must discard the session specification after logging out the user. To do so, set theSessionDef
object to null
-- for example:
result = aa.logout(clientIPAddr, sd); if (result == YES) sd = null;Use this method for logout of all users and administrators except for SiteMinder administrators. For logout of SiteMinder administrators, use logout() in class
SmApiSession
of the Utilities package.
clientIPAddr
- (Optional) The client IP address.sd
- The current session.
YES
. The user logged out successfully.
NO
. The user was not logged out.
NOCONNECTION
. The object was not connected.
TIMEOUT
. The method timed out.
FAILURE
. The operation failed.
INVALID_SESSIONDEF
. The Session Definition is invalid.
public int logoutEx(java.lang.String clientIPAddr, SessionDef sd, java.lang.String transactionId)
public int audit(java.lang.String clientIPAddr, java.lang.String transactionId, ResourceContextDef resCon, RealmDef realm, SessionDef session)
session
.
clientIPAddr
- (Optional) The client IP address.transactionId
- (Optional) The client-side transaction Id.resCon
- resource The resource context definition.realm
- The realm definition.session
- The session definition.
YES
. The audit was successful.
NO
. The audit was not successful.
NOCONNECTION
. The object was not connected.
TIMEOUT
. The method timed out.
FAILURE
. The operation failed.
INVALID_RESCTXDEF
. The Resource Context Definition is invalid.
INVALID_REALMDEF
. The Realm Definition is invalid.
INVALID_SESSIONDEF
. The Session Definition is invalid.
public int updateAttributes(java.lang.String clientIPAddr, java.lang.String transactionId, ResourceContextDef resourceContext, RealmDef realm, SessionDef session, AttributeList requestAttribs, AttributeList responseAttribs)
clientIPAddr
- The client IP address.transactionId
- The client-side transaction Id.resourceContext
- The resource context definition.realm
- The realm definition.session
- The session definition object.requestAttribs
- The request attributes.responseAttribs
- The response attributes.
YES
. The update was successful.
NO
. The update failed.
NOCONNECTION
. The object was not connected.
TIMEOUT
. The method timed out.
FAILURE
. The operation failed.
INVALID_RESCTXDEF
. The Resource Context Definition is invalid.
INVALID_REALMDEF
. The Realm Definition is invalid.
INVALID_SESSIONDEF
. The Session Definition is invalid.
INVALID_ATTRLIST
. The Attribute List is invalid.
public int getMaxTunnelBufSize()
tunnel()
.
public int tunnel(short server, java.lang.String clientIpAddr, java.lang.String transactionId, ResourceContextDef resourceContext, TunnelServiceRequest tsr, AttributeList responseAttribs)
Communicates with back-end services that have been registered with the Policy Server.
Call this method to transfer data between a remote service on the Policy server side and your agent. Also, callgetMaxTunnelBufSize()
to find out the
maximum data size that can be transferred.tunnel()
, create an instance of the
ResourceContextDef
class.
When you create this instance, pass four null strings in to the
constructor -- for example:
ResourceContextDef rcd = new ResourceContextDef("","","","");
server
- The server that will process the request at the time of the tunnel call.
Valid values:
AZ_SERVER
. The authorization server port number.
AUTH_SERVER
. The authentication server port number.
ACCT_SERVER
. The accounting server port number.
clientIpAddr
- The client IP address.transactionId
- The client-side transaction Id.resourceContext
- The resource context definition.tsr
- The definition of the tunnel service request.responseAttribs
- One of these response attributes:
SM_AGENTAPI_ATTR_SERVICE_DATA
. The data
returned by the remote service.
SM_AGENTAPI_ATTR_STATUS_MESSAGE
. The status message
from the remote service.
YES
. The transfer succeeded and a response is available.
NO
. The server doesn't support this operation.
NOCONNECTION
. The object was not connected.
TIMEOUT
INVALID_TSR
Tunnel Service Request is invalidINVALID_ATTRLIST
. The attribute list is invalid.FAILURE
public int getMaxTransactBufSize()
public int getConfig(InitDef id, java.lang.String agentName, java.lang.String configPath)
configPath
to the configuration file. getConfig()
checks the value of
configPath
to find the path to a configuration file. If
configPath
is empty and the agent is written for a Microsoft
Windows platform, getConfig()
) searches the Windows Registry for the
configuration information. If configPath
is empty and the agent
is running on a UNIX system, getConfig()
returns
FAILURE
.getConfig()
searches the
agentname list for the agent named in the parameter
agentName
. If agentName
is empty,
getConfig()
retrieves the default
agent name. If getConfig()
cannot retrieve the default agent name,
it returns FAILURE
. getConfig()
locates the configuration information for the
correct agent, it copies the information into the InitDef
object
(parameter id
). agentName
parameter contains
the string Agent1
and the agentname list of the
configuration file is set as follows:agentname="Agent1,123.112.12.12"
In this circumstance, getConfig()
sets the
hostName
parameter of the InitDef
constructor
to Agent1
. The IP Address is ignored. getConfig()
then retrieves the other information for the InitDef
object.
id
- On return from the method, this parameter contains
the configuration information.agentName
- The name of the agent to retrieve configuration information from.
If no agent name is specified, getConfig()
retrieves configuration information for the default agent.configPath
- The path to the agent configuration file webagent.conf
-- for example, c:\netscape\server4\https-1\config\webagent.conf
.
Any path specified along with the filename is opened for parsing.
Set this parameter as an empty string (""), only for the 4QMRx web agent on IIS.
SUCCESS
if configuration information was
successfully retrieved. Otherwise FAILURE
.public int getAgentConfig(java.lang.String templateName, AttributeList attributeList)
public int getSessionVariables(java.lang.String sessionId, ResourceContextDef rcd, AttributeList requestAttributeList, AttributeList responseAttributeList)
sessionId
- A unique identifier of the session for which the variable is to be retrieved. After
a successful login, the session id is returned in SessionDef
.rcd
- Reserved for future use.requestAttributeList
- An array of attributes representing the names of session variables
to be retrieved. Set the flags
field of each
Attribute
object to one of these values:
SM_AGENTAPI_REQATTR_FLAGS_NONE
.
Retrieve the specified variable, but don't delete it.
SM_AGENTAPI_REQATTR_FLAGS_DELETE
.
Delete the specified variable from the session store after retrieving it.
responseAttributeList
- On successful return from this method (YES
is returned),
this output parameter contains the retrieved variable names and their
values. If the method returns UNRESOLVED
, this
parameter includes variables that could not be retrieved. Further:
flags
field of the associated Attribute
object is set to
SM_AGENTAPI_RESPATTR_FLAGS_UNRESOLVED
.flags
field of the associated Attribute
object is set to
SM_AGENTAPI_RESPATTR_FLAGS_NONE
.
YES
. The session variables were successfully retrieved.NO
. The session variables were not retrieved.UNRESOLVED
. Some variables could not be retrieved.CHALLENGE
. A user challenge is required.NOCONNECTION
. The object was not connected.TIMEOUT
. The server did not respond in the specified time.FAILURE
. The operation failed.INVALID_SESSIONID
. The session id is invalid.INVALID_ATTRLIST
. The attribute list is invalid.public int getSessionVariablesEx(java.lang.String sessionId, ResourceContextDef rcd, AttributeList requestAttributeList, AttributeList responseAttributeList, java.lang.String transactionId)
public int setSessionVariables(java.lang.String sessionId, ResourceContextDef rcd, AttributeList requestAttributeList, AttributeList responseAttributeList)
sessionId
- A unique identifier of the session for which the variable is to be set. After
a successful login, the session id is returned in SessionDef
.rcd
- Reserved for future use.requestAttributeList
- An array of attributes representing the names and values of session variables
to be set. Set the flags
field of the
Attribute
object to
SM_AGENTAPI_REQATTR_FLAGS_NONE
.responseAttributeList
- If the method returns UNRESOLVED
, this output
parameter contains variables that could not be set. The flags
field of the Attribute
object is set to
SM_AGENTAPI_RESPATTR_FLAGS_UNRESOLVED
for each variable that could not be set.
YES
. The session variables were successfully set.NO
. The session variables were not set.UNRESOLVED
. Some variables could not be set.CHALLENGE
. A user challenge is required.NOCONNECTION
. The object was not connected.TIMEOUT
. The server did not respond in the specified time.FAILURE
. The operation failed.INVALID_SESSIONID
. The session id is invalid.INVALID_ATTRLIST
. The attribute list is invalid.public int setSessionVariablesEx(java.lang.String sessionId, ResourceContextDef rcd, AttributeList requestAttributeList, AttributeList responseAttributeList, java.lang.String transactionId)
public int delSessionVariables(java.lang.String sessionId, ResourceContextDef rcd, AttributeList requestAttributeList, AttributeList responseAttributeList)
sessionId
- A unique identifier of the session for which the variable is to be deleted. After
a successful login, the session id is returned in SessionDef
.rcd
- Reserved for future use.requestAttributeList
- An array of attributes representing the names of session variables
to be deleted. Set the flags
field of the
Attribute
object to
SM_AGENTAPI_REQATTR_FLAGS_NONE
.responseAttributeList
- If this method returns UNRESOLVED
, this output parameter
contains variables that could not be deleted. The flags
field of the Attribute
object is set to
SM_AGENTAPI_RESPATTR_FLAGS_UNRESOLVED
for each variable that could not be deleted.
YES
. The session variables were successfully deleted.NO
. The session variables were not deleted.UNRESOLVED
. Some variables could not be deleted.CHALLENGE
. A user challenge is required.NOCONNECTION
. The object was not connected.TIMEOUT
. The server did not respond in the specified time.FAILURE
. The operation failed.INVALID_SESSIONID
. The session id is invalid.INVALID_ATTRLIST
. The attribute list is invalid.public int delSessionVariablesEx(java.lang.String sessionId, ResourceContextDef rcd, AttributeList requestAttributeList, AttributeList responseAttributeList, java.lang.String transactionId)
public int createSSOToken(SessionDef sd, AttributeList al, java.lang.StringBuffer SSOToken)
Creates and encrypts a single sign-on token.
This method associates the user attribute information specified in theal
parameter with session and other attribute
information returned from the login call. The information in the
resulting token can be shared between standard SiteMinder Web Agents
and custom agents, allowing single sign-on operations between the
standard and custom agents.
Attribute
class
are used by this method. The only fields in this class
that are used with this method are id
and value
.
decodeSSOToken()
.
sd
- The session information for the authenticated user.al
- The attributes to include in the token.
Valid values:
ATTR_USERDN
. The user's distinguished name.
ATTR_USERNAME
. The user's name.
ATTR_CLIENTIP
. The IP address of the machine
where the user initiated a request for a
protected resource.
SSOToken
- On return, this parameter contains the single sign-on
token. Write this token to the SMSESSION
cookie.
SUCCESS
. The operation succeeded.
FAILURE
. The token was not created.
NOCONNECTION
. There was no connection to the Policy Server.
INVALID_SESSIONDEF
. The Session Definition is invalid.
INVALID_ATTRLIST
. The attribute list is invalid.public int decodeSSOToken(java.lang.String SSOToken, TokenDescriptor td, AttributeList al, boolean UpdateToken, java.lang.StringBuffer UpdatedSSOToken)
Decodes a single sign-on token. This method accepts a single sign-on token as input and returns a subset of the token's attributes.
Optionally, you can update the token's last-access timestamp, and then update theSMSESSION
cookie with the new token.
true
to parameter UpdateToken
.
The token that includes the updated timestamp is returned in
UpdatedSSOToken
.
Write the updated token to the SMSESSION
cookie.
Attribute
class
are used by this method. The only fields in this class
that are used with this method are id
and value
.
createSSOToken()
.
SSOToken
- The single sign-on token to be decoded.
The custom agent finds the token in
either of these locations:
SSOToken
from the call to
createSSOToken()
.
SMSESSION
cookie.
The custom agent is responsible for
extracting the contents of the cookie
and assigning it to this parameter.
td
- On return, this parameter contains the
token version number and specifies
whether the token was created by a custom agent.al
- On return, this parameter contains the
attributes extracted from the token.
Valid values:
ATTR_USERDN
. The user's distinguished name.
ATTR_SESSIONSPEC
. The session specification
returned from the login call.
ATTR_SESSIONID
. The session ID returned
from the login call.
ATTR_USERNAME
. The user's name.
ATTR_CLIENTIP
. The IP address of the machine
where the user initiated a request
for a protected resource.
ATTR_DEVICENAME
. The name of the agent that
is decoding the token.
ATTR_IDLESESSIONTIMEOUT
. Maximum idle time
for a session.
ATTR_MAXSESSIONTIMEOUT
. Maximum time a session
can be active.
ATTR_STARTSESSIONTIME
. The time the session
started after a successful login.
ATTR_LASTSESSIONTIME
. The time that the Policy Sever
was last accessed within the session.
UpdateToken
- true
if an updated token is requested.UpdatedSSOToken
- On return, this parameter contains the updated token.
Write this token to the SMSESSION
cookie.
The token is returned only if UpdateToken
is true
.
SUCCESS
. The operation succeeded.
FAILURE
. The token was not decoded.
NOCONNECTION
. There was no connection to the Policy Server.
INVALID_ATTRLIST
. The attribute list is invalid.
|
Java SDK r12.0 SP2 Fri 11/06/2009 |
|||||||||
PREV CLASS NEXT CLASS | ||||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |