This section contains the following topics:
Agent Configuration Parameters Methods
Authentication and Authorization Map Methods
Policy Server Connectivity Methods
SAML 2.0 Indexed Endpoint Methods
SAML 2.0 Requester Attribute Methods
SAML 2.0 Service Provider Methods
SAML 2.0 Service Provider Attribute Methods
Shared Secret Rollover Methods
WS-Federation Resource Partner Methods
WS-Federation Resource Partner Attribute Methods
The following methods act on PolicyMgtAdmin objects:
The AuthScheme method sets or retrieves the authentication scheme for an administrator stored in an external directory.
Syntax
The AuthScheme method has the following format:
Netegrity::PolicyMgtAdmin‑>AuthScheme( [authScheme] )
Parameters
The AuthScheme method accepts the following parameter:
authScheme (PolicyMgtAuthScheme)
(Optional) Specifies the authentication scheme to set.
Return Value
The AuthScheme method returns one of the following values:
The Description method sets or retrieves the description of the administrator.
Syntax
The Description method has the following format:
Netegrity::PolicyMgtAdmin‑>Description( [adminDesc] )
Parameters
The Description method accepts the following parameter:
adminDesc (string)
(Optional) Specifies the description of the administrator.
Return Value
The Description method returns one of the following values:
The ManageAllDomains method grants or revokes privileges to manage all system-level and domain-level Policy Server objects.
Syntax
The ManageAllDomains method has the following format:
Netegrity::PolicyMgtAdmin‑>ManageAllDomains( [allDomFlag] )
Parameters
The ManageAllDomains method accepts the following parameter:
allDomFlag (int)
(Optional) Specifies whether system-level and domain-level privileges are enable (set to a value of 1), or disabled (set to a value of 0).
Return Value
The ManageAllDomains method returns one of the following values:
Remarks
Privileges include:
Note: These objects cannot be managed through the Scripting Interface.
The ManageDomainObjects method grants or revokes privileges to manage domain-level Policy Server objects.
Syntax
The ManageDomainObjects method has the following format:
Netegrity::PolicyMgtAdmin‑>ManageDomainObjects( [domFlag] )
Parameters
The ManageDomainObjects method accepts the following parameter:
domFlag (int)
(Optional) Specifies whether domain object management privileges are granted (set to a value of 1), or revoked (set to a value of 0).
Return Value
The ManageDomainObjects method returns one of the following values:
Remarks
Privileges include:
Note: These objects cannot be managed through the Scripting Interface.
The ManageKeysAndPwdPolicy method grants or revokes administrator privileges to manage keys and password policies.
Syntax
The ManageKeysAndPwdPolicy method has the following format:
Netegrity::PolicyMgtAdmin‑>ManageKeysAndPwdPolicy( [pwdPolFlag] )
Parameters
The ManageKeysAndPwdPolicy method accepts the following parameters:
pwdPolFlag (int)
(Optional) Specifies granting or revoking privileges. Setting this flag to 1 has different meanings for different types of administrators:
Note: You can only create system-level administrators with the Command Line Interface. To create a domain-level administrator, use the Administrative UI.
Setting this flag to 0 revokes these privileges.
Return Value
The ManageKeysAndPwdPolicy method returns one of the following values:
The ManageUsers method grants or revokes privileges to manage users.
Syntax
The ManageUsers method has the following format:
Netegrity::PolicyMgtAdmin‑>ManageUsers( [userFlag] )
Parameters
The ManageUsers method accepts the following parameter:
userFlag (int)
(Optional) Specifies whether to grant (set value to 1) or revoke (set value to 0) user management privileges.
Return Value
The ManageUsers method returns one of the following values:
The Name method sets or retrieves the name of the administrator.
Syntax
The Name method has the following format:
Netegrity::PolicyMgtAdmin‑>Name( [adminName] )
Parameters
The Name method accepts the following parameter:
adminName (string)
(Optional) Specifies the name of the administrator.
Return Value
The Name method returns one of the following values:
The Password method sets or retrieves the administrator password.
Syntax
The Password method has the following format:
Netegrity::PolicyMgtAdmin‑>Password([adminPwd])
Parameters
The Password method accepts the following parameter:
adminPwd (string)
(Optional) Specifies the administrator password.
Return Value
The Password method returns one of the following values:
The UserDirectory method sets or retrieves an external user directory for the administrator.
Syntax
The UserDirectory method has the following format:
Netegrity::PolicyMgtAdmin‑>UserDirectory([userDir])
Parameters
The UserDirectory method accepts the following parameter:
userDir (PolicyMgtUserDir)
(Optional) Specifies the external user directory.
Return Value
The UserDirectory method returns one of the following values:
The following methods act on PolicyMgtAffiliateAttr objects:
The GetAttrType method retrieves the type of the affiliate attribute.
Syntax
The GetAttrType method has the following format:
Netegrity::PolicyMgtAffiliateAttr‑>GetAttrType( )
Parameters
The GetAttrType method accepts no parameters.
Return Value
The GetAttrType method returns one of the following values:
The GetValue method retrieves the value of the affiliate attribute.
Syntax
The GetValue method has the following format:
Netegrity::PolicyMgtAffiliateAttr‑>GetValue( )
Parameters
The GetValue method accepts no parameters.
Return Value
The GetValue method returns one of the following values:
The following methods act on PolicyMgtAffDomain objects:
The AddAdmin method associates an administrator with an affiliate domain.
Syntax
The AddAdmin method has the following format:
Netegrity::PolicyMgtAffDomain‑>AddAdmin(admin)
Parameter
The AddAdmin method accepts the following parameter:
admin (PolicyMgtAdmin)
Specifies the administrator to associate with the affiliate domain.
Return Values
The AddAdmin method returns one of the following values:
0 on success
-1 on failure
The AddUserDir method associates a user directory with an affiliate domain.
Syntax
The method has the following format:
Netegrity::PolicyMgtAffDomain‑>AddUserDir(userDir)
Parameter
The AddUserDir method accepts the following parameter:
userDir (PolicyMgtUserDir)
Specifies the user directory to associate with the affiliate domain.
Return Values
The AddUserDir method returns one of the following values:
0 on success
-1 on failure
The CreateAffiliate method creates and configures an affiliate object within an affiliate domain.
Syntax
The CreateAffiliate method has the following format:
Netegrity::PolicyMgtAffDomain‑>CreateAffiliate( affName, password, authURL, validityDuration, skewTime [, affDesc] [, allowNotification] [, audience] [, enableFlag] [, shareSessioning] [, sessionSyncInterval] [, SAMLVersion] [, SAMLProfile] [,ConsumerURL] )
Parameters
The CreateAffiliate method accepts the following parameters:
affName (string)
Specifies the name of the affiliate object. The name should be unique across all affiliate domains.
password (string)
Specifies the password that affiliates use to access SiteMinder Federation Web Services.
authURL (string)
Specifies the URL used to authenticate affiliate users.
validityDuration (long)
Specifies the number of seconds that a SiteMinder-generated SAML assertion is valid. If an affiliate receives the assertion after the specified time, the assertion is considered invalid.
skewTime (long)
Specifies the difference, in seconds, between the system clock time of the assertion producer site and the system clock time of the affiliate site. The skew time is added to validityDuration. Times are relative to GMT.
affDesc (string)
(Optional) Specifies the description of the affiliate.
allowNotification (int)
(Optional) Specifies whether to allow event notifications. Set to 1 to enable event notifications to be sent from the affiliate to SiteMinder on the assertion producer site. Set to 0 to disable the event notification service. Default is 0 (notifications disabled).
audience (string)
(Optional) Specifies the URI of the document that describes the agreement between the assertion producer and the affiliate. This value is included in the SAML assertion passed to the affiliate and can be used for validation purposes. Also, the affiliate can parse the audience document to obtain relevant information. The audience value must match the Assertion Audience setting in the AffiliateConfig.xml configuration file for the SAML Affiliate Agent.
enableFlag (int)
(Optional) Specifies whether to enable the affiliate object. Set to 1 to enable the affiliate object, or 0 to disable it. Default is 1 (object is enabled).
shareSessioning (int)
(Optional) Specifies whether to share session information. Set to 1 to allow the assertion producer and the affiliate to share session information, or set to 0 to have the producer and affiliate maintain separate sessions. Default is 0 (separate sessions). With shared sessions, the sessions on both sites are terminated when the session on either site ends.
sessionSyncInterval (long)
(Optional) Specifies the frequency, in seconds, at which the affiliate contacts the producer site to validate the status of a shared session.
SAMLVersion (long)
(Optional) Specifies the SAML version. One of the following values:
Specifying a SAML version has effect only if the Policy Manager API's session version is at least v6.0 SP 1.
SAMLProfile (long)
(Optional) Specifies the type of profile used to send and receive SAML assertions. Valid profiles:
AFFILIATE_SAML_PROFILE_ARTIFACT. The SAML assertion is retrieved from a URL associated with the assertion producer. The URL is specified during configuration of the SAML Artifact authentication scheme.
AFFILIATE_SAML_PROFILE_POST. The generated SAML assertion is POSTed to the URL specified in ConsumerURL.
This profile is supported only if the Policy Management API's session version is at least v6.0 SP 2. If an earlier version is involved, the POST profile request is ignored, and an attempt is made to create an affiliate object based on the artifact profile.
ConsumerURL (string)
(Optional) Specifies the URL where the requesting user's browser must POST a generated assertion. The site associated with the URL validates the assertion and uses its contents to make access decisions.
Return Value
The CreateAffiliate method returns one of the following values:
PolicyMgtAffiliate object if successful
undef if unsuccessful
Remarks
An affiliate object represents an affiliate site in a federated business network. Affiliate objects and affiliate domains are available through SiteMinder Federation Security Services.
The CreateSAMLServiceProvider method creates a SAML 2.0 Service Provider object. A Service Provider object contains information that an Identity Provider needs to produce assertions for the Service Provider. The properties you can set for a SAML 2.0 Service Provider object are listed following.
To modify the properties of an existing Service Provider, call the PolicyMgtSAMLServiceProvider‑>Property method.
Syntax
The CreateSAMLServiceProvider method has the following format:
Netegrity::PolicyMgtAffDomain‑>CreateSAMLServiceProvider(propsHash_ref)
Parameters
The CreateSAMLServiceProvider method accepts the following parameter:
propsHash_ref (hash)
Specifies a reference to a hashtable of metadata properties to define for the SAML 2.0 Service Provider (for example: \%myhash).
Return Values
The CreateSAMLServiceProvider method returns one of the following values:
Remarks
You can define the following properties for a SAML 2.0 Service Provider:
General Properties
Name ID Properties
SSO Properties
SLO Properties
IPD Properties
Attribute Service Properties
Encryption Properties
Advanced Properties
The CreateWSFEDResourcePartner method creates a WS-Federation Resource Partner for the affiliate domain.
Syntax
The CreateWSFEDResourcePartner method has the following format:
Netegrity::PolicyMgtAffDomain‑>CreateWSFEDResourcePartner(propsHash_ref)
Parameters
The CreateWSFEDResourcePartner method accepts the following parameters:
propsHash_ref (hash)
Specifies a reference to a hashtable of metadata properties to define for the
WS-Federation Resource Partner, (for example, C<\%myhash>|"hashref".
Return Value
The CreateWSFEDResourcePartner method returns one of the following values:
Remarks
You can define the following properties for a Resource Partner:
General Properties
NameID Properties
SSO Properties
Signout Properties
Advanced Properties
The DeleteAffiliate method deletes the specified affiliate object from the affiliate domain.
Syntax
The DeleteAffiliate method has the following format:
Netegrity::PolicyMgtAffDomain‑>DeleteAffiliate(aff)
Parameters
The DeleteAffiliate method accepts the following parameters:
aff (PolicyMgtAffiliate)
Specifies the affiliate object to delete.
Return Value
The DeleteAffiliate method returns one of the following values:
The DeleteSAMLServiceProvider method deletes the specified SAML 2.0 Service Provider.
Syntax
The method has the following format:
Netegrity::PolicyMgtAffDomain‑>DeleteSAMLServiceProvider(sp)
Parameters
The DeleteSAMLServiceProvider method accepts the following parameters:
sp (PolicyMgtSAMLServiceProvider)
Specifies the Service Provider to delete.
Return Value
The DeleteSAMLServiceProvider method returns the one of the following values:
The DeleteWSFEDResourcePartner method deletes a resource partner.
Syntax
The DeleteWSFEDResourcePartner method has the following format:
Netegrity::PolicyMgtAffDomain‑>DeleteWSFEDResourcePartner(rp)
Parameters
The DeleteWSFEDResourcePartner method accepts the following parameter:
rp (PolicyMgtWSFEDResourcePartner object)
Specifies the resource partner to delete.
Return Value
The DeleteWSFEDResourcePartner method returns one of the following values:
Specifies that the method is successful.
Specifies that the method is unsuccessful.
The Description method sets or retrieves the description of the affiliate domain.
Syntax
The Description method has the following format:
Netegrity::PolicyMgtAffDomain‑>Description([domainDesc])
Parameters
The Description method accepts the following parameters:
domainDesc (string)
(Optional) Specifies the description to set.
Return Value
The Description method returns one of the following values:
The GetAffiliate method retrieves the specified affiliate object.
Syntax
The GetAffiliate method has the following format:
Netegrity::PolicyMgtAffDomain‑>GetAffiliate(affName)
Parameters
The GetAffiliate method accepts the following parameters:
affName (string)
Specifies the name of the affiliate object to retrieve.
Return Value
The GetAffiliate method returns one of the following objects:
The GetAllAdmins method retrieves all administrators associated with the affiliate domain.
Syntax
The GetAllAdmins method has the following format:
Netegrity::PolicyMgtAffDomain‑>GetAllAdmins( )
Parameters
The GetAllAdmins method accepts no parameters.
Return Value
The GetAllAdmins method returns one or more of the following values:
The GetAllAffiliates method retrieves all affiliate objects associated with the affiliate domain.
Syntax
The GetAllAffiliates method has the following format:
Netegrity::PolicyMgtAffDomain‑>GetAllAffiliates( )
Parameters
The GetAllAffiliates method accepts no parameters.
Return Value
The GetAllAffiliates method returns one of the following values:
The GetAllSAMLServiceProviders method retrieves all the SAML 2.0 Service Providers associated with the affiliate domain.
Syntax
The GetAllSAMLServiceProviders method has the following format:
Netegrity::PolicyMgtAffDomain‑>GetAllSAMLServiceProviders( )
Parameters
The GetAllSAMLServiceProviders method accepts no parameters.
Return Value
The GetAllSAMLServiceProviders method returns one of the following values:
The GetAllWSFEDResourcePartners method retrieves all Resource Partners associated with the domain.
Syntax
The GetAllWSFEDResourcePartners method has the following format:
Netegrity::PolicyMgtAffDomain‑>GetAllWSFEDResourcePartners( )
Parameters
The GetAllWSFEDResourcePartners method accepts no parameters.
Return Value
The GetAllWSFEDResourcePartners method returns one of the following values:
The GetSAMLServiceProvider method retrieves the specified SAML 2.0 Service Provider.
Syntax
The GetSAMLServiceProvider method has the following format:
Netegrity::PolicyMgtAffDomain‑>GetSAMLServiceProvider(spName)
Parameters
The GetSAMLServiceProvider method accepts the following parameter:
spName (string)
Specifies the name of the Service Provider to retrieve.
Return Value
The GetSAMLServiceProvider method returns one of the following values:
The GetSAMLServiceProviderById method retrieves the specified SAML 2.0 Service Provider by its provider ID.
Syntax
The GetSAMLServiceProviderById method has the following format:
Netegrity::PolicyMgtAffDomain‑>GetSAMLServiceProviderById(spID)
Parameters
The GetSAMLServiceProviderById method accepts the following parameter:
spID (string)
Specifies the provider ID of the Service Provider to retrieve.
Return Value
The GetSAMLServiceProviderById method returns one of the following values:
The GetUserDirSearchOrder method retrieves user directory objects associated with the affiliate domain. The order of the returned objects is the same order SiteMinder uses when querying the directories.
Syntax
The GetUserDirSearchOrder method has the following format:
Netegrity::PolicyMgtAffDomain‑>GetUserDirSearchOrder( )
Parameters
The GetUserDirSearchOrder method accepts no parameters.
Return Value
The GetUserDirSearchOrder method returns one of the following values:
The GetWSFEDResourcePartner method retrieves the specified WS-Federation Resource Partner associated with the domain.
Syntax
The GetWSFEDResourcePartner method has the following format:
Netegrity::PolicyMgtAffDomain‑>GetWSFEDResourcePartner(rpName)
Parameters
The GetWSFEDResourcePartner method accepts the following parameters:
rpName (string)
Specifies the name of the Resource Partner to retrieve.
Return Value
The GetWSFEDResourcePartner method returns the following value:
The GetWSFEDResourcePartnerById method retrieves the specified Resource Partner by its Provider ID.
Syntax
The GetWSFEDResourcePartnerById method has the following format:
Netegrity::PolicyMgtAffDomain‑>GetWSFEDResourcePartnerById( rpID )
Parameters
The GetWSFEDResourcePartnerById method accepts the following parameters:
rpID (string)
Specifies the ID of the Resource Partner to retrieve.
Return Value
The GetWSFEDResourcePartnerById method returns the following value:
The Name method sets or retrieves the name of the affiliate domain.
Syntax
The Name method has the following format:
Netegrity::PolicyMgtAffDomain‑>Name( [domainName] )
Parameters
The Name method accepts the following parameter:
domainName (string)
(Optional) Specifies the name to set.
Return Value
The Name method returns one of the following values:
The RemoveAdmin method disassociates the specified administrator from the affiliate domain.
Syntax
The RemoveAdmin method has the following format:
Netegrity::PolicyMgtAffDomain‑>RemoveAdmin( admin )
Parameters
The RemoveAdmin method accepts the following parameter:
admin (PolicyMgtAdmin)
Specifies the administrator to remove from the affiliate domain.
Return Value
The RemoveAdmin method returns one of the following values:
The RemoveUserDir method disassociates the user directory from the affiliate domain.
Syntax
The RemoveUserDir method has the following format:
Netegrity::PolicyMgtAffDomain‑>RemoveUserDir( userDir )
Parameters
The RemoveUserDir method accepts the following parameter:
userDir (PolicyMgtUserDir)
Specifies the user directory to disassociate from the affiliate domain.
Return Value
The RemoveUserDir method returns one of the following values:
The SetUserDirSearchOrder method rearranges the search order of the user directory objects associated with the affiliate domain.
Syntax
The SetUserDirSearchOrder method has the following format:
Netegrity::PolicyMgtAffDomain‑>SetUserDirSearchOrder( dirArray )
Parameters
The SetUserDirSearchOrder method accepts the following parameter:
dirArray (PolicyMgtUserDir)
Specifies a reference to an array of user directory objects (for example: \@myarray).
Return Value
The SetUserDirSearchOrder method returns the following value:
The following methods act on PolicyMgtAffiliate objects:
The AddAttribute method Adds a new affiliate attribute to the affiliate object.
Syntax
The AddAttribute method has the following format:
Netegrity::PolicyMgtAffiliate‑>AddAttribute(attrType, value)
Parameters
The AddAttribute method accepts the following parameters:
attrType (int)
Specifies one of the following affiliate attribute types:
value (int)
Specifies the value for the affiliate attribute. This value specification appears in the Name Value Pair column of the SiteMinder Affiliate Dialog. The format of the value specification depends upon the kind of affiliate attribute you are adding -- Static, User Attribute, or DN Attribute:
Static. A literal attribute value. A static affiliate attribute is useful for passing specific information about the user to an application at the affiliate site -- for example, the user's credit limit at the affiliate site.
VariableName is the name that identifies the attribute in the SAML assertion, and value is the attribute value.
User Attribute. A user profile attribute name from a user's entry in an LDAP, WinNT, or ODBC user directory -- for example, the attribute name for a user's job title or email address.
UserAttrVariableName is the name that identifies the attribute in the SAML assertion, and UserAttrName (enclosed in quotes) is the name of the attribute in the user directory.
userattr= is static text that must be included in the format. The userattr= portion of the name/value pair must be enclosed by percent signs and angle brackets: <% . . . %>.
Example: email_address=<%userattr="email"%>
DN Attribute. The name of an attribute within an LDAP or ODBC directory object that is associated with the user. Groups to which a user belongs and Organizational Units (ou) that are part of a user DN are examples of directory objects whose attributes can be referenced as DN attributes. For example, a DN attribute can reference a company division for a user, based on the user's membership in a division.
DNVariableName is the name that identifies the attribute in the SAML assertion. DNSpec (enclosed in quotes) is the DN of the directory object, and DNAttrName (enclosed in quotes) is the name of the directory object attribute.
dn= and attr= are static text strings that must be included in the format. The dn= and attr= portion of the name/value pair must be enclosed by pound signs and angle brackets: <# . . . #>.
Example: GroupName=<#dn="ou=home,o=security.com" attr="cn"#>
To allow SiteMinder to retrieve DN attributes from a nested group, begin DNSpec with an exclamation mark ( ! ) -- for example:
dn="!ou=home,o=security.com"
Return Value
The AddAttribute method returns the following value:
Remarks
Affiliate attributes are name/value pairs that SiteMinder provides to an affiliate in a SAML assertion. Attributes include user entitlements (such as the user's credit limit at the affiliate site) and information from a user's profile (such as job title or email address).
When an application at the affiliate site extracts affiliate attributes from the assertion, it can make the attributes available to other applications at the site as HTTP header variables or HTTP cookie variables.
Note: The total size of an assertion passed to an affiliate cannot exceed 4K. If you include a large number of attributes in an affiliate object, you may violate this limit. A maximum assertion size of 3K is recommended.
The AddUser method adds a new user to the affiliate object.
Syntax
The AddUser method has the following format:
Netegrity::PolicyMgtAffiliate‑>AddUser( user )
Parameters
The AddUser method accepts the following parameter:
user (PolicyMgtUser)
Specifies the user to add.
Return Value
The AddUser method returns one of the following values:
The AllowNotification method sets or retrieves the event notification property. If event notifications are enabled, the affiliate sends notifications about user activities to SiteMinder on the assertion producer site.
Syntax
The AllowNotification method has the following format:
Netegrity::PolicyMgtAffiliate‑>AllowNotification( [notificationFlag] )
Parameters
The AllowNotification method accepts the following parameter:
notificationFlag (int)
(Optional) Specifies whether to enable event notification: 1 means to enable event notification; 0 means to disable event notifications.
Return Value
The AllowNotification method returns one of the following values:
The AssertionPluginClass method sets or retrieves the fully qualified class name of an assertion generator plug-in.
Syntax
The AssertionPluginClass method has the following format:
Netegrity::PolicyMgtAffiliate‑>AssertionPluginClass( [className] )
Parameters
The AssertionPluginClass method accepts the following parameter:
className (string)
(Optional) Specifies the fully qualified class name of the custom assertion generator plug-in, for example, com.samlproducer.assertionplugin.partner1.
Return Value
The AssertionPluginClass method returns one of the following values:
Remarks
The plug-in is a custom Java class that lets you modify the contents of a default SAML assertion generated by SiteMinder. SAML assertions are available in Federation Security Services, which is licensed separately.
The assertion generator plug-in functionality requires a Policy Management API session version of at least v6.0 SP 2. You can pass a parameter string into the assertion generator plug-in through the method PolicyMgtAffiliate‑>AssertionPluginParameters.
To create an assertion generator plug-in, implement the AssertionGeneratorPlugin interface in the Java SDK. For information, see the Programming Guide for Java.
The AssertionPluginParameters method sets or retrieves the parameter string to pass to a custom assertion generator plug-in. The syntax of the parameter string is user-defined--that is, the parameter string must conform to whatever conventions that the custom assertion generator requires.
Syntax
The AssertionPluginParameters method has the following format:
Netegrity::PolicyMgtAffiliate‑>AssertionPluginParameters( [parameter] )
Parameters
The AssertionPluginParameters method accepts the following parameter:
parameters (string)
(Optional) Specifies the parameter string to pass to the plug-in.
Return Value
The AssertionPluginParameters method returns one of the following values:
The Audience method sets or retrieves the URI of the document that describes the agreement between the assertion producer site and the affiliate.
This value is included in the SAML assertion passed to the affiliate and can be used for validation purposes. Also, the affiliate can parse the audience document to obtain relevant information. The audience value must match the Assertion Audience setting in the AffiliateConfig.xml configuration file for the SAML Affiliate Agent.
Syntax
The Audience method has the following format:
Netegrity::PolicyMgtAffiliate‑>Audience( [audience] )
Parameters
The Audience method accepts the following parameter:
audience (string)
(Optional) Specifies the audience URI to set.
Return Value
The Audience method returns one of the following values:
The AuthURL method sets or retrieves the URL used to authenticate affiliate users.
Syntax
The AuthURL method has the following format:
Netegrity::PolicyMgtAffiliate‑>AuthURL( [AuthURL] )
Parameters
The AuthURL method accepts the following parameter:
AuthURL (string)
(Optional) Specifies the authentication URL to set.
Return Value
The AuthURL method returns one of the following values:
The ConsumerURL method sets or retrieves the URL where the requesting user's browser must POST a generated assertion.
Syntax
The ConsumerURL method has the following format:
Netegrity::PolicyMgtAffiliate‑>ConsumerURL( [ConsumerURL] )
Parameters
The ConsumerURL method accepts the following parameter:
ConsumerURL (string)
(Optional) Specifies the URL where the generated assertion is to be sent.
Return Value
The ConsumerURL method returns one of the following values:
The CreateIPHostConfigName method Creates an IP configuration object from the specified host name.
Syntax
The CreateIPHostConfigName method has the following format:
Netegrity::PolicyMgtAffiliate‑>CreateIPConfigHostName( hostName )
Parameters
The CreateIPHostConfigName method accepts the following parameter:
hostName (string)
Specifies the host name upon which to base the IP configuration object.
Return Value
The CreateIPHostConfigName method returns one of the following values:
Remarks
Only those users who access the affiliate site from the specified host will be accepted at the affiliate site.
The CreateIPConfigRange method creates an IP configuration object from the specified range of IP addresses.
Syntax
The CreateIPConfigRange method has the following format:
Netegrity::PolicyMgtAffiliate‑>CreateIPConfigRange( ipAddr1, ipAddr2 )
Parameters
The CreateIPConfigRange method accepts the following parameters:
ipAddr1 (string)
Specifies the first IP address in the range of valid IP addresses from which to access the affiliate site.
ipAddr2 (int)
Specifies the last IP address in the range of valid IP addresses from which to access the affiliate site.
Return Value
The CreateIPConfigRange method returns one of the following values:
Remarks
Only those users who access the affiliate site from an IP address within the specified range are accepted at the affiliate site.
The CreateIPConfigSingleHost method creates an IP configuration object from the specified IP address.
Syntax
The CreateIPConfigSingleHost method has the following format:
Netegrity::PolicyMgtAffiliate‑>CreateIPConfigSingleHost( ipAddr )
Parameters
The CreateIPConfigSingleHost method accepts the following parameter:
ipAddr (string)
Specifies the IP address from which to access the affiliate site.
Return Value
The CreateIPConfigSingleHost method returns one of the following values:
Remarks
Only those users who access the affiliate site from the specified IP address are accepted at the affiliate site.
The CreateIPConfigSubnetMask method creates an IP configuration object from the specified IP address and subnet mask.
Syntax
The CreateIPConfigSubnetMask method has the following format:
Netegrity::PolicyMgtAffiliate‑>CreateIPConfigSubnetMask( ipAddr, subnetMask )
Parameters
The CreateIPConfigSubnetMask method accepts the following parameters:
ipAddr (string)
Specifies the IP address used to derive the subnet address.
subnetMask (unsigned long)
Specifies the subnet mask used to derive the subnet address.
Return Value
The CreateIPConfigSubnetMask method returns one of the following values:
Remarks
Only those users who access the affiliate site from the subnet address will be accepted at the affiliate site. The subnet address is derived from the passed IP address and subnet mask.
The DeleteIPConfig method deletes the specified IP configuration object.
Syntax
The DeleteIPConfig method has the following format:
Netegrity::PolicyMgtAffiliate‑>DeleteIPConfig( IPConfig )
Parameters
The DeleteIPConfig method accepts the following parameter:
IPConfig (PolicyMgtIPConfig)
Specifies the IP configuration object to delete.
Return Value
The DeleteIPConfig method returns one of the following values:
The Description method sets or retrieves the description of the affiliate object.
Syntax
The Description method has the following format:
Netegrity::PolicyMgtAffiliate‑>Description( [affDesc] )
Parameters
The Description method accepts the following parameter:
affDesc (string)
(Optional) Specifies the description to set.
Return Value
The Description method returns one of the following values:
The GetAllAttributes method retrieves all existing affiliate attributes for the affiliate object.
Syntax
The GetAllAttributes method has the following format:
Netegrity::PolicyMgtAffiliate‑>GetAllAttributes( )
Parameters
The GetAllAttributes method accepts no parameters.
Return Value
The GetAllAttributes method returns one of the following values:
The GetAllIPConfigs method retrieves all IP configuration objects for the affiliate object.
Syntax
The GetAllIPConfigs method has the following format:
Netegrity::PolicyMgtAffiliate‑>GetAllIPConfigs( )
Parameters
The GetAllIPConfigs method accepts no parameters.
Return Value
The GetAllIPConfigs method returns one of the following values:
The GetAllUsers method retrieves all users associated with the affiliate object. If a user directory is specified, the method returns only those users associated with the affiliate and the particular directory.
Syntax
The GetAllUsers method has the following format:
Netegrity::PolicyMgtAffiliate‑>GetAllUsers( [userDir] )
Parameters
The GetAllUsers method accepts the following parameter:
userDir (PolicyMgtUserDir)
(Optional) Specifies a user directory that the affiliate users must be members of.
Return Value
The GetAllUsers method returns one of the following values:
The IsEnabled method sets or retrieves the enabled flag for the affiliate object.
Syntax
The IsEnabled method has the following format:
Netegrity::PolicyMgtAffiliate‑>IsEnabled( [enableFlag] )
Parameters
The IsEnabled method accepts the following parameter:
enableFlag (int)
(Optional) Specifies whether to enable the affiliate object:
Return Value
The IsEnabled method returns one of the following values:
The Name method sets or retrieves the name of the affiliate object.
Syntax
The Name method has the following format:
Netegrity::PolicyMgtAffiliate‑>Name( [affName] )
Parameters
The Name method accepts the following parameter:
affName (string)
(Optional) Specifies the name to set.
Return Value
The Name method returns one of the following values:
The Password method sets or retrieves the password that affiliates use to access SiteMinder Federation Web Services.
Syntax
The Password method has the following format:
Netegrity::PolicyMgtAffiliate‑>Password( [affPassword] )
Parameters
The Password method accepts the following parameter:
affPassword (string)
(Optional) Specifies the password to set.
Return Value
The Password method returns one of the following values:
The RemoveAttribute method removes the specified affiliate attribute from the affiliate object.
Syntax
The RemoveAttribute method has the following format:
Netegrity::PolicyMgtAffiliate‑>RemoveAttribute( affiliateAttr )
Parameters
The RemoveAttribute method accepts the following parameter:
affiliateAttr (PolicyMgtAffiliateAttr)
Specifies the affiliate attribute to remove.
Return Value
The RemoveAttribute method returns one of the following values:
The RemoveUser method removes the specified user from the affiliate object.
Syntax
The RemoveUser method has the following format:
Netegrity::PolicyMgtAffiliate‑>RemoveUser( user )
Parameters
The RemoveUser method accepts the following parameter:
user (type)
Specifies he user to remove.
Return Value
The RemoveUser method returns one of the following values:
The SAMLProfile method sets or retrieves the type of profile used for sending and receiving SAML assertions.
Syntax
The SAMLProfile method has the following format:
Netegrity::PolicyMgtAffiliate‑>SAMLProfile([SAMLProfile])
Parameters
The SAMLProfile method accepts the following parameters:
SAMLProfile (long)
(Optional) Specifies one of the following valid SAML profile:
Return Value
The SAMLProfile method returns one of the following values:
The SAMLVersion method sets or retrieves the SAML version for the affiliate.
Syntax
The SAMLVersion method has the following format:
Netegrity::PolicyMgtAffiliate‑>SAMLVersion( [SAMLVer] )
Parameters
The SAMLVersion method accepts the following parameter:
SAMLVer (long)
(Optional) Specifies one of the following SAML versions to set:
Return Value
The SAMLVersion method returns one of the following values:
Remarks
Specifying a SAML version has effect only if the Policy Manager API's session version is at least v6.0 SP 1.
The Save method saves the affiliate object to the policy store.
Syntax
The Save method has the following format:
Netegrity::PolicyMgtAffiliate‑>Save( )
Parameters
The Save method accepts no parameters.
Return Value
The Save method returns one of the following values:
Remarks
Call this method once after making all the modifications to the affiliate object that you intend to make. This method must be called for any changes to take effect.
The SessionSyncInterval method sets or retrieves the session synchronization interval property. This property specifies the frequency, in seconds, at which the affiliate contacts the assertion producer site to validate the status of a shared session.
Syntax
The SessionSyncInterval method has the following format:
Netegrity::PolicyMgtAffiliate‑>SessionSyncInterval( [SessionSyncInterval] )
Parameters
The SessionSyncInterval method accepts the following parameter:
SessionSyncInterval (long)
(Optional) Specifies the session synchronization interval to set.
Return Value
The SessionSyncInterval method returns one of the following values:
The SharedSessioning method sets or retrieves the shared session property. With shared sessions, the sessions on both the assertion producer site and the affiliate are terminated when the session on either site ends.
Syntax
The SharedSessioning method has the following format:
Netegrity::PolicyMgtAffiliate‑>ShareSessioning([shareFlag])
Parameters
The SharedSessioning method accepts the following parameter:
shareFlag (int)
(Optional) Specifies the shared session property to set:
Return Value
The SharedSessioning method returns one of the following values:
The SkewTime method sets or retrieves the skew time property. The skew time is the difference, in seconds, between the system clock time of the assertion producer site and the system clock time of the affiliate site. Times are relative to GMT.
Syntax
The SkewTime method has the following format:
Netegrity::PolicyMgtAffiliate‑>SkewTime( [SkewTime] )
Parameters
The SkewTime method accepts the following parameter:
skewTime (long)
(Optional) Specifies the skew time to set.
Return Value
The SkewTime method returns one of the following values:
The ValidityDuration method sets or retrieves the number of seconds that a SiteMinder-generated SAML assertion is valid. If an affiliate receives the assertion after the specified time, the assertion is considered invalid.
Syntax
The ValidityDuration method has the following format:
Netegrity::PolicyMgtAffiliate‑>ValidityDuration( [ValidityDuration] )
Parameters
The ValidityDuration method accepts the following parameter:
validityDuration (long)
(Optional) Specifies the validity duration time to set.
Return Value
The ValidityDuration method returns one of the following values:
The following methods act on PolicyMgtAgent objects:
The ConvertFromLegacy method converts a v4.x agent to a v5.x agent.
Syntax
The ConvertFromLegacy method has the following format:
Netegrity::PolicyMgtAgent‑>ConvertFromLegacy( )
Parameters
The ConvertFromLegacy method accepts no parameters.
Return Value
The ConvertFromLegacy method returns one of the following values:
The ConvertToLegacy method converts a v5.x agent to a v4.x agent.
Syntax
The ConvertToLegacy method has the following format:
Netegrity::PolicyMgtAgent‑>ConvertToLegacy( )
Parameters
The ConvertToLegacy method accepts no parameters.
Return Value
The ConvertToLegacy method returns one of the following values:
The Description method sets or retrieves the agent description.
Syntax
The Description method has the following format:
Netegrity::PolicyMgtAgent‑>Description([agentDesc])
Parameters
The Description method accepts the following parameter:
agentDesc (string)
(Optional) Specifies the description to set.
Return Value
The Description method returns one of the following values:
The IPAddress method sets or retrieves the agent's IP address.
Syntax
The IPAddress method has the following format:
Netegrity::PolicyMgtAgent‑>IPAddress([ipAddress])
Parameters
The IPAddress method accepts the following parameter:
ipAddress (string)
(Optional) Specifies the IP address to set.
Return Value
The IPAddress method returns one of the following values:
The Name method sets or retrieves the name of the agent.
Syntax
The Name method has the following format:
Netegrity::PolicyMgtAgent‑>Name([agentName])
Parameters
The Name method accepts the following parameter:
agentName (string)
(Optional) Specifies the name to assign to the agent.
Return Value
The Name method returns one of the following values:
The RealmHintAttrID method sets or retrieves the hint attribute for a RADIUS agent.
Syntax
The RealmHintAttrID method has the following format:
Netegrity::PolicyMgtAgent‑>RealmHintAttrID([hintID])
Parameters
The RealmHintAttrID method accepts the following parameter:
hintID (int)
(Optional) Specifies the hint attribute ID to set.
Return Value
The RealmHintAttrID method returns one of the following values:
The SharedSecret method sets or retrieves the shared secret for a v4.x agent. This is the same shared secret used in the Web agent configuration.
The SharedSecret method has the following format:
Netegrity::PolicyMgtAgent->SharedSecret([sharedSecret])
The SharedSecret method accepts the following parameter:
sharedSecret (string)
(Optional) Specifies the shared secret to set.
The SharedSecret method returns one of the following values:
The following methods act on PolicyMgtAgentConfig objects:
The AddAssociation method adds a configuration parameter name and value for this agent configuration.
Syntax
The AddAssociation method has the following format:
Netegrity::PolicyMgtAgentConfig‑>AddAssociation(Name, Value, Flags)
Parameters
The AddAssociation method accepts the following parameters:
Name (string)
Specifies the configuration parameter name.
Value (string)
Specifies the configuration parameter value.
Flag (int)
Specifies the encryption flag value:
Return Value
The AddAssociation method returns one of the following values:
The AddAssociationMultiValue method adds a multi-valued configuration parameter for this agent configuration. If the specified configuration parameter exists, the value is updated.
Syntax
The AddAssociationMultiValue method has the following format:
Netegrity::PolicyMgtAgentConfig‑>AddAssociationMultiValue(Name, valueArray)
Parameters
The AddAssociationMultiValue method accepts the following parameters:
Name (string)
Specifies the configuration parameter name.
valueArray (string array)
Specifies a reference to an array of values associated with this parameter name (for example: \@myarray).
Return Value
The AddAssociationMultiValue method returns one of the following values:
Remarks
Multi-valued parameters can be stored only as plain text.
The Description method sets or retrieves the description of the agent configuration object.
Syntax
The Description method has the following format:
Netegrity::PolicyMgtAgentConfig‑>Description([Description])
Parameters
The Description method accepts the following parameters:
Description (string)
(Optional) Specifies the description to set.
Return Value
The Description method returns one of the following values:
The GetAssociations method retrieves a list of all the configuration parameters for this agent configuration.
Syntax
The GetAssociations method has the following format:
Netegrity::PolicyMgtAgentConfig‑>GetAssociations( )
Parameters
The GetAssociations method accepts no parameters.
Return Value
The GetAssociations method returns one of the following values:
The Name method sets or retrieves the agent configuration object name.
Syntax
The Name method has the following format:
Netegrity::PolicyMgtAgentConfig‑>Name([Name])
Parameters
The Name method accepts the following parameters:
Name (string)
(Optional) Specifies the name to set.
Return Value
The Name method returns one of the following values:
The RemoveAssociation method removes a configuration parameter name/value pair from the agent configuration object.
Syntax
The RemoveAssociation method has the following format:
Netegrity::PolicyMgtAgentConfig‑>RemoveAssociation(assoc)
Parameters
The RemoveAssociation method accepts the following parameter:
assoc (PolicyMgtAssociation)
Specifies the configuration parameter name/value pair to remove.
Return Value
The RemoveAssociation method returns one of the following values:
An object of this type represents a configuration parameter name-value pair for an agent configuration. The following methods act on PolicyMgtAssociation objects:
The Name method sets or retrieves the name portion of the agent configuration parameter name/value pair.
Syntax
The Name method has the following format:
Netegrity::PolicyMgtAssociation‑>Name([Name])
Parameters
The Name method accepts the following parameters:
Name (string)
(Optional) Specifies the name to set.
Return Value
The Name method returns one of the following values:
The Flags method sets or retrieves the encryption flag attribute for the agent configuration name/value pair.
Syntax
The Flags method has the following format:
Netegrity::PolicyMgtAssociation‑>Flags([Flags])
Parameters
The Flags method accepts the following parameter:
Flags (int)
(Optional) Specifies the flag value to set.
Return Value
The Flags method returns one of the following values:
The Value method sets or retrieves the value portion of the agent configuration parameter name/value pair.
Syntax
The Value method has the following format:
Netegrity::PolicyMgtAssociation‑>Value([Value])
Parameters
The Value method accepts the following parameter:
Value (int)
(Optional) Specifies the value to set.
Return Value
The Value method returns one of the following values:
The following methods act on PolicyMgtAgentType objects:
The GetDescription method retrieves the description of the agent type.
Syntax
The GetDescription method has the following format:
Netegrity::PolicyMgtAgentType‑>GetDescription( )
Parameters
The GetDescription method accepts no parameters.
Return Value
The GetDescription method returns one of the following values:
The GetName method retrieves the name of the agent type, for example, Web Agent.
Syntax
The GetName method has the following format:
Netegrity::PolicyMgtAgentType‑>GetName( )
Parameters
The GetName method accepts no parameters.
Return Value
The GetName method returns one of the following values:
The following methods act on PolicyMgtAuthAzMap objects:
The AuthDir method sets or retrieves the authentication directory of the authentication and authorization map.
Syntax
The AuthDir method has the following format:
Netegrity::PolicyMgtAuthAzMap‑>AuthDir([userDir])
Parameters
The AuthDir method accepts the following parameter:
userDir (PolicyMgtUserDir)
(Optional) Specifies the authentication directory to set.
Return Value
The AuthDir method returns one of the following values:
The AzDir method sets or retrieves the authorization directory of the authentication and authorization map.
Syntax
The AzDir method has the following format:
Netegrity::PolicyMgtAuthAzMap‑>AzDir([userDir])
Parameters
The AzDir method accepts the following parameter:
userDir (PolicyMgtUserDir)
(Optional) Specifies the authorization directory to set.
Return Value
The AzDir method returns one of the following values:
The MapType method sets or retrieves the type of authentication and authorization map.
Syntax
The MapType method has the following format:
Netegrity::PolicyMgtAuthAzMap‑>MapType([mapType])
Parameters
The MapType method accepts the following parameter:
mapType (int)
(Optional) Specifies the map type. The following values are valid:
AUTHAZMAPTYPE_DN (Value=1). Mapping is based on a DN.
AUTHAZMAPTYPE_UNIVERSALID (Value=2). Mapping is based on a universal identifier.
AUTHAZMAPTYPE_ATTR (Value=3). Mapping is based on an attribute in the directory.
Return Value
The MapType method returns one of the following values:
The following methods act on PolicyMgtAuthScheme objects.:
The AddMessageConsumerPluginToSAML1xScheme method adds a message consumer plug-in class name and parameter to a SAML1x authentication scheme.
Syntax
The AddMessageConsumerPluginToSAML1xScheme method has the following format:
Netegrity::PolicyMgtAuthScheme‑>AddMessageConsumerPluginToSAML1xScheme(pluginClass, pluginParam)
Parameters
The AddMessageConsumerPluginToSAML1xScheme method accepts the following parameters:
pluginClass (string)
Specifies the message consumer plug-in class name.
pluginParam (string)
Specifies the message consumer plug-in parameter name.
Return Value
The AddMessageConsumerPluginToSAML1xScheme method returns one of the following values:
The AddRedirectURLToSAML1xScheme method adds a redirect URL, type, and mode to a SAML1x authentication scheme.
Syntax
The AddRedirectURLToSAML1xScheme method has the following format:
Netegrity::PolicyMgtAuthScheme‑>AddRedirectURLToSAML1xScheme(iTypeURL, URL, redirectMode)
Parameters
The AddRedirectURLToSAML1xScheme method accepts the following parameters:
iTypeURL (int)
Specifies the redirect URL type, which is one of the following values:
0—User Note Found
1— Invalid Message
2—Unaccepted credential
URL (string)
Specifies the redirect URL site.
redirectMode (int)
Specifies the redirect mode, which can be either of the following values:
Return Value
The AddRedirectURLToSAML1xScheme method returns one of the following values:
The AddTargetConfigToSAML1xScheme method sets the default Target and QueryParameterOverridesTarget configuration to a SAML1x authentication scheme.
Syntax
The AddTargetConfigToSAML1xScheme method has the following format:
Netegrity::PolicyMgtAuthScheme‑>AddTargetConfigToSAML1xScheme(pszTargetURL, iQPOverrideTarget)
Parameters
The AddTargetConfigToSAML1xScheme method accepts the following parameters:
pszTargetURL (string)
Specifies the default Target URL.
iQPOverrideTarget (int)
Specifies whether the query parameter overrides the default Target configuration.
Return Value
The AddTargetConfigToSAML1xScheme method returns one of the following values:
The CustomLib method sets or retrieves the name of the shared library that implements the authentication scheme.
Syntax
The CustomLib method has the following format:
Netegrity::PolicyMgtAuthScheme‑>CustomLib([libName])
Parameters
The CustomLib method accepts the following parameter:
libName (string)
(Optional) Specifies the shared library name.
Return Value
The CustomLib method returns one of the following values:
Remarks
Each pre-defined authentication scheme type is shipped with a default library, but you can use a custom library. If you use a custom authentication scheme, you must specify a custom library.
The CustomParam method sets or retrieves information that is passed to the authentication scheme. You can accept the default parameter for the authentication scheme, or you can specify a new one.
Syntax
The CustomParam method has the following format:
Netegrity::PolicyMgtAuthScheme‑>CustomParam([param])
Parameters
The CustomParam method accepts the following parameter:
param (string)
(Optional) Specifies the parameter information to pass.
Return Value
The CustomParam method returns one of the following values:
The CustomSecret method sets or retrieves the shared secret for the custom authentication scheme.
Syntax
The CustomSecret method has the following format:
Netegrity::PolicyMgtAuthScheme‑>CustomSecret([param])
Parameters
The CustomSecret method accepts the following parameter:
param (string)
(Optional) Specifies the shared secret.
Return Value
The CustomSecret method returns one of the following values:
The Description method sets or retrieves the description of the authentication scheme.
Syntax
The Description method has the following format:
Netegrity::PolicyMgtAuthScheme‑>Description([schemeDesc])
Parameters
The Description method accepts the following parameter:
schemeDesc (string)
(Optional) Specifies the description.
Return Value
The Description method returns one of the following values:
The GetMessageConsumerPluginFromSAML1xScheme method retrieves the message consumer plug-in class name and parameter from a SAML1x authentication scheme.
Syntax
The GetMessageConsumerPluginFromSAML1xScheme method has the following format:
Netegrity::PolicyMgtAuthScheme‑>GetMessageConsumerPluginFromSAML1xScheme(pluginClass, pluginParam)
Parameters
The GetMessageConsumerPluginFromSAML1xScheme method accepts the following parameters:
pluginClass (string)
Specifies the message consumer plug-in class name.
pluginParam (string)
Specifies the message consumer plug-in parameter name.
Return Value
The GetMessageConsumerPluginFromSAML1xScheme method returns one of the following values:
The GetRedirectURLFromSAML1xScheme method retrieves a redirect URL, type, and mode from a SAML1x authentication scheme.
Syntax
The GetRedirectURLFromSAML1xScheme method has the following format:
Netegrity::PolicyMgtAuthScheme‑>GetRedirectURLFromSAML1xScheme(iTypeURL, URL, redirectMode)
Parameters
The GetRedirectURLFromSAML1xScheme method accepts the following parameters:
iTypeURL (int)
Specifies the redirect URL type, which is one of the following values:
0—User Note Found
1— Invalid Message
2—Unaccepted credential
URL (string)
Specifies the redirect URL site.
redirectMode (int)
Specifies the redirect mode, which can be either of the following values:
Return Value
The GetRedirectURLFromSAML1xScheme method returns one of the following values:
The GetTargetConfigFromSAML1xScheme method retrieves the default Target and QueryParameterOverridesTarget configuration from a SAML1x authentication scheme.
Syntax
The GetTargetConfigFromSAML1xScheme method has the following format:
Netegrity::PolicyMgtAuthScheme‑>GetTargetConfigFromSAML1xScheme(pszTargetURL, iQPOverrideTarget)
Parameters
The GetTargetConfigFromSAML1xScheme method accepts the following parameters:
pszTargetURL (string)
Specifies the default Target URL.
iQPOverrideTarget (int)
Specifies whether the query parameter overrides the default Target configuration.
Return Value
The GetTargetConfigFromSAML1xScheme method returns one of the following values:
The IgnorePwd method sets or retrieves the flag that specifies whether password policies should be checked for the authentication scheme.
Syntax
The IgnorePwd method has the following format:
Netegrity::PolicyMgtAuthScheme‑>IgnorePwd([pwdFlag])
Parameters
The IgnorePwd method accepts the following parameter:
pwdFlag (int)
(Optional) Specifies whether to ignore password policies (set to 1), or enforce them (set to 0).
Return Value
The IgnorePwd method returns one of the following values:
The IsRadius method sets or retrieves the flag that specifies whether the authentication scheme supports RADIUS agents.
Syntax
The IsRadius method has the following format:
Netegrity::PolicyMgtAuthScheme‑>IsRadius([radFlag])
Parameters
The IsRadius method accepts the following parameter:
radFlag (int)
(Optional) Specifies whether the authentication scheme supports RADIUS agents (1=yes; 0=no).
Return Value
The IsRadius method returns one of the following values:
The IsTemplate method retrieves the flag value that indicates whether the authentication scheme is a template.
Syntax
The IsTemplate method has the following format:
Netegrity::PolicyMgtAuthScheme‑>IsTemplate( )
Parameters
The IsTemplate method accepts no parameters.
Return Value
The IsTemplate method returns one of the following values:
Remarks
Setting an authentication scheme as a template with the Perl Policy Management API is deprecated in SiteMinder v6.0 SP3.
The IsUsedByAdmin method determines whether the scheme should be used to authenticate administrators.
Syntax
The IsUsedByAdmin method has the following format:
Netegrity::PolicyMgtAuthScheme‑>IsUsedByAdmin([useAdminFlag])
Parameters
The IsUsedByAdmin method accepts the following parameter:
useAdminFlag (int)
(Optional) Specifies whether the scheme should be used to authenticate administrators:
Return Value
The IsUsedByAdmin method returns one of the following values:
The Name method sets or retrieves the name of the authentication scheme.
Syntax
The Name method has the following format:
Netegrity::PolicyMgtAuthScheme‑>Name([authSchemeName])
Parameters
The Name method accepts the following parameter:
authSchemeName (string)
(Optional) Specifies the name to assign to the authentication scheme.
Return Value
The Name method returns one of the following values:
The ProtectionLevel method sets or retrieves the protection level of the authentication scheme.
Syntax
The ProtectionLevel method has the following format:
codefirstNetegrity::PolicyMgtAuthScheme‑>ProtectionLevel([nlevel])
Parameters
The ProtectionLevel method accepts the following parameter:
nlevel (int)
(Optional) Specifies the protection level to set.
Return Value
The ProtectionLevel method returns one of the following values:
Remarks
The level can vary from 1 to 1000. The higher the number, the more secure is the scheme. With Anonymous authentication schemes, set this value to 0.
The Save method saves the authentication scheme to the policy store.
Syntax
The Save method has the following format:
Netegrity::PolicyMgtAuthScheme‑>Save( )
Parameters
The Save method accepts no parameters.
Return Value
The Save method returns one of the following values:
Remarks
Call this method once after making all the modifications to the authentication scheme that you intend to make. This method must be called for any changes to take effect.
The SaveCredentials method sets or retrieves the flag that allows user credentials to be saved.
Syntax
The SaveCredentials method has the following format:
Netegrity::PolicyMgtAuthScheme‑>SaveCredentials([credFlag])
Parameters
The SaveCredentials method accepts the following parameter:
credFlag (int)
(Optional) Specifies the flag value:
Return Value
The SaveCredentials method returns one of the following values:
The Type method sets or retrieves the authentication scheme type.
Syntax
The Type method has the following format:
Netegrity::PolicyMgtAuthScheme‑>Type([template])
Parameters
The Type method accepts the following parameter:
template (PolicyMgtAuthScheme)
(Optional) Specifies the authentication scheme type.
Return Value
The Type method returns one of the following values:
The following methods act on PolicyMgtCertMap objects:
The AttrMap method sets or retrieves the attribute map for Certificate mapping.
Syntax
The AttrMap method has the following format:
Netegrity::PolicyMgtCertMap‑>AttrMap ([attribute_map])
Parameters
The AttrMap method accepts the following parameter:
attribute_map (string)
(Optional) Specifies the attribute map to be set.
Return Value
The AttrMap method returns one of the following values:
The CacheCRL method sets or retrieves the flag that determines whether to cache Certificate Revocation List (CRL) entries. Setting this flag causes SiteMinder to use cached CRL information until the date specified in the NextUpdate field in the CRL.
Syntax
The CacheCRL method has the following format:
Netegrity::PolicyMgtCertMap‑>CacheCRL([cacheFlag])
Parameters
The CacheCRL method accepts the following parameter:
cacheFlag (int)
(Optional) Specifies whether to cache CRL entries:
Return Value
The CacheCRL method returns one of the following values:
The CertRequired method sets or retrieves the flag that requires SiteMinder to verify that the certificate presented by the user matches the certificate stored in the user's entry in the user directory. The user directory must be an LDAP user directory.
Syntax
The CertRequired method has the following format:
Netegrity::PolicyMgtCertMap‑>CertRequired([certFlag])
Parameters
The CertRequired method accepts the following parameter:
certFlag (int)
(Optional) Specifies whether certificate verification is required:
Return Value
The CertRequired method returns one of the following values:
The CRLUserDirectory method specifies or retrieves the LDAP user directory where the Certificate Revocation List (CRL) is located.
Syntax
The CRLUserDirectory method has the following format:
Netegrity::PolicyMgtCertMap‑>CRLUserDirectory([crlDir])
Parameters
The CRLUserDirectory method accepts the following parameter:
crlDir (PolicyMgtUserDir)
(Optional) Specifies the user directory where the CRL is located.
Return Value
The CRLUserDirectory method returns one of the following values:
The Description method sets or retrieves the description of the certificate map.
Syntax
The Description method has the following format:
Netegrity::PolicyMgtCertMap‑>Description([certMapDesc])
Parameters
The Description method accepts the following parameter:
certMapDesc (string)
(Optional) Specifies the description to set.
Return Value
The Description method returns one of the following values:
The DirectoryType method sets or retrieves the type of user directory involved in the user authentication.
Syntax
The DirectoryType method has the following format:
Netegrity::PolicyMgtCertMap‑>DirectoryType([dirType])
Parameters
The DirectoryType method accepts the following parameter:
dirType (int)
(Optional) Specifies one of the following types of user directory:
Return Value
The DirectoryType method returns one of the following values:
The EnableCRL method sets or retrieves the flag that determines whether to check the Certificate Revocation List (CRL) for revoked certificates.
Syntax
The EnableCRL method has the following format:
Netegrity::PolicyMgtCertMap‑>EnableCRL([ckCRLFlag])
Parameters
The EnableCRL method accepts the following parameter:
ckCRLFlag (int)
(Optional) Specifies whether to check certificates against the CRL:
Return Value
The EnableCRL method returns one of the following values:
Remarks
A CRL is a list of revoked X.509 client certificates published by the Certificate Authority. Comparing a certificate against a CRL is one way to ensure that certificates are valid. When a user with such a certificate tries to access a protected resource, SiteMinder finds the user's certificate in the CRL and rejects the authentication.
Before you enable CRL checking, call the method PolicyMgtCertMap‑>CRLUserDirectory to specify the user directory where the CRL is located.
The IssuerDN method sets or retrieves the DN of the certificate issuer.
Syntax
The IssuerDN method has the following format:
Netegrity::PolicyMgtCertMap‑>IssuerDN([issuerDN])
Parameters
The IssuerDN method accepts the following parameter:
issuerDN (string)
(Optional) Specifies the issuer DN to set.
Return Value
The IssuerDN method returns one of the following values:
The UseDistributionPoints method sets or retrieves the flag indicating whether Certificate Revocation List (CRL) searches should use a distribution point as a starting point for a search.
Syntax
The UseDistributionPoints method has the following format:
Netegrity::PolicyMgtCertMap‑>UseDistributionPoints([distPointsFlag])
Parameters
The UseDistributionPoints method accepts the following parameters:
distPointsFlag (int)
(Optional) Specifies whether to use distribution points for CRL searches:
Return Value
The UseDistributionPoints method returns one of the following values:
Remarks
Large CRLs may contain multiple distribution points that can be used to locate a revoked user. Distribution points indicate a starting point in the CRL LDAP directory. By providing a starting point for a CRL check, distribution points save the processing time that it would take to search the entire CRL.
The VerifySignature method sets or retrieves the flag indicating whether SiteMinder should verify the Certificate Authority's signature in the Certificate Revocation List (CRL).
Syntax
The VerifySignature method has the following format:
Netegrity::PolicyMgtCertMap‑>VerifySignature([verifyFlag])
Parameters
The VerifySignature method accepts the following parameter:
verifyFlag (int)
(Optional) Specifies whether to verify the CA's signature in the CRL:
Return Value
The VerifySignature method returns one of the following values:
The following methods act on PolicyMgtCluster objects:
The AddServer method adds a server to the cluster.
Syntax
The AddServer method has the following format:
Netegrity::PolicyMgtCluster‑>AddServer(Host, Port)
Parameters
The AddServer method accepts the following parameters:
Host (string)
Specifies the host IP address.
Port (int)
Specifies the server port.
Return Value
The AddServer method returns one of the following values:
Remarks
The servers in a cluster are referenced in an array. When you add a server to a cluster, it is added to the end of the server array.
Due to dynamic load balancing, in which requests are sent to the highest-capacity available server in the cluster, the order in which servers are added to the cluster does not matter.
To add a non-clustered server to a host configuration, call the PolicyMgtHostConfig‑>AddServer method.
The GetAllServers method retrieves an array of all the servers in the cluster.
Syntax
The GetAllServers method has the following format:
Netegrity::PolicyMgtCluster‑>GetAllServers( )
Parameters
The GetAllServers method accepts no parameters.
Return Value
The GetAllServers method returns one of the following values:
Remarks
To retrieve the servers that are not members of clusters, call the PolicyMgtHostConfig‑>GetAllServers method.
|
Copyright © 2012 CA.
All rights reserved.
|
|