Defines a SiteMinder authentication scheme object.
typedef struct Sm_PolicyApi_Scheme_s { int iStructId; char pszOid[BFSIZE]; char pszName[BFSIZE]; /* Required */ char pszDesc[BFSIZE]; int nLevel; /* Required */ char pszLib[BFSIZE]; char pszParam[BFSIZE]; char pszSecret[BFSIZE]; bool bIsTemplate; bool bIsUsedbyAdmin; Sm_Api_SchemeType_t nType; /* Required */ bool bAllowSaveCreds; /* Required */ bool bIsRadius; /* Required */ bool bIgnorePwCheck; /* Required */ struct Sm_PolicyApi_Scheme_s* next; } Sm_PolicyApi_Scheme_t;
Field |
Description |
---|---|
iStructId |
Authentication scheme data structure ID, defined in Sm_PolicyApi_Structs_t. |
pszOid |
The object identifier of the authentication scheme object. |
pszName |
Name of the authentication scheme. |
pszDesc |
Brief description of the authentication scheme. |
nLevel |
The protection level of the authentication scheme. The level may vary from 1 through 1000. The higher the number, the more secure is the scheme. With Anonymous authentication schemes, set this value to 0. |
pszLib |
The name of the shared library that implements the custom authentication scheme. |
pszParam |
Information that is passed on to the custom authentication scheme. |
pszSecret |
A shared secret known to two parties for the purpose of establishing secure data exchange. This information is passed on to the custom authentication scheme. |
bIsTemplate |
Flag to indicate whether the authentication scheme is a template. Note: Setting an authentication scheme as a template with the C Policy Management API is deprecated in SDK v6.0 SP3. |
bIsUsedbyAdmin |
Flag to indicate if the custom authentication scheme can be used to authenticate administrators. |
nType |
The type of the authentication scheme, defined in Sm_Api_SchemeType_t. |
bAllowSaveCreds |
Flag to allow user credentials to be saved. |
bIsRadius |
Flag to indicate if the scheme is of type Radius. |
bIgnorePwCheck |
If this flag is set to true, password policies for the authentication scheme will be disabled. |
next |
Pointer to the next Scheme structure. |
Defines a shared secret policy.
In the Administrative UI, a shared secret policy is defined in the Shared Secret Rollover tab of the Key Management dialog box.
Syntax
typedef struct Sm_PolicyApi_SharedSecretPolicy_s { int iStructID; bool bIsEnabled; int iRolloverPeriod; int iRolloverFrequency; } Sm_PolicyApi_SharedSecretPolicy_t;
Field |
Description |
---|---|
iStructID |
Authentication scheme data structure ID, defined in Sm_PolicyApi_Structs_t. |
bIsEnabled |
Is shared secret rollover enabled? |
iRolloverPeriod |
The unit of time (hourly, daily, weekly, monthly) that is used with iRolloverFrequency to determine how often the shared secret is automatically changed (for example, every 3 days, every 2 months, etc.). Valid values are specified in Sm_PolicyApi_SecretRolloverPeriod_t. |
iRolloverFrequency |
Specifies the number of iRolloverPeriod units between rollovers. |
Defines TCP/IP connectivity information for a Policy Server.
Syntax
typedef struct Sm_PolicyApi_Server_s { int iStructId; char pszIpAddr[BFSIZE]; /* Required */ long nPort[3]; long nClusterSeq; struct Sm_PolicyApi_Server_s* next; } Sm_PolicyApi_Server_t;
Field |
Description |
---|---|
iStructId |
Policy server structure ID, defined in Sm_PolicyApi_Structs_t. |
pszIpAddr |
The TCP/IP address of a Policy Server. |
nPort |
Prior to v6.0 of SiteMinder, this is an array of TCP/IP ports for Accounting, Authentication, and Authorization services. Beginning with SiteMinder v6.0, only the Policy Server port needs to be specified. |
nClusterSeq |
The cluster sequence number for this server. For a non-cluster server, omit the parameter. For a cluster server, specify the cluster sequence number, starting from one. Specifying a sequence number that is equal to an existing sequence number will result in an error. |
next |
Pointer to the next server structure. |
Defines a trusted host object.
Syntax
typedef struct Sm_PolicyApi_TrustedHost_s { int iStructId; char pszOid[BFSIZE]; char pszName[BFSIZE]; char pszDesc[BFSIZE]; char pszIPAddr[BFSIZE]; char pszSecret[BFSIZE]; bool bIs4xHost; struct Sm_PolicyApi_TrustedHost_s* next; bool bRolloverEnabled; } Sm_PolicyApi_TrustedHost_t;
Field |
Description |
---|---|
iStructId |
Data structure ID, defined in Sm_PolicyApi_Structs_t. |
pszOid |
The object identifier of the trusted host object. |
pszName |
The trusted host name. |
pszDesc |
Brief description of the trusted host. |
pszIPAddr |
The IP address of the trusted host. |
pszSecret |
The shared secret of the trusted host. |
bIs4xHost |
Internal use only. |
next |
Pointer to the next trusted host structure. |
bRolloverEnabled |
Indicates whether or not shared secret rollover is enabled for this trusted host. |
Defines a SiteMinder User object.
Syntax
typedef struct Sm_PolicyApi_User_s { int iStructId; char pszUserPolicyOid[BFSIZE]; /* Required */ char pszUserDirOid[BFSIZE]; /* Required */ char pszPath[BFSIZE]; /* Required */ char pszClass[BFSIZE]; /* Required */ Sm_PolicyResolution_t nPolicyResolution; /* Required */ int nFlags; /* Required */ struct Sm_PolicyApi_User_s* next; } Sm_PolicyApi_User_t;
Field |
Description |
---|---|
iStructId |
User data structure ID, defined in Sm_PolicyApi_Structs_t. |
pszUserPolicyOid |
The object identifier of the user policy. |
pszUserDirOid |
The object identifier of the user directory |
pszPath |
User's distinguished name (DN). |
pszClass |
The object class as understood by a user directory, such as organizationalUnit in LDAP or User in NT. |
nPolicyResolution |
The relationship between two policy objects. Policy resolutions are enumerated in Sm_PolicyResolution_t. |
nFlags |
A bitmask using the bits defined in Policy Flags. |
next |
Pointer to the next User structure. |
Makes user context information available to callers of the Policy Management API.
Syntax
typedef struct Sm_PolicyApi_UserContext_s { int iStructId; Sm_Api_UserContext_t *pUserContext; struct Sm_PolicyApi_UserContext_s* next; } Sm_PolicyApi_UserContext_t;
Field |
Description |
---|---|
iStructId |
User data structure ID, defined in Sm_PolicyApi_Structs_t. |
pUserContext |
Pointer to the user context information. |
next |
This field is always set to null. |
Defines a SiteMinder user directory object.
Syntax
typedef struct Sm_PolicyApi_UserDir_s { int iStructId; char pszOid[BFSIZE]; char pszName[BFSIZE]; /* Required */ char pszDesc[BFSIZE]; char pszNamespace[BFSIZE]; /* Required */ char pszServer[BFSIZE]; /* Required */ char pszSearchRoot[BFSIZE]; char pszUserLookupStart[BFSIZE]; char pszUserLookupEnd[BFSIZE]; char pszUsername[BFSIZE]; char pszPassword[BFSIZE]; int nSearchResults; /* Required */ int nSearchScope; /* Required */ int nSearchTimeout; /* Required */ bool bSecureConnection; /* Required */ bool bRequireCredentials; /* Required */ char pszDisabledAttr[BFSIZE]; char pszUniversalIDAttr[BFSIZE]; char pszODBCQuerySchemeOid[BFSIZE]; char pszAnonymousId[BFSIZE]; char pszPasswordData[BFSIZE]; char pszPasswordAttribute[BFSIZE]; char pszEmailAddressAttr[BFSIZE]; char pszChallengeRespAttr[BFSIZE]; struct Sm_PolicyApi_UserDir_s* next; } Sm_PolicyApi_UserDir_t;
Field |
Description |
---|---|
iStructId |
User directory data structure ID, defined in Sm_PolicyApi_Structs_t. |
pszOid |
The object identifier of the user directory object. |
pszName |
Name of the user directory. |
pszDesc |
Brief description of the user directory. |
pszNamespace |
Mandatory field that designates the specific directory service being connected to (for example, LDAP:, ODBC:, WinNT:, AD:, or Custom:). |
pszServer |
Mandatory field. This is an overloaded field whose contents depend upon the namespace:
|
pszSearchRoot |
One of the following values:
|
pszUserLookupStart |
The User DN Lookup Start allows users to authenticate by entering only a part of the user name, without having to enter an entire DN string. Identifying unique and non-unique segments of the user DN string does this. Use this field with LDAP directories only. |
pszUserLookupEnd |
The User DN Lookup End allows users to authenticate by entering only a part of the user name, without having to enter an entire whole DN string. Use this field with LDAP directories only. |
pszUsername |
The user name needed to access a user directory. |
pszPassword |
The password needed to access a user directory. |
nSearchResults |
The maximum number of records that can be returned from a search of an LDAP or custom directory. |
nSearchScope |
The extent to which SiteMinder looks for users and user groups below pszSearchRoot in an LDAP directory - all levels below the root (subtree) or just one level below the root. Specify 1 for one level down or 2 for subtree. |
nSearchTimeout |
The maximum amount of time, in seconds, that SiteMinder will query an LDAP or custom directory. |
bSecureConnection |
This flag must be enabled when accessing an LDAP or custom directory over SSL. Enabling Secure Connect means that SiteMinder performs secure authentication and encrypted transmissions. |
bRequireCredentials |
Flag to specify credentials necessary to authenticate against a user directory |
pszDisabledAttr |
Name of the user directory attribute that SiteMinder uses to keep track of a user's enabled or disabled state. Applies to LDAP and ODBC directories, and possibly to custom directories. |
pszUniversalIDAttr |
Name of the user directory attribute that has been designated as the Universal ID. Typically, the Universal ID differs from the user's login ID, and the Universal ID is used to look up user information. Applies to LDAP, ODBC, and WinNT directories, and possibly to custom directories. |
pszODBCQuerySchemeOid |
The object identifier for a set of ODBC queries that SiteMinder uses to query the ODBC directory. |
pszAnonymousId |
Name of the user directory attribute that is designated as the anonymous user DN. This DN is defined in the anonymous authentication scheme. Anonymous users impersonate this DN to gain access to the resources associated with the anonymous authentication scheme. Applies to LDAP directories, and possibly to custom directories. |
pszPasswordData |
Name of the user directory attribute that SiteMinder uses to store password policy information. Applies to LDAP and ODBC directories, and possibly to custom directories. |
pszPasswordAttribute |
Name of the user directory attribute that contains the user's password, as defined using Password Services. Applies to LDAP and ODBC directories, and possibly to custom directories. |
pszEmailAddressAttr |
Reserved for future use. |
pszChallengeRespAttr |
Name of the user directory attribute that contains a response to return to the user, such as a hint for a forgotten password. Applies to LDAP directories, and possibly to custom directories. |
next |
Pointer to the next directory structure. |
Remarks
Fields apply to all types of directories (LDAP, ODBC, WinNT, and custom) unless individual directory types are specified.
Fields that apply to LDAP directories also apply to Active Directories.
Information regarding all PasswordState virtual attributes is returned using the SmPolicyApi_UserPasswordState_t structure. This structure coexists with a User object, which is restricted by the UserDirectory OID and a User DN string. The structure can be retrieved, created, or updated through the C Policy Management API.
Syntax
typedef struct Sm_PolicyApi_UserPasswordState_s { int iLoginFailures; time_t tLastLogin; time_t tPrevLogin; time_t tDisabled; time_t tLastPWChange; } Sm_PolicyApi_UserPasswordState_t;
Field |
Description |
---|---|
iLoginFailures |
Specifies how many times the user has failed to log in since the last successful login. |
tLastLogin |
Specifies the last time the user successfully logged in. |
tPrevLogin |
Specifies the second-to-last time the user successfully logged in. |
tDisabled |
Specifies the time the user was disabled. |
tLastPWChange |
Specifies the last time the user changed his password. If this value updates the user directory setting for the last time the password was changed, and the password is reset outside of SiteMinder, the password policy preventing password reuse may not work as expected. The value 0 may be returned in this field in the following cases:
|
Defines a variable object that can be used in a variable expression for a policy or a response. Variable objects are managed by the Variable Functions.
A variable is a dynamic object that is resolved to a value during an authorization request. The variables appear within an active expression defined for a policy or a response.
Variables are used as follows:
For example, suppose a policy that protects a bank's credit card application form contains an active expression with a Credit Rating variable and a Salary variable. When a user attempts to access the form, the user is authorized only if his credit rating and salary meet or exceed the minimum values for these variables.
Syntax
typedef struct Sm_PolicyApi_Variable_s { int iStructId; char pszOid[BFSIZE]; char pszName[BFSIZE]; char pszDesc[BFSIZE]; char pszVariableTypeOid[BFSIZE]; char pszDefinition[BFSIZE]; char pszMetaData[BFSIZE]; int nReturnType; bool bPreFetchFlag; char pszDomainOid[BFSIZE]; Sm_PolicyApi_Oid_t* pNestedVariableList; struct Sm_PolicyApi_Variable_s* next; } Sm_PolicyApi_Variable_t;
Field |
Description |
---|---|
iStructId |
Data structure ID, defined in Sm_PolicyApi_Structs_t. |
pszOid |
The unique object ID of the variable object. |
pszName |
The user-defined name of the variable object. |
pszDesc |
Optional text describing the variable object. |
pszVariableTypeOid |
The unique object ID of the variable type. |
pszDefinition |
Information needed to obtain the value of the variable at runtime. |
pszMetaData |
Reserved for use by the optional CA TransactionMinder product. |
nReturnType |
The data type of the variable value:
|
bPreFetchFlag |
Not currently used. |
pszDomainOid |
The unique object ID of the associated domain. |
pNestedVariableList |
A linked list of nested variable OIDs that are part of the definition of this variable. |
next |
Pointer to the next variable object structure. |
You define a variable by specifying where the variable's value can be found. You do so through the pszDefinition field.
The value of this field can be a simple string or a set of XML elements, depending on the variable type. Here are the SiteMinder variable types and a description of the pszDefinition field for each type:
The pszDefinition field contains the name of a field on an HTML form. In a POST action, the variable value is derived from the value assigned to the field.
The pszDefinition field contains the following XML code:
<RequestContextVariableDef> <ItemName></ItemName> </RequestContextVariableDef>
The variable value depends upon which of the following attribute names appears within the ItemName element:
The pszDefinition field contains the actual value that will be compared against the user-supplied data at runtime. For example, a Static variable of return type Sm_PolicyApi_VarReturnTypes_Date might be assigned the string value 2004-01-01. During authorization, this assigned date is compared against a user-supplied date.
The pszDefinition field contains some or all of the following XML code:
<UserContextVariableDef> <ItemName></ItemName> <PropertyName></PropertyName> <DN></DN> <BufferSize></BufferSize> </UserContextVariableDef>
The variable value is based on an attribute of a user directory connection (such as session ID) or on the contents of the user directory (such as user name). The name of the attribute upon which the variable value is based appears in the XML element ItemName.
The ItemName element can contain one of the following values:
The elements PropertyName, DN, and BufferSize are only used as follows:
The pszDefinition field contains the following basic XML structure:
<WebServiceVariableDefn xmlns:NeteWS= "http://www.netegrity.com/2003/SM6.0";> <NeteWS:RemoteURL></NeteWS:RemoteURL> <NeteWS:SSL/> <NeteWS:RemoteMethod></NeteWS:RemoteMethod> <NeteWS:ResultQuery></NeteWS:ResultQuery> <NeteWS:AuthCredentials> <NeteWS:Username></NeteWS:Username> <NeteWS:Password></NeteWS:Password> <NeteWS:Hash></NeteWS:Hash> </NeteWS:AuthCredentials> <NeteWS:Document> <SOAP:Envelope xmlns:SOAP= "http://schemas.xmlsoap.org/soap/envelope/";> <SOAP:Header></SOAP:Header> <SOAP:Body></SOAP:Body> </SOAP:Envelope> </NeteWS:Document> </WebServiceVariableDefn>
To retrieve a variable value from a Web Service, the Policy Server sends the Web Service a SOAP request document as specified in pszDefinition, and then extracts the variable value from the SOAP response.
The following table describes the XML elements used to configure a WebService variable:
Element |
Description |
---|---|
RemoteURL |
The URL to the Web Service that will resolve the WebService variable. |
SSL |
Specifies that the connection between the Policy Server and the Web Service should use SSL. |
RemoteMethod |
Set this element to POST. |
ResultQuery |
The return query, in XPath format. The Policy Server uses this information to search for the variable's value in the SOAP response document. |
AuthCredentials |
Optionally, specify the user's Web Service credentials through the following elements:
Optionally, use the Hash element to specify that a hash of the password is to be included in the WS‑Security password. |
Document |
Optionally, use this element to define a SOAP header and/or SOAP body through the following elements:
Nested variables of type RequestContext, UserContext, Post, and Static can be used inside the header and body. Their values are resolved and substituted before the request document is sent to the remote Web Service. Specify a nested variable as follows: $variable-name$ |
Note: The XML element structures shown above are formatted for legibility. The XML string supplied through the pszDefinition field should not be formatted with spaces, tabs, and return characters. For example, a RequestContext variable for a Resource attribute would be passed in pszDefinition as follows:
<RequestContextVariableDef><ItemName>Resource</ItemName></RequestContextVariableDef>
Defines a supported variable object type. Variable types are read-only. They cannot be created or deleted through the Policy Management Variable Functions.
Syntax
typedef struct Sm_PolicyApi_VariableType_s { int iStructId; char pszOid[BFSIZE]; char pszName[BFSIZE]; char pszDesc[BFSIZE]; char pszFilter[BFSIZE]; struct Sm_PolicyApi_VariableType_s* next; } Sm_PolicyApi_VariableType_t;
Field |
Description |
---|---|
iStructId |
Data structure ID defined in Sm_PolicyApi_Structs_t. |
pszOid |
The unique object ID of the variable type object. |
pszName |
One of the following object type names:
If you have installed the optional CA SOA Security Manager product, the following variable types are also available:
You cannot create these variables using the SDK; you must use the Administrative UI. |
pszDesc |
The description of the variable type object-for example, Form Post Variables. |
pszFilter |
Not currently used. |
next |
Pointer to the next variable type object structure. |
Defines a linked list of WS-Federation Provider properties, that is, name/value pairs.
An Sm_PolicyApi_WSFEDProviderProp_t structure consists of a single name/value pair. You define a set of properties for a given WS-Federation object through a linked list of Sm_PolicyApi_WSFEDProviderProp_t structures.
Syntax
typedef struct Sm_PolicyApi_WSFEDProviderProp_s { int iStructId; char pszName[BFSIZE]; char pszValue[BFSIZE]; Sm_PolicyApi_WSFEDProviderProp_t* next; } Sm_PolicyApi_WSFEDProviderProp_t;
Parameters
ID of the structure in Sm_PolicyAp_Structs_t. Should be set to Sm_PolicyApi_WSFEDProviderProp_ID.
Name of the WS-Federation Provider property.
Value of the WS-Federation Provider property.
Pointer to the next WS-Federation Provider property data in the linked list.
Each Sm_PolicyApi_WSFEDProviderProp_t structure contains a WS-Federation metadata property defined as a name/value pair. A complete set of properties for a particular object is defined as a linked list of Sm_PolicyApi_WSFEDProviderProp_t structures.
The following metadata properties apply to WS-Federation objects types:
Optional properties are specified in square brackets.
For Boolean values, a value of 1 denotes true; any other value denotes false.
The Property Name column also includes the corresponidng C Policy Management API macro name.
Common Properties
The following table specifies the metadata properties that are common to defining a Resource Partner or an Account Partner:
Property Name |
Type |
Description |
---|---|---|
General |
||
Name WSFED_NAME |
String |
Name of the provider. |
[Description] WSFED_DESCRIPTION |
String |
Brief description of the provider. |
[SkewTime] WSFED_SKEW_TIME |
String |
The skew time between consumer and producer sides in seconds. This value is used to calculate validity duration of assertions and of SLO requests. The default value is 30. |
Versioning |
||
[WSFEDMajorVersion] WSFED_MAJOR_VERSION |
Int |
Version of WSFED protocol supported by this provider. The value of this property has to be set to 1. |
[WSFEDMinorVersion] WSFED_MINOR_VERSION |
Int |
Version of WSFED protocol supported by this provider. The value of this property has to be set to 0. |
[WSFEDSAMLMajorVersion] WSFED_SAML_MAJOR_ VERSION |
Int |
Version of SAML protocol supported by this provider. The value of this property has to be set to 1. |
[WSFEDSAMLMinorVersion] WSFED_SAML_MINOR_ VERSION |
Int |
Version of WSFED protocol supported by this provider. The value of this property has to be set to 1. |
Resource Partner Properties
The following table lists the metadata properties used to define a Resource Partner:
Property Name |
Type |
Description |
---|---|---|
Domain WSFED_RP_DOMAIN |
OID |
The Domain OID where this Resource Partner is defined |
[Enabled] WSFED_ENABLED |
Bool |
Boolean indicating if the provider is enabled. If not provided, defaults to true. This property does not get stored physically to the property collection but is used to enable underlying policy. |
NetegrityAffiliateMinderAuthURL WSFED_RP_AUTHENTICATION_URL |
String |
The protected URL used to authenticate Resource Partner users. |
NameID |
||
[NameIdFormat] WSFED_RP_NAMEID_FORMAT |
String |
The URI for a WSFED name identifier. |
[NameIdType] WSFED_RP_NAMEID_TYPE |
Int |
Represents the type of name identifier: 0 - Static Text 1 - User Attribute 2 - DN Attribute Defaults to 1 |
[NameIdStatic] WSFED_RP_NAMEID_STATIC |
String |
The static text to be used as the name identifier when the NameIdType == 0. The Policy Management API will return an error if no value is specified for this property and NameIdType==0. |
[NameIdAttrName] WSFED_RP_NAMEID_ATTR_NAME |
String |
The attribute name (user or DN) which holds the name identifier when NameIdType == 1 or NameIdType == 2. If "NameIdType" is set to "1" or "2", "NameIdAttrName" property should have a value, otherwise the Policy Management API will return an error. |
[NameIdDNSpec] WSFED_RP_NAMEID_DN_SPEC |
String |
The DN spec used when the NameIdType == 2. If "NameIdType" is set to "2", "NameIdDNSpec" property should have a value, otherwise the Policy Management API will return error. |
[NameIdAllowNested] WSFED_RP_NAMEID_ALLOWED_ NESTED |
Bool |
Flag indicating whether nested groups are allowed when selecting a DN attribute for the name identifier. Defaults to zero. |
General |
||
KEY_RPID WSFED_KEY_RPID |
String |
The Resource Partner ID for WSFED Assertion Consumer. Must be a URI less than 1024 characters in length. Also this is the key using which properties associated to a provider can be looked up. |
APID WSFED_APID |
String |
The Resource Partner ID of the WSFED Assertion Producer. |
SSO |
||
[AuthenticationMethod] WSFED_RP_AUTHENTICATION_METHOD |
String |
The authentication method to use in the assertion. |
[ValidityDuration] WSFED_RP_VALIDITY_DURATION |
Int |
An integer number of seconds for which a generated assertion is valid. If not provided during Resource Partner creation, the default is 60 seconds. |
AssertionConsumerDefaultURL WSFED_RP_ASSERTION_CONSUMER_ |
String |
The default WSFED Assertion Consumer to use. |
[AuthenticationLevel] WSFED_RP_AUTHENTICATION_LEVEL |
Int |
The principal must have authenticated in a realm by an authentication scheme of at least this level or greater. If not supplied during Resrource Partner creation, this will default to 5. |
Signout |
||
[SLOEnabled] WSFED_RP_SLO_ENABLED |
Bool |
Boolean indicating if Signout is enabled for the Resource Partner. |
[SignOutCleanupURL] WSFED_RP_SIGNOUT_CLEANUP_URL |
String |
Sign-out cleanup URL of the Resource Partner. This property is mandatory if SLOEnabled is true. |
[SignOutConfirmURL] WSFED_RP_SIGNOUT_CONFIRM_URL |
String |
URL where the user will be redirected once the Sign-out at Account Partner is complete. (If there are multiple Resource Partners available then Sign-out confirm URL of the last Resource Partner is applicable.) |
Advanced |
||
[AssertionPluginClass] WSFED_RP_ PLUGIN_CLASS |
String |
The fully qualified Java class name for the Assertion Generator Plugin class to be used. |
[AssertionPluginParameters] WSFED_RP_ PLUGIN_PARAMS |
String |
The string containing parameters to be passed to the Assertion Generator Plugin. |
Account Partner Properties
The following table lists the metadata properties used to define an Account Partner:
Property Name |
Type |
Description |
---|---|---|
General |
||
KEY_APID WSFED_KEY_APID |
String |
Identifier for the account partner. Among other things this identifier is used to identify assertion issuer. Also this is the key using which properties associated to a Account Partner can be looked up. |
RPID WSFED_RPID |
String |
Identifier of the Resource Partner. |
Signing |
||
[DisableSignatureProcessing] WSFED_DISABLE_SIGNATURE_ PROCESSING |
Bool |
Specifies whether signature processing is disabled. This setting is useful during initial setup of a Account Partner. When a provider is up and running, this setting will need to be set to false, to avoid security implications. Default value is zero. |
[DsigVerInfoIssuerDN] WSFED _DSIG_VERINFO_ALIAS |
String |
Used to locate the certificate of the provider in the key store if it is not provided inline. |
Users |
||
[XPath] WSFED_AP_XPATH |
String |
XPath query for disambiguating the principal. |
[LDAPSearchSpec] WSFED_AP_LDAP_SEARCH_SPEC |
String |
Search specification for LDAP directory. |
[ODBCSearchSpec] WSFED_AP_ODBC_SEARCH_SPEC |
String |
Search specification for ODBC directory. |
[WinNTSearchSpec] WSFED_AP_WINNT_SEARCH_SPEC |
String |
Search specification for WinNT directory. |
[CustomSearchSpec] WSFED_AP_CUSTOM_SEARCH_SPEC |
String |
Search specification for a custom directory. |
[ADSearchSpec] WSFED_AP_AD_SEARCH_SPEC |
String |
Search specification for AD directory. |
SSO |
||
[RedirectMode] WSFED_AP_SSO_REDIRECT_MODE |
Int |
Redirect mode for assertion attributes. The following values are valid: |
[SSODefaultService] WSFED_AP_SSO_DEFAULT_SERVICE |
String |
The default location of the Single Sign-on service. |
[Target] WSFED_AP_SSO_TARGET |
String |
Target resource at the destination site. |
[EnforceSingleUsePolicy] ENFORCE_SINGLE_USE_POLICY |
Bool |
If 1, the single use policy for POST assertions will be enforced, if 0, single use policy for POST assertions will not be enforced. Default set to 1. |
Signout |
||
[SLOEnabled] WSFED_AP_SLO_ENABLED |
Bool |
Boolean indicating if Signout is enabled for the Account Partner. If not supplied during Account Partner creation, this will default to disabled. |
[SignOutURL] WSFED_AP_SIGNOUT_URL |
String |
Sign-out URL of the Account Partner. This property is mandatory if SLOEnabled is true. |
Message Consumer Plug-in |
||
[APPluginClass] WSFED_AP_ PLUGIN_CLASS |
String |
Name of a Java class that implements customization of assertion consumption. |
[APPluginParameters] WSFED_AP_ PLUGIN_PARAMS |
String |
Parameters of the Java class that implements customization of assertion consumption. All parameters are concatenated into one line. |
Post Processing URL Support |
||
[UserNotFoundRedirectURL] WSFED_AP_USER_NOT_FOUND_ REDIRECT_URL |
String |
Contains an optional redirect URL to be used when - Auth Scheme cannot obtain a LoginID from the federation Message, given the configured query string |
[UserNotFoundRedirectMode] WSFED_AP_USER_NOT_FOUND_ REDIRECT_MODE |
0/1 |
Default is 0. 0: Http 302 redirect without passing federation messages 1: Http Form Post Redirect |
[FailureRedirectURL] WSFED_AP_FAILURE_REDIRECT_URL |
String |
Contains an optional redirect URL to be used when assertion processsing has failed. |
[FailureRedirectMode] WSFED_AP_FAILURE_REDIRECT_MODE |
0/1 |
Default is 0. 0: Http 302 redirect without passing federation messages 1: Http Form Post Redirect |
[InvalidRedirectURL] WSFED_AP_INVALID_REDIRECT_URL |
String |
Contains an optional redirect URL to be used when the assertion is invalid. |
[InvalidRedirectMode] WSFED_AP_INVALID_REDIRECT_MODE |
0/1 |
Default is 0. 0: Http 302 redirect without passing federation messages 1: Http Form Post Redirect |
Defines WS-Federation Resource Partner data.
Syntax
typdef struct Sm_PolicyApi_WSFEDResourcePartner_s { int iStructId; Sm_PolicyApi_WSFEDProviderProp_t* pProps; Sm_PolicyApi_WSFEDResourcePartner_t* next; } Sm_PolicyApi_WSFEDResroucePartner_t;
Parameters
ID of the structure in Sm_PolicyApi_Structs_t. Should be set to Sm_PolicyApi_WSFEDResourcePartner_ID.
Pointer to the linked list of Resource Partner properties.
Pointer to the next Resource Partner data in the linked list.
The Policy Management API includes various categories of exported data types, including:
Sm_PolicyApi_AdminRights_t enumerates the rights of the administrator. These values may be used individually or combined to set multiple rights. The resulting value is passed to Sm_PolicyApi_AddAdmin() as one of the attributes in a Sm_PolicyApi_Admin_t structure.
Name |
Value |
---|---|
Sm_PolicyApi_AdminRights_ManageAllDomains |
0x01 |
Sm_PolicyApi_AdminRights_ManageObjects |
0x02 |
Sm_PolicyApi_AdminRights_ManageUsers |
0x04 |
Sm_PolicyApi_AdminRights_ManageKeys |
0x08 |
Sm_PolicyApi_AdminRights_ManagePasswordPolicy |
0x08 |
Sm_PolicyApi_AdminRights_ManageReports |
0x10 |
The following table shows how these values are used to set administrative privileges:
Scope |
Task |
Setting and Privilege(s) |
---|---|---|
System |
Manage System & Domain Objects |
To set the privileges below, set administrator rights to both of the following: Sm_PolicyApi_AdminRights_ManageAllDomains Privileges: Create/edit/delete agents, agent groups, directories, policy domains, authentication schemes, agent types, ODBC setup, directory mappings, certificate mappings, and registration schemes. Create/delete parent realms in all domains. Create/edit/delete administrators. Flush all caches, including cached resources. Change global settings. All the privileges for Manage Domain Objects listed below. |
Domains |
Manage Domain Objects |
To set the privileges below, set administrator rights to: Sm_PolicyApi_AdminRights_ManageObjects Privileges: In managed domains: create/edit/delete rules, rule groups, responses, response groups, policies. Edit top level realms in managed domains (not resource filters). Create/edit/delete nested realms in managed domains. Flush specific realms from the resource cache, and flush all resources (in privileged domains) from the cache. |
System |
View Reports |
To set the privilege below, set administrator rights to both of the following: Sm_PolicyApi_AdminRights_ManageAllDomains Privilege: View all system and domain reports. |
Domains |
View Reports |
To set the privilege below, set administrator rights to: Sm_PolicyApi_AdminRights_ManageUsers Privilege: View reports for managed domains. |
System |
Manage Keys and Password Policies |
To set the privileges below, set administrator rights to both of the following: Sm_PolicyApi_AdminRights_ManageAllDomains Privileges: Create/edit/delete password policies. Manage keys. |
Domains |
Manage Password Policies |
To set the privilege below, set administrator rights to: Sm_PolicyApi_AdminRights_ManagePasswordPolicy Privilege: Create/edit/delete password policies for users in directories attached to managed domains. |
System |
Manage Users |
To set the privileges below, set administrator rights to both of the following: Sm_PolicyApi_AdminRights_ManageAllDomains Privileges: Flush all user session caches, or flush the user session cache of any individual user cache from any directory. Enable/disable users in any directory. Force password change on any user in any directory. |
Domains |
Manage Users |
To set the privileges below, set administrator rights to: Sm_PolicyApi_AdminRights_ManageReports Privileges: Flush user session caches for individual users in directories attached to managed domains. Enable/disable users in directories attached to managed domains. Force password change on users in directories attached to managed domains. |
Sm_PolicyApi_AffiliateAttrType_t enumerates the valid affiliate attribute types, for use in the affiliate functions to manipulate affiliate attributes.
Name |
Value |
---|---|
Sm_PolicyApi_Affiliate_HTTP_Header_Variable |
1 |
Sm_PolicyApi_Affiliate_HTTP_Cookie_Variable |
2 |
Sm_PolicyApi_SAMLSPAttrMode_t enumerates the valid attribute retrieval types for use in SAML 2.0 Attribute Authority support:
Name |
Value |
---|---|
Sm_PolicyApi_SAMLSP_SSO_Only |
0 |
Sm_PolicyApi_SAMLSP_Attribute_Only |
1 |
One of these values should be provided in the nMode element of the Sm_PolicyApi_SAMLSPAttr_t structure.
Sm_PolicyApi_AuthAzMapType_t enumerates the authentication and authorization mapping types.
Name |
Value |
---|---|
Sm_PolicyApi_AuthAzMapType_DN |
1 |
Sm_PolicyApi_AuthAzMapType_UniversalId |
2 |
Sm_PolicyApi_AuthAzMapType_Attr |
3 |
Sm_PolicyApi_CertMapAttrType_t enumerates types of mapping that determine how an X.509 client certificate will map to the user information in the authentication directory.
Name |
Value |
---|---|
Sm_PolicyApi_CertMapAttrType_Single |
1 |
Sm_PolicyApi_CertMapAttrType_Custom |
2 |
Sm_PolicyApi_CertMapAttrType_Exact |
3 |
Sm_PolicyApi_DirType_t enumerates the types of directories that can be used to authenticate users.
Name |
Value |
---|---|
Sm_PolicyApi_DirType_LDAP |
1 |
Sm_PolicyApi_DirType_WinNT |
2 |
Sm_PolicyApi_DirType_ODBC |
3 |
Sm_PolicyApi_CertMapFlags_t enumerates flags that represent certificate mapping properties.
Flag |
Value |
---|---|
Sm_PolicyApi_CertMapFlags_CertRequired Setting this flag causes SiteMinder to verify that the certificate presented by the user matches the certificate stored in the user's entry in the authentication directory. The authentication directory must be an LDAP user directory. |
0x01 |
Sm_PolicyApi_CertMapFlags_UseDistributionPoints Set this flag if your Certificate Revocation List (CRL) uses distribution points. Large CRLs may contain multiple distribution points that can be used to locate a revoked user. Distribution points indicate a starting point in the CRL LDAP directory. The distribution point provides a starting point for a CRL check and saves the processing time that it would take to search the entire CRL for a particular user. When this flag is set, SiteMinder retrieves the distribution point from the user's certificate, then uses it to find the appropriate LDAP directory entry point for the CRL. |
0x02 |
Sm_PolicyApi_CertMapFlags_VerifySignature Set this flag to enable signature verification, where the Policy Server checks the Certificate Authority's public certificate against a signature stored in the policy database. |
0x04 |
Sm_PolicyApi_CertMapFlags_CRLCheck Set this flag to make SiteMinder perform a Certificate Revocation List check. A Certificate Revocation List (CRL) is a list of revoked X.509 client certificates published by the Certificate Authority. Comparing certificates against CRLs is one way to ensure that certificates are valid. When a user with such a certificate tries to access a protected resource, SiteMinder finds the user's certificate in the CRL and rejects the authentication. |
0x08 |
Sm_PolicyApi_CertMapFlags_Cache Setting this flag causes SiteMinder to use cached CRL information until the date specified in the NextUpdate field in the CRL. |
0x10 |
Sm_PolicyApi_GetUserDirCapabilities() uses the values that are enumerated in Sm_DirectoryCapability_t, which is defined in SmApi.h.
Directory Capability |
Value |
---|---|
Sm_DirCapability_CreatePasswordPolicy Capable of creating password policy. The following attributes are affected in the user directory (Sm_PolicyApi_UserDir_t): pszPasswordData, pszDisabledAttr, and pszPasswordAttribute. |
0x00000001 |
Sm_DirCapability_CreateRegistrationPolicy Capable of creating registration policy. The following attributes are affected in the user directory (Sm_PolicyApi_UserDir_t): pszAnonymousId, pszEmailAddressAttr, pszChallengeRespAttr, and pszPasswordAttribute. |
0x00000002 |
Sm_DirCapability_ResetUserPassword Capable of resetting the user password. This affects pszPasswordAttribute. |
0x00000004 |
Sm_DirCapability_ChangeUserPassword Capable of changing the user password. This affects pszPasswordAttribute. |
0x00000008 |
Sm_DirCapability_DisableUser Capable of disabling the user account. This affects pszDisabledAttr. |
0x00000010 |
Sm_DirCapability_DmsCapable Capable of being written by the Delegated Management System (DMS). |
0x00000020 |
Sm_DirCapability_Recursive Capable of supporting recursion. |
0x00000040 |
Sm_DirCapability_DisabledAttr Read-Write disabled attribute. This attribute is configured for the user directory. |
0x00100000 |
Sm_DirCapability_UniversalIdAttr Read-only Universal ID. This attribute is configured for the user directory.
|
0x00200000 |
Sm_DirCapability_AnonymousIdAttr Read-Write anonymous ID attribute. This attribute is configured for the user directory. |
0x00400000 |
Sm_DirCapability_PasswordDataAttr Read-Write password data attribute. This attribute is configured for the user directory. |
0x00800000 |
Sm_DirCapability_UserPasswordAttr Read-Write password attribute. This attribute is configured for the user directory. |
0x01000000 |
Sm_DirCapability_EmailAddressAttr Read-only E-mail attribute. This attribute is configured for the user directory. |
0x02000000 |
Sm_DirCapability_ChallengeRespAttr Read-Write Challenge and Response attribute. This attribute is configured for the user directory. |
0x04000000 |
Note: Attribute masks are directory user profile attributes. They are available in the directory. Each attribute is read-only or read-write. Read-write attributes are not used by other applications.
Sm_PolicyApi_DomainFlags_t enumerates flags pertaining to domain-wide influence.
Name |
Value |
---|---|
Sm_PolicyApi_DomainFlags_GlobalPoliciesApply When this flag is set, the domain processes global policies for all realms in the domain. When this flag is not set, the domain does not process global policies. |
0x02 |
Sm_PolicyApi_Groups_t enumerates the type of group for which you can perform group functions.
Name |
Value |
---|---|
Sm_PolicyApi_NULL_Group_Prop |
0 |
Sm_PolicyApi_Rule_Group_Prop |
1 |
Sm_PolicyApi_Response_Group_Prop |
2 |
Sm_PolicyApi_Agent_Group_Prop |
3 |
Sm_PolicyApi_IPAddressType_t enumerates the type of IP address restrictions that are defined for an object in Sm_PolicyApi_IPAddress_t.
IP Address Type |
Value |
---|---|
Sm_PolicyApi_IPAddressType_SingleHost A single host IP address requires the following fields to be set:
|
1 |
Sm_PolicyApi_IPAddressType_HostName A host name IP address requires the following fields to be set:
|
2 |
Sm_PolicyApi_IPAddressType_AddressAndSubNetMask A subnet mask requires the following fields to be set:
|
3 |
Sm_PolicyApi_IPAddressType_Range A range of IP addresses requires the following fields to be set:
|
4 |
Sm_PolicyApi_ManagementCommands_t enumerates the values that can be passed to Sm_PolicyApi_ManagementCommand() for flushing caches, for managing agent encryption keys, and for shared secret rollover.
Initialize the structure to zero (memset) prior to setting any values. Use the symbolic enumerated values, rather than hard-coding integer command values.
The value is passed in the iCommand field of the structure Sm_PolicyApi_ManagementCommand_t.
Management Command |
Value |
---|---|
Sm_PolicyApi_ManagementCommand_FlushAll Flushes all SiteMinder caches. Policy store cache, resource cache, and user information cache are flushed by this command. It does not require any data in the pszData field of Sm_PolicyApi_ManagementCommand_t. |
1 |
Sm_PolicyApi_ManagementCommand_FlushUsers Flushes user information cache. It does not require any data in the pszData field of Sm_PolicyApi_ManagementCommand_t. |
2 |
Sm_PolicyApi_ManagementCommand_FlushRealms Flushes resource cache. It does not require any data in the pszData field of Sm_PolicyApi_ManagementCommand_t. |
3 |
Sm_PolicyApi_ManagementCommand_ChangeDynamicKeys Changes the dynamic agent key. It does not require any data in the pszData field of Sm_PolicyApi_ManagementCommand_t. Before you change a dynamic agent key through the C API, the Agent Key setting in the Policy Server Key Management dialog box must be set to Use dynamic Agent Key. To access this dialog box in the Policy Server UI, click Tools > Manage Keys. Then, in the Agent Key tab, select Use dynamic Agent Key. |
4 |
Sm_PolicyApi_ManagementCommand_ChangePersistentKey Changes the persistent or static key. The data field pszData of Sm_PolicyApi_ManagementCommand_t structure may contain an optional key value. If pszData is empty, the persistent key is randomly generated. |
5 |
Sm_PolicyApi_ManagementCommand_ChangeSessionKey Changes the session key. The data field pszData of Sm_PolicyApi_ManagementCommand_t structure may contain an optional key value. If pszData is empty, the session key is randomly generated. |
6 |
Sm_PolicyApi_ManagementCommand_RolloverSharedSecrets Rolls over shared secrets for rollover-enabled trusted hosts. |
7 |
Sm_PolicyApi_PasswordMsgId_t enumerates password message IDs.
Password messages describe the encoded error message returned to Sm_PolicyApi_SetPassword() when a new password does not satisfy the password policy requirements of the specified directory.
Password Message ID |
Value |
---|---|
Sm_PolicyApi_PasswordMsgId_None |
0 |
Sm_PolicyApi_PasswordMsgId_ChangePassword |
1 |
Sm_PolicyApi_PasswordMsgId_PassswordGeneralFailure |
1000 |
Sm_PolicyApi_PasswordMsgId_PasswordShort |
1001 |
Sm_PolicyApi_PasswordMsgId_PasswordLong |
1002 |
Sm_PolicyApi_PasswordMsgId_PasswordOldPasswordBad |
1003 |
Sm_PolicyApi_PasswordMsgId_PasswordReuse |
1004 |
Sm_PolicyApi_PasswordMsgId_PasswordSimilar |
1005 |
Sm_PolicyApi_PasswordMsgId_PasswordRepeatingChars? |
1006 |
Sm_PolicyApi_PasswordMsgId_PasswordDictionaryMatch |
1007 |
Sm_PolicyApi_PasswordMsgId_PasswordContentLetters |
1008 |
Sm_PolicyApi_PasswordMsgId_PasswordContentDigits |
1009 |
Sm_PolicyApi_PasswordMsgId_PasswordContentAlphaNum |
1010 |
Sm_PolicyApi_PasswordMsgId_PasswordContentPunctuation |
1011 |
Sm_PolicyApi_PasswordMsgId_PasswordContentNonPrintable |
1012 |
Sm_PolicyApi_PasswordMsgId_PasswordContentNonAlphaNum |
1013 |
Sm_PolicyApi_PasswordMsgId_PasswordProfileMatch |
1014 |
Sm_PolicyApi_PasswordMsgId_PasswordGraceDays |
1015 |
Sm_PolicyApi_PasswordMsgId_PasswordSystemPIN |
1016 |
Sm_PolicyApi_PasswordMsgId_PasswordUserMaxNumPIN |
1017 |
Sm_PolicyApi_PasswordMsgId_PasswordUserMinMaxNumPIN |
1018 |
Sm_PolicyApi_PasswordMsgId_PasswordUserMaxAlphaPIN |
1019 |
Sm_PolicyApi_PasswordMsgId_PasswordUserMinMaxAlphaPIN |
1020 |
Sm_PolicyApi_PasswordMsgId_PasswordAcceptPIN |
1021 |
Sm_PolicyApi_PasswordMsgId_PasswordContentLowerAlpha |
1022 |
Sm_PolicyApi_PasswordMsgId_PasswordContentUpperAlpha |
1023 |
Sm_PolicyApi_PasswordMsgId_PasswordContentNoLowerAlpha |
1024 |
Sm_PolicyApi_PasswordMsgId_PasswordContentNoUpperAlpha |
1025 |
Sm_PolicyApi_PasswordMsgId_PasswordContentNoDigits |
1026 |
Sm_PolicyApi_PasswordMsgId_PasswordContentNoPunctuation |
1027 |
Sm_PolicyApi_PasswordMsgId_PasswordContentNoNonPrintable |
1028 |
Sm_PolicyApi_PasswordMsgId_PasswordContentNoNonAlphaNum |
1029 |
Sm_PolicyApi_PasswordMsgId_PasswordContentNoAlphaNum |
1030 |
Sm_PolicyApi_PasswordMsgId_PasswordContentMatchRegExp |
1031 |
Sm_PolicyApi_PasswordMsgId_PasswordContentNoMatchRegExp |
1032 |
Sm_PolicyApi_PasswordMsgId_PasswordUserMinNumPIN |
1033 |
Sm_PolicyApi_PasswordMsgId_PasswordUserDigitsPIN |
1034 |
Sm_PolicyApi_PasswordMsgId_PasswordUserAlphaNumPIN |
1035 |
Additional information about the error message is available in the password message field associated with the password message.
Sm_PolicyApi_PasswordMsgFieldId_t enumerates password message field IDs.
Password message fields contain additional information about the password messages described in the previous section. You can find this additional information in the structure Sm_PolicyApi_PasswordMsgField_t.
Password Message Field ID |
Value |
---|---|
Sm_PolicyApi_PasswordMsgFieldId_None |
0 |
Sm_PolicyApi_PasswordMsgFieldId_Min |
1 |
Sm_PolicyApi_PasswordMsgFieldId_Max |
2 |
Sm_PolicyApi_PasswordMsgFieldId_OldPW |
3 |
Sm_PolicyApi_PasswordMsgFieldId_NewPW |
4 |
Sm_PolicyApi_PasswordMsgFieldId_Days |
5 |
Sm_PolicyApi_PasswordMsgFieldId_Token |
6 |
Fields can be of type integer or string, or they can have no type.
Sm_PolicyApi_FieldType_t enumerates the possible data types for the password message fields.
Password Message Field Type |
Value |
---|---|
Sm_PolicyApi_FieldType_None |
0 |
Sm_PolicyApi_FieldType_Int |
1 |
Sm_PolicyApi_FieldType_String |
2 |
Sm_PasswordPolicyBehavior_t enumerates the behavioral characteristics of a password policy.
Password Policy Behavior Flag |
Value |
---|---|
Sm_PasswordPolicy_DontTrackLogins This flag has been replaced in SiteMinder v6.0 SP3 by:
The new flags allow successful and failed logins to be tracked separately. Sm_PasswordPolicy_DontTrackLogins is currently maintained for backwards compatibility. If this flag is set, login tracking for successful and failed logins will not occur. |
0x00000004 |
Sm_PasswordPolicy_AllowFailedWrites Allows users to log in even if password data cannot be written to the user directory. |
0x00000008 |
Sm_PasswordPolicy_InactivityForcePWChange Forces a password change on the next login attempt after a user's password becomes invalid due to inactivity. |
0x00000010 |
Sm_PasswordPolicy_PWExpiredForcePWChange Forces a password change on the next login attempt after a user's password expires. |
0x00000020 |
Sm_PasswordPolicyBehavior_FullReenable If a user's account is disabled due to successive incorrect password entries, this flag re-enables the account after a given time period. Specify the time in the nReenablement field of Sm_PolicyApi_PasswordPolicy_t. If this flag is not set, the user is allowed another login attempt after the given nReenablement time period. |
0x00000040 |
Sm_PasswordPolicy_StopPriorityChaining Prevents the evaluation of password policies with lower priority ratings than the current password policy. |
0x00000080 |
Sm_PasswordPolicy_ExpireDisablePassword When the password expires, disable just the password and not the user account. |
0x00000100 |
Sm_PasswordPolicy_FailuresDisablePassword When the maximum number of authentication failures are exceeded, disable just the password and not the user account. |
0x00000200 |
Sm_PasswordPolicy_ForceCase Force the password's case that is specified through bit Sm_PasswordPolicy_CaseSelect. |
0x00000400 |
Sm_PasswordPolicy_CaseSelect If Sm_PasswordPolicy_ForceCase is set, Sm_PasswordPolicy_ForceCase forces upper case passwords when set, and forces lower case passwords when cleared. |
0x00000800 |
Sm_PasswordPolicy_CaseBits Sets both of the following bits (forces upper case passwords):
|
0x00000c00 |
Sm_PasswordPolicy_StripLeadingWhiteSpace Removes any leading white space from the password. |
0x00001000 |
Sm_PasswordPolicy_StripTrailingWhiteSpace Removes any trailing white space from the password. |
0x00002000 |
Sm_PasswordPolicy_StripFlankingWhiteSpace Sets both of the following bits (strips leading and trailing white space):
|
0x00003000 |
Sm_PasswordPolicy_StripEmbeddedWhiteSpace Removes all white space within the password. |
0x00004000 |
Sm_PasswordPolicy_WhiteSpaceBits Sets all of the following bits (strips leading, trailing, and embedded white space):
|
0x00007000 |
Sm_PasswordPolicy_PreProcessBits Sets all of the following bits (forces upper case passwords and strips leading, trailing, and embedded white space):
|
0x00007c00 |
Sm_PasswordPolicy_DontTrackSuccessLogins Performs directory updates at login time. When this flag is not set, the password policy tracks successful user logins, including the time of the last login. |
0x00008000 |
Sm_PasswordPolicy_DontTrackFailedLogins Performs directory updates at login time. When this flag is not set, the password policy tracks unsuccessful user login attempts. |
0x00010000 |
Note: Values 0x00000400 through 0x00007c00 apply to password preprocessing. During preprocessing, the password is checked before it is processed or stored.
Sm_PolicyApi_AddUsersToPolicy() uses the following values (which are defined in SmApi.h):
Flag |
Value |
---|---|
Sm_PolicyBehavior_Exclude_Mask Bit 0x01 determines whether user policy excludes or includes 'users.' |
0x01 |
Sm_PolicyBehavior_Exclude_No |
0x00 |
Sm_PolicyBehavior_Exclude_Yes |
0x01 |
Sm_PolicyBehavior_Recursive_Mask Bit 0x02 determines whether user policy is recursive. This is applicable to directory object classes that can be nested. |
0x02 |
Sm_PolicyBehavior_Recursive_No |
0x00 |
Sm_PolicyBehavior_Recursive_Yes |
0x02 |
Sm_PolicyBehavior_AND_Mask Bit 0x04 determines whether the user policy has an AND relationship between user policies. This is applicable to user policies that are members of a particular user directory within the policy. |
0x04 |
Sm_PolicyBehavior_AND_No |
0x00 |
Sm_PolicyBehavior_AND_Yes |
0x04 |
Sm_PolicyApi_InitFlags_t enumerates the initialization flags used by Sm_PolicyApi_Init(). These flags affect API behavior.
Flag |
Value |
---|---|
Sm_PolicyApi_InitFlags_EnableCache Enables caching of policy store, resource, and user information to ensure that SiteMinder responds quickly to user requests. |
0x01 |
Sm_PolicyApi_InitFlags_PreLoadCache Enables the Policy Management API to preload the SiteMinder caches. Note: By omitting this flag, you can reduce the time it takes for custom Policy Management applications to make policy store changes. |
0x02 |
Sm_PolicyApi_InitFlags_LoadAgentTypeDictionary Enables the Policy Management API to preload the SiteMinder agent type dictionary. |
0x04 |
Sm_PolicyApi_InitFlags_DisableValidation Disables validation of policy objects. |
0x08 |
Sm_PolicyApi_InitFlags_DisableAudit Disables:
|
0x10 |
Sm_PolicyApi_InitFlags_DisableCacheUpdates Disables cache updates. If cache updates are not disabled and Sm_PolicyApi_InitFlags_EnableCache is turned off, the Policy Management API will still issue the cache updates. |
0x20 |
Sm_PolicyApi_InitFlags_DisableManagementWatchDog Disables the SiteMinder management watchdog. The watchdog is enabled by default. The watchdog is used internally and should not be disabled. |
0x40 |
Sm_PolicyApi_Objects_t describes the policy store properties that can be retrieved, set, and removed.
Note: Sm_PolicyApi_NULL_Domain_Props, value 0, is reserved.
The following table lists the domain object type values that can be passed to Sm_PolicyApi_GetDomainObjects():
Name |
Value |
---|---|
Sm_PolicyApi_Rule_Prop |
1 |
Sm_PolicyApi_RuleGroup_Prop |
2 |
Sm_PolicyApi_Policy_Prop |
3 |
Sm_PolicyApi_PolicyLink_Prop |
4 |
Sm_PolicyApi_UserPolicy_Prop |
5 |
Sm_PolicyApi_Realm_Prop |
6 |
Sm_PolicyApi_ResponseGroup_Prop |
7 |
Sm_PolicyApi_Response_Prop |
8 |
Sm_PolicyApi_ResponseAttr_Prop |
9 |
Sm_PolicyApi_UserDir_Prop |
10 |
Sm_PolicyApi_Admins_Prop |
17 |
Sm_PolicyApi_ActiveExpr_Prop |
23 |
Sm_PolicyApi_Variable_Prop |
25 |
Sm_PolicyApi_Affiliate_Prop |
33 |
Sm_PolicyApi_SAMLSP_Prop |
35 |
The following table lists the global object type names that can be passed to Sm_PolicyApi_GetGlobalObjects():
Name |
Value |
---|---|
Sm_PolicyApi_Rule_Prop |
1 |
Sm_PolicyApi_Policy_Prop |
3 |
Sm_PolicyApi_Response_Prop |
8 |
Sm_PolicyApi_UserDir_Prop |
10 |
Sm_PolicyApi_Scheme_Prop Object ID for an authentication scheme. |
11 |
Sm_PolicyApi_Agent_Prop |
12 |
Sm_PolicyApi_AgentGroup_Prop |
13 |
Sm_PolicyApi_AgentType_Prop |
14 |
Sm_PolicyApi_AgentTypeAttr_Prop |
15 |
Sm_PolicyApi_Domain_Prop |
16 |
Sm_PolicyApi_Admins_Prop |
17 |
Sm_PolicyApi_ODBCQueryScheme_Prop |
18 |
Sm_PolicyApi_RegistrationScheme_Prop |
19 |
Sm_PolicyApi_PasswordPolicy_Prop |
20 |
Sm_PolicyApi_AuthAzMap_Prop Object ID for an authentication-authorization object. |
21 |
Sm_PolicyApi_CertMap_Prop Object ID for a certification-mapping object. |
22 |
Sm_PolicyApi_VariableType_Prop |
24 |
Sm_PolicyApi_TrustedHost_Prop |
26 |
Sm_PolicyApi_HostConfig_Prop |
27 |
Sm_PolicyApi_AgentConfig_Prop |
28 |
Sm_PolicyApi_Association_Prop Object ID for a configuration name/value pair in an agent configuration object. |
29 |
Sm_PolicyApi_AffiliateDomain_Prop |
32 |
Sm_PolicyApi_SharedSecretPolicy_Prop |
34 |
Sm_PolicyApi_SAMLIdP_Prop |
36 |
Sm_PolicyApi_SAMLAffiliation_Prop |
37 |
Sm_PolicyApi_WSFEDResourcePartner_Prop |
38 |
Sm_PolicyResolution_t, defined in SmApi.h, enumerates the values that describe the relationship between two policy objects.
The value codes that can be returned by the API are enumerated in Sm_PolicyApi_Status_t. The values have the following significance:
Most of the code names are self-explanatory. However, note that Sm_PolicyApi_BadArgument (-10) is returned when one or more of the required input parameters is not supplied. For example, if an argument such as a domain OID is null or represents a string of zero length, Sm_PolicyApi_BadArgument is returned to the caller.
Return codes with values less than -100 (except for Sm_PolicyApi_NotUnique, value -105) will rarely be returned by this API. They are included for completeness.
Return Code |
Value |
Sm_PolicyApi_Success |
0 |
Sm_PolicyApi_Failure |
-1 |
Sm_PolicyApi_InvalidHandle |
-2 |
Sm_PolicyApi_ErrorLogin |
-3 |
Sm_PolicyApi_NoPrivilege |
-4 |
Sm_PolicyApi_InvalidPasswordSyntax |
-5 |
Sm_PolicyApi_InvalidPassword |
-6 |
Sm_PolicyApi_DuplicateEntry |
-7 |
Sm_PolicyApi_DoesNotExist |
-8 |
Sm_PolicyApi_NotFound |
-9 |
Sm_PolicyApi_BadArgument |
-10 |
Sm_PolicyApi_WrongNumberOfElements |
-11 |
Sm_PolicyApi_UserDirNotPartOfDomain |
-12 |
Sm_PolicyApi_UserDirNotValid |
-13 |
Sm_PolicyApi_ErrorUserDir |
-14 |
Sm_PolicyApi_AgentNotFound |
-15 |
Sm_PolicyApi_AgentTypeNotFound |
-16 |
Sm_PolicyApi_AgentTypeAttrNotFound |
-17 |
Sm_PolicyApi_AgentTypeMismatch |
-18 |
Sm_PolicyApi_ODBCQuerySchemeNotFound |
-19 |
Sm_PolicyApi_UserDirNotFound |
-20 |
Sm_PolicyApi_DomainNotFound |
-21 |
Sm_PolicyApi_AdminNotFound |
-22 |
Sm_PolicyApi_SchemeNotFound |
-23 |
Sm_PolicyApi_RegistrationSchemeNotFound |
-24 |
Sm_PolicyApi_PasswordPolicyNotFound |
-25 |
Sm_PolicyApi_SchemeIsRequired |
-26 |
Sm_PolicyApi_PasswordPolicyConfig |
-27 |
Sm_PolicyApi_RealmNotFound |
-28 |
Sm_PolicyApi_NoChildren |
-29 |
Sm_PolicyApi_RuleNotFound |
-30 |
Sm_PolicyApi_ResponseNotFound |
-31 |
Sm_PolicyApi_ResponseAttrNotFound |
-32 |
Sm_PolicyApi_PolicyNotFound |
-33 |
Sm_PolicyApi_PolicyLinkNotFound |
-34 |
Sm_PolicyApi_UserPolicyNotFound |
-35 |
Sm_PolicyApi_BadGroup |
-36 |
Sm_PolicyApi_GroupNotFound |
-37 |
Sm_PolicyApi_Invalid |
-38 |
Sm_PolicyApi_InvalidHandleVersion |
-39 |
Sm_PolicyApi_DomainNotAffiliate |
-41 |
Sm_PolicyApi_InvalidOid |
-100 |
Sm_PolicyApi_NotImplemented |
-101 |
Sm_PolicyApi_NotSearchable |
-102 |
Sm_PolicyApi_NotStorable |
-103 |
Sm_PolicyApi_NotCollection |
-104 |
Sm_PolicyApi_NotUnique |
-105 |
Sm_PolicyApi_InvalidProp |
-106 |
Sm_PolicyApi_NotInitted |
-107 |
Sm_PolicyApi_NoSession |
-108 |
Sm_PolicyApi_OidInUseByRealm |
-109 |
Sm_PolicyApi_OidInUseByRule |
-110 |
Sm_PolicyApi_OidInUseByAdmin |
-111 |
Sm_PolicyApi_MissingProperty |
-112 |
Sm_PolicyApi_GroupMemberName |
-113 |
Sm_PolicyApi_RadiusIpAddrNotUnique |
-114 |
Sm_PolicyApi_GroupAgentType |
-115 |
Sm_PolicyApi_RadiusRealmNotUnique |
-116 |
Sm_PolicyApi_RealmFilterNotUnique |
-117 |
Sm_PolicyApi_InvalidCharacters |
-118 |
Sm_PolicyApi_AgentTypeCantBeDeleted |
-119 |
Sm_PolicyApi_ProvNotImplemented |
-120 |
Sm_PolicyApi_ProvNotUnique |
-121 |
Sm_PolicyApi_RealmCantBeUsedInRule |
-122 |
Sm_PolicyApi_OidInUserByCertMap |
-123 |
Sm_PolicyApi_OidInUseBySelfReg |
-124 |
Sm_PolicyApi_OidInUseByUserDirectory |
-125 |
Sm_PolicyApi_SchemeCantBeDeleted |
-126 |
Sm_PolicyApi_BasicSchemeUpdate |
-127 |
Sm_PolicyApi_NonHtmlForm |
-128 |
Sm_PolicyApi_IllegalRealmOperation |
-129 |
Sm_PolicyApi_NameNotUnique |
-130 |
Sm_PolicyApi_FeatureNotSupported |
-132 |
Sm_PolicyApi_AssertionConsumerDefaultMissing |
-133 |
Sm_PolicyApi_SAMLSP_AuthenticationURLMissing |
-134 |
Sm_PolicyApi_SAMLSP_DomainOidMissing |
-135 |
Sm_PolicyApi_SAMLSP_IdPIDMissing |
-136 |
Sm_PolicyApi_SAMLSP_NameMissing |
-137 |
Sm_PolicyApi_SAMLSP_NameIdFormatMissing |
-138 |
Sm_PolicyApi_SAMLSP_NameIdTypeMissing |
-139 |
Sm_PolicyApi_SAMLSP_NameIdStaticMissing |
-140 |
Sm_PolicyApi_SAMLSP_NameIdAttrNameMissing |
-141 |
Sm_PolicyApi_SAMLSP_NameIdDNSpecMissing |
-142 |
Sm_PolicyApi_SAMLSP_ProviderIDMissing |
-143 |
Sm_PolicyApi_SAMLSP_ProviderIDNotUnique |
-144 |
Sm_PolicyApi_SAML_UnSupportedSAMLVersion |
-145 |
Sm_PolicyApi_SAMLIDP_IncorrectParameters |
-146 |
Sm_PolicyApi_SAMLIDP_ProviderIDNotUnique |
-147 |
Sm_PolicyApi_SAMLAFF_NameMissing |
-148 |
Sm_PolicyApi_SAMLAFF_NameIdFormatMissing |
-149 |
Sm_PolicyApi_SAMLAFF_NameIdTypeMissing |
-150 |
Sm_PolicyApi_SAMLAFF_NameIdStaticMissing |
-151 |
Sm_PolicyApi_SAMLAFF_NameIdAttrNameMissing |
-152 |
Sm_PolicyApi_SAMLAFF_NameIdDNSpecMissing |
-153 |
Sm_PolicyApi_SAMLAFF_AffiliationIDMissing |
-154 |
Sm_PolicyApi_SAMLAFF_AffiliationIDNotUnique |
-155 |
Sm_PolicyApi_SAMLAFF_AffiliationHasMembers |
-156 |
Sm_PolicyApi_SAML_UnknownProperty |
-157 |
Sm_PolicyApi_WSFEDRP_AssertionConsumerDefaultMissing |
-158 |
Sm_PolicyApi_WSFEDRP_AuthenticationURLMissing |
-159 |
Sm_PolicyApi_WSFEDRP_DomainOidMissing |
-160 |
Sm_PolicyApi_WSFEDRP_APIDMissing |
-161 |
Sm_PolicyApi_WSFEDRP_NameMissing |
-162 |
Sm_PolicyApi_WSFEDRP_NameIdFormatMissing |
-163 |
Sm_PolicyApi_WSFEDRP_NameIdTypeMissing |
-164 |
Sm_PolicyApi_WSFEDRP_NameIdStaticMissing |
-165 |
Sm_PolicyApi_WSFEDRP_NameIdAttrNameMissing |
-166 |
Sm_PolicyApi_WSFEDRP_NameIdDNSpecMissing |
-167 |
Sm_PolicyApi_WSFEDRP_ProviderIdMissing |
-168 |
Sm_PolicyApi_WSFEDRP_ProviderIdNotUnique |
-169 |
Sm_PolicyApi_WSFEDRP_UnsupportedSAMLVersion |
-170 |
Sm_PolicyApi_WSFEDRP_UnkownProperty |
-171 |
Sm_PolicyApi_WSFEDAP_IncorrectParameters |
-172 |
Sm_PolicyApi_WSFEDAP_ProviderIDNotUnique |
-173 |
Sm_PolicyAPI_InsufficientRPData |
-174 |
Sm_PolicyAPI_WSFED_UnSupportedWSFEDVersion |
-175 |
Sm_PolicyAPI_DuplicateAttribute |
-176 |
Sm_PolicyAPI_SAMLSP_ACSDuplicateIndex |
-177 |
Sm_PolicyAPI_SAMLSP_ACSIndexedEndpointInUse |
-178 |
Sm_PolicyAPI_SAMLSP_ACSIndexedEndpointNotFound |
-179 |
Sm_PolicyAPI_SAMLSP_CantDeleteDefaultACSIndex |
-180 |
Sm_PolicyAPI_SAMLSP_ACSMaxExceeded |
-181 |
Sm_PolicyAPI_InConsistentANDBitMask |
-182 |
Sm_PolicyApi_SAML1_STATUS_REDIRECT_URL_TYPE_t defines the type of redirection specified in Sm_PolicyApi_AddRedirectURLToSAML1xScheme() and Sm_PolicyApi_GetRedirectURLFromSAML1xScheme().
Sm_PolicyApi_SAML1_STATUS_REDIRECT_URL_TYPE_t is listed in SmPolicyApi45.h.
Name |
Value |
---|---|
Sm_PolicyApi_SAML1_STATUS_REDIRECT_URL_USER_NOT_FOUND_TYPE |
0 |
Sm_PolicyApi_SAML1_STATUS_REDIRECT_URL_INVALID_SSO |
1 |
Sm_PolicyApi_SAML1_STATUS_REDIRECT_URL_UNACCEPTABLE_USER_ |
2 |
The following values are the SAML Protocol Bindings that can be specified for each row of the Assertion Consumer Service:
Name |
Value |
---|---|
Sm_PolicyApi_SAMLSP_HTTP_Post |
0 |
Sm_PolicyApi_SAMLSP_HTTP_Artifact |
1 |
Sm_PolicyApi_SAMLSP_PAOS |
2 |
Sm_PolicyApi_SAMLSPAttrNameFormat_t defines the format to use for specifying attributes that apply to a principal. The format specification is made within the structure Sm_PolicyApi_SAMLSPAttr_t.
The format identifiers are defined by the SAML 2.0 standard.
Sm_PolicyApi_SAMLSPAttrNameFormat_t is listed in SmPolicyApi45.h.
Name |
Value |
---|---|
Sm_PolicyApi_SAMLSP_Unspecified |
0 |
Sm_PolicyApi_SAMLSP_URI |
1 |
Sm_PolicyApi_SAMLSP_Basic |
2 |
Sm_PolicyApi_SAML_Profile_t specifies the communication profile used to send and receive a SAML assertion for a particular affiliate object. The profile is specified as one of the attributes of a Sm_PolicyApi_Affiliate_t structure. Sm_PolicyApi_SAML_Profile_t is listed in SmPolicyApi45.h.
Name |
Value |
---|---|
Sm_PolicyApi_SAML_Profile_Artifact |
1 |
Sm_PolicyApi_SAML_Profile_POST |
2 |
Sm_Api_SchemeType_t describes the values that may be passed to Sm_PolicyApi_AddScheme() as one of the attributes of a SmPolicyApi_Scheme_t structure. Sm_Api_SchemeType_t is listed in SmApi.h.
Scheme Type |
Value |
Sm_Api_SchemeType_Basic |
1 |
Sm_Api_SchemeType_CryptoCard |
2 |
Sm_Api_SchemeType_Encotone |
3 |
Sm_Api_SchemeType_HTMLForm |
4 |
Sm_Api_SchemeType_BasicOverSSL |
5 |
Sm_Api_SchemeType_RadiusServer |
6 |
Sm_Api_SchemeType_SafeWordServer |
7 |
Sm_Api_SchemeType_ACEServer |
8 |
Sm_Api_SchemeType_X509ClientCert |
9 |
Sm_Api_SchemeType_X509ClientCertAndBasic |
10 |
Sm_Api_SchemeType_X509ClientCertOrBasic |
11 |
Sm_Api_SchemeType_RadiusChapPap |
12 |
Sm_Api_SchemeType_Anonymous |
13 |
Sm_Api_SchemeType_NTLM |
14 |
Sm_Api_SchemeType_Custom |
15 |
Sm_Api_SchemeType_ACEServerHTMLForm |
16 |
Sm_Api_SchemeType_SafeWordHTMLForm |
17 |
Sm_Api_SchemeType_XMLDsig |
18 |
Sm_Api_SchemeType_X509ClientCertOrForm |
19 |
Sm_Api_SchemeType_X509ClientCertAndForm |
20 |
Sm_Api_SchemeType_MSPassport |
21 |
Sm_Api_SchemeType_XMLDocumentCredentialCollector |
22 |
Sm_Api_SchemeType_SAMLSessionTicket |
25 |
Sm_Api_SchemeType_SAMLArtifact |
26 |
Sm_Api_SchemeType_Impersonation |
27 |
Sm_Api_SchemeType_SAMLPOST |
28 |
Sm_Api_SchemeType_SAML2 |
29 |
Sm_Api-SchemeType_WSFED |
30 |
Sm_PolicyApi_SecretRolloverPeriod_t enumerates the units of time which, when combined with the rollover frequency setting, determines how often shared secret rollover occurs. For example a rollover period of RolloverHOURS and a frequency of 12 means that the shared secret is changed every 12 hours.
The rollover period is defined in the iRolloverPeriod field of structure Sm_PolicyApi_SharedSecretPolicy_t, and the frequency is defined in the iRolloverFrequency field of the structure.
Name |
Value |
---|---|
RolloverNEVER |
0 |
RolloverHOURS |
1 |
RolloverDAYS |
2 |
RolloverWEEKS |
3 |
RolloverMONTHS |
4 |
Sm_PolicyApi_Structs_t enumerates the data structures that can be passed to and from the Policy Management API as follows:
Name |
Value |
---|---|
Sm_PolicyApi_NULL_ID |
0 |
Sm_PolicyApi_Rule_ID |
1 |
Sm_PolicyApi_Policy_ID |
2 |
Sm_PolicyApi_Realm_ID |
3 |
Sm_PolicyApi_Response_ID |
4 |
Sm_PolicyApi_UserDir_ID |
5 |
Sm_PolicyApi_Agent_ID |
6 |
Sm_PolicyApi_Domain_ID |
7 |
Sm_PolicyApi_PolicyLink_ID |
8 |
Sm_PolicyApi_ResponseAttr_ID |
9 |
Sm_PolicyApi_User_ID |
10 |
Sm_PolicyApi_Scheme_ID |
11 |
Sm_PolicyApi_Admin_ID |
12 |
Sm_PolicyApi_Group_ID |
13 |
Sm_PolicyApi_ODBCQueryScheme_ID |
14 |
Sm_PolicyApi_Object_ID |
15 |
Sm_PolicyApi_AgentType_ID |
16 |
Sm_PolicyApi_AgentTypeAttr_ID |
17 |
Sm_PolicyApi_RegistrationScheme_ID |
18 |
Sm_PolicyApi_PasswordPolicy_ID |
19 |
Sm_PolicyApi_IPAddress_ID |
20 |
Sm_PolicyApi_AuthAzMap_ID |
21 |
Sm_PolicyApi_CertMap_ID |
22 |
Sm_PolicyApi_PasswordMsgField_ID |
23 |
Sm_PolicyApi_VariableType_ID |
25 |
Sm_PolicyApi_Variable_ID |
26 |
Sm_PolicyApi_TrustedHost_ID |
27 |
Sm_PolicyApi_HostConfig_ID |
28 |
Sm_PolicyApi_AgentConfig_ID |
29 |
Sm_PolicyApi_Association_ID |
30 |
Sm_PolicyApi_UserContext_ID |
31 |
Sm_PolicyApi_Affiliate_ID |
36 |
Sm_PolicyApi_AffiliateAttr_ID |
37 |
Sm_PolicyApi_SharedSecretPolicy_ID |
38 |
Sm_PolicyApi_UserContext_ID |
40 |
Sm_PolicyApi_SAMLSP_ID |
41 |
Sm_PolicyApi_SAMLProviderProp_ID |
42 |
Sm_PolicyApi_SAMLAffiliation_ID |
43 |
Sm_PolicyApi_SAMLSPAttr_ID |
44 |
Sm_PolicyApi_WSFEDResourcePartner_ID |
45 |
Sm_PolicyApi_WSFEDProviderProp_ID |
46 |
Sm_PolicyApi_WSFEDRPAttr_ID |
47 |
Sm_PolicyApi_SAMLRequesterAttr_ID |
48 |
Sm_PolicyApi_SAMLSPAssertionConsumerService_ ID |
49 |
Policy applications must perform the following operations:
Most of the functions in the Policy Management API are categorized according to the SiteMinder policy store object (for example, an agent, policy, or rule) that a given function acts upon. There are additional categories-required functions, user state functions, and utility functions such as cache and agent encryption key management-that are categorized by the type of service that certain functions perform.
Use these categories to help you find a particular Policy Management API function to use in your custom policy management applications.
The categories of Policy Management API functions include:
The following functions must be used in all policy management applications:
Function |
Description |
---|---|
Initializes the connection to the Policy Server. |
|
Initializes a connection to the SiteMinder policy store and establishes the init handle based on a supplied version. Required for clients starting at version SM_POLICY_API_VERSION_6_0. |
|
Authenticates the administrator. |
|
Logs out the administrator. |
|
Disconnects from the Policy Server and releases memory and resources held by the API. |
The following functions manage SiteMinder administrator objects:
Function |
Description |
---|---|
Creates or updates an administrator object. |
|
Gives the administrator permission to administer the specified domain. |
|
Deletes an administrator. |
|
Gets the contents of an administrator by object identifier. |
|
Gets the contents of an administrator by name. |
|
Gets a specified global policy by name. |
|
Gets a specified global response by name. |
|
Gets a specified global rule by name. |
|
Disassociates the administrator from the specified domain. |
The following functions manage SiteMinder agent objects.
Note: There is no facility for creating Agent Types or Agent Type attributes.
Function |
Description |
---|---|
Creates or updates an agent object. |
|
Converts a v4.x agent to a v5.x agent. |
|
Converts a v5.x agent to a v4.x agent. |
|
Deletes an agent. |
|
Gets the contents of an agent by OID. |
|
Gets the contents of an agent by name. |
|
Gets the contents of an agent type object by OID. |
|
Gets the contents of an agent type object by name. |
|
Returns one or all agent type attributes. |
|
Returns named agent type attribute object. |
The following functions manage configuration objects (agent configuration objects, host configuration objects, and trusted host objects) for centrally configuring agents.
Trusted hosts are created in any of the following ways:
Function |
Description |
---|---|
Adds or modifies an agent configuration object. |
|
Adds or modifies a configuration parameter name and corresponding value in a specified agent configuration object. |
|
Adds or modifies a host configuration object. |
|
Creates or modifies a trusted host object in the object store when there is no connection between the agent and the Policy Server. |
|
Deletes an agent configuration object. |
|
Deletes a host configuration object. |
|
Deletes a trusted host object. |
|
Retrieves an agent configuration object. |
|
Retrieves a list of configuration parameters for an agent configuration object. |
|
Retrieves an agent configuration object by name. |
|
Retrieves a host configuration object. |
|
Retrieves a host configuration object by name. |
|
Retrieves the current shared secret policy. |
|
Retrieves a trusted host object by OID. |
|
Retrieves a trusted host object by name. |
|
Removes a configuration parameter name/value pair from a specified agent configuration object. |
|
Sets the current SharedSecretPolicy. |
The following functions manage SiteMinder authentication and authorization directory mapping objects:
Function |
Description |
---|---|
Creates or updates an authentication and authorization directory mapping object. |
|
Deletes an authentication and authorization directory map. |
|
Gets the contents of an authentication and authorization directory map. |
The following functions manage SiteMinder authentication schemes:
Function |
Description |
---|---|
Creates or updates an authentication scheme. |
|
Deletes an authentication scheme. |
|
Gets the contents of an authentication scheme by OID. |
|
Gets the contents of an authentication scheme by name. |
The following functions manage SiteMinder certificate mapping objects:
Function |
Description |
---|---|
Creates or updates a certificate mapping object. |
|
Deletes a certificate map. |
|
Gets the contents of a certificate map. |
The following functions manage SiteMinder domain objects:
Function |
Description |
---|---|
Creates or updates a domain. |
|
Deletes the domain and any domain children (rules, responses, realms, and policies). |
|
Gets the contents of the domain by OID. |
|
Gets the contents of a specified domain by name. |
|
Gets the OIDs of domain objects for a specified object type within the specified domain. |
The following functions support the manipulation of Policy Store data (Affiliate Domain and Affiliate objects) required to generate SAML assertions.
Function |
Description |
---|---|
Adds an administrator to an affiliate domain. |
|
Creates a new or update an existing affiliate object. |
|
Creates a new or updates an existing affiliate domain. |
|
Adds a new attribute to an affiliate. |
|
Adds a user directory to an affiliate domain. |
|
Adds a user directory entry to an affiliate. |
|
Deletes an affiliate. |
|
Deletes an affiliate domain. |
|
Gets an affiliate by OID. |
|
Gets and affiliate by name. |
|
Gets an affiliate domain by OID. |
|
Gets an affiliate domain by name |
|
Gets the OIDs of domain objects for a given object type within the affiliate domain. |
|
Gets the user directory search order for an affiliate domain. |
|
Gets the user directory entries for an affiliate. |
|
Gets all attributes for an affiliate. |
|
Gets all affiliates for an affiliate domain. |
|
Gets affiliate domains. (Not exclusively a Federation function.) |
|
See Required Functions. |
|
Removes an administrator from an affiliate domain. |
|
Removes an attribute from an affiliate. |
|
Removes a user directory from an affiliate domain. |
|
Removes a user directory entry from an affiliate. |
|
Sets the user directory search order for an affiliate domain. |
The following functions act on multiple types of SiteMinder objects:
Function |
Description |
---|---|
Gets the OIDs of global objects for a specified object type. |
|
Renames an object. |
The following functions manage SiteMinder group objects. You can create agent groups, response groups, and rule groups, as enumerated in Sm_PolicyApi_Groups_t.
Note: Groups of global objects are not supported.
A group can contain individual items or groups of its own type. For example, a rule group can contain rules and/or groups of rules.
Function |
Description |
---|---|
Creates or updates an agent, response, or rule group object. |
|
Adds an agent, response, or rule item to a group. |
|
Deletes a group. |
|
Gets the contents of a group by OID. |
|
Gets the contents of a group by name. |
|
Gets the OIDs contained with a group. |
|
Determines whether a specified item is contained within the group. |
|
Removes the specified item from the group. |
The following functions manage SiteMinder ODBC query schemes:
Function |
Description |
---|---|
Creates or updates an ODBC query scheme. |
|
Deletes an ODBC query scheme. |
|
Gets the contents of an ODBC query scheme by OID. |
|
Gets the contents of an ODBC query scheme by name. |
The following functions manage SiteMinder password policy objects:
Function |
Description |
---|---|
Creates or updates a password policy object. |
|
Deletes a password policy. |
|
Gets the contents of a password policy by OID. |
|
Gets the contents of a password policy by name. |
The following functions manage SiteMinder policy and policy link objects. A policy link is an association of a policy, a rule, and optionally, a response.
Function |
Description |
---|---|
Creates or updates a global policy object. |
|
Creates or updates a policy object. |
|
Creates a policy link for the specified policy. |
|
Deletes a policy. |
|
Gets the contents of a password policy by name. |
|
Gets the contents of a policy by OID. |
|
Gets a linked list of all policy links associated with the specified policy. |
|
Removes a policy link from the specified policy. |
The following functions manage SiteMinder realms objects:
Function |
Description |
---|---|
Creates or updates a realm object. |
|
Deletes a realm. |
|
Builds a hierarchical realm and rule tree. |
|
Gets the contents of a realm by OID. |
|
Gets the contents of a realm by name. |
The following functions manage SiteMinder registration schemes:
Function |
Description |
---|---|
Creates or updates a registration scheme. |
|
Deletes a registration scheme. |
|
Gets the contents of a registration scheme by OID. |
|
Gets the contents of a registration scheme by name. |
The following functions manage SiteMinder regular expressions:
Function |
Description |
---|---|
Creates or updates a regular expression. |
|
Deletes a regular expression. |
|
Gets the regular expressions belonging to a given password policy. |
The following functions manage SiteMinder response objects:
Function |
Description |
---|---|
Creates or updates a global response object. |
|
Creates or updates a response object. |
|
Creates a response attribute for the specified response. |
|
Deletes a response. |
|
Gets the contents of a response by OID. |
|
Gets a linked list of response attributes for the specified response. |
|
Gets the contents of a response by name. |
|
Disassociates a response attribute from the specified response. |
|
Sets a response or response group to a rule or rule group, or removes a response or response group from a rule or rule group. |
The following functions manage SiteMinder rule objects:
Function |
Description |
---|---|
Creates or updates a global rule object. |
|
Creates or updates a rule object. |
|
Deletes a rule. |
|
Gets the contents of a rule by OID. |
|
Gets the contents of a rule by name. |
The following functions provide support for SAML 1.x configuration settings:
Function |
Description |
---|---|
Sm_PolicyApi_AddMessageConsumerPluginTo SAML1Scheme() |
Adds or updates a message consumer plugin setting to a SAML1.x authentication scheme. |
Adds or updates a redirect URL to a SAML1.x authentication scheme. |
|
Sm_PolicyApi_GetMessageConsumerPluginFrom |
Retrieves a message consumer plugin setting from a SAML 1.x authentication scheme. |
Sm_PolicyApi_GetRedirectURLFromSAML1Scheme() |
Retrieves a redirect URL setting from a SAML 1.x authentication scheme. |
The following functions managed attributes for a SAML Requester:
Function |
Description |
---|---|
Adds an attribute to a SAML Requester defined in a SAML 2.0 authentication scheme. |
|
Retrieves all attributes defined for a SAML Requester. |
|
Removes an attribute from a SAML Requester defined in a SAML 2.0 authentication scheme. |
The following functions manage SAML 2.0 affiliations, Service Providers, and Identity Providers.
Function |
Description |
---|---|
Defines a SAML 2.0 attribute for the Service Provider. |
|
Adds a new SAML affiliation object or modifies an existing one. |
|
Adds a new SAML 2.0 authentication scheme object or modifies an existing one. |
|
Adds a new SAML 2.0 Service Provider object or modifies an existing one. |
|
Associates a user directory entry with SAML 2.0 Service Provider. |
|
Deletes the specified SAML affiliation. |
|
Deletes the specified Service Provider. |
|
Retrieves all the SAML authentication schemes associated with the specified SAML affiliation. |
|
Retrieves all the Service Providers associated with the specified SAML affiliation. |
|
Retrieves all existing SAML affiliation objects. |
|
Retrieves all the Service Providers in the specified affiliate domain. |
|
Retrieves all the attributes associated with the specified Service Provider. |
|
Retrieves the SAML affiliation specified by its OID in the policy store. |
|
Retrieves the SAML affiliation specified by its unique affiliation identifier (URI). |
|
Retrieves information about a SAML 2.0 authentication scheme. |
|
Retrieves the Service Provider specified by its OID in the policy store. |
|
Retrieves the Service Provider specified by its unique provider identifier. |
|
Retrieves the user directory entries associated with the specified Service Provider. |
|
Removes the specified SAML attribute from the Service Provider. |
|
Removes the specified users from the Service Provider. |
The following functions manage indexed endpoints in the Service Provider:
Function |
Description |
---|---|
Adds a new indexed endpoint reference (with index, binding, and Assertion Consumer URL) to a Service Provider. |
|
Gets a list of all Assertion Consumer Services present in the policy store. |
|
Removes an indexed endpoint reference to an Assertion Consumer Service. |
The following functions manage SiteMinder user directory objects:
Function |
Description |
---|---|
Associates a directory object with the specified domain. |
|
Creates or updates a user directory object. |
|
Deletes a user directory. |
|
Gets a linked list of user structures for the specified user directory. |
|
Allows callers of the Policy Management API to access user context information. |
|
Gets the contents of a user directory by OID. |
|
Gets the contents of a user directory by name. |
|
Gets the capabilities of the user directory. |
|
Gets the OIDs of the user directory associated with the specified domain. |
|
Finds a user specification in a particular user directory and based on the specified search pattern. |
|
Disassociates a user directory from the specified domain. |
|
Rearranges the search order of the user directories associated with the specified domain. |
|
Validates a user specification in a given path and user directory. |
The following functions perform operations on user state and on user entries in a SiteMinder user directory:
Field |
Description |
---|---|
Adds a user to the specified policy. |
|
Disables a user. |
|
Enables a user. |
|
Gets the disabled state of a user. |
|
Gets information about an error that occurred during an attempt to validate a new password. |
|
Gets a linked list of structures for the users associated with the specified policy and optionally, user directory. |
|
Gets the list of groups that a user is member of. |
|
Disassociates the user from the specified policy. |
|
Sets the disabled state of a user. |
|
Changes or validates a user password. |
The following functions manage SiteMinder password state objects:
Function |
Description |
---|---|
Returns a UserPasswordState object. |
|
Adds/Updates a UserPasswordState object. |
The following functions provide a variety of services, including memory, cache, and agent encryption key management:
Function |
Description |
---|---|
Flushes the specified realm from the resource cache. |
|
Flushes the specified user from user cache. |
|
Frees memory allocated by the Policy Management API. |
|
Frees memory allocated by the Policy Management API. Required for clients starting at version SM_POLICY_API_VERSION_6_0. |
|
Sm_PolicyApi_FreeString() |
Frees a single string allocated by the Policy Management API. |
Frees string arrays allocated by the Policy Management API. |
|
Performs user, key, and resource management services. |
The following methods manage variables.
Function |
Description |
---|---|
Adds a variable object. |
|
Deletes a variable object. |
|
Gets a specified variable by OID. |
|
Gets a specified variable by name. |
|
Gets a specified variable type by OID. |
|
Gets a specified variable type by name. |
The following table lists the supported functions for Resource Partners and Account Partners:
Function |
Description |
---|---|
Creates or updates a WS-Federation Resource Partner object. |
|
Gets a WS-Federation Resource Partner object |
|
Gets all WS-Federation Resource Partner objects for a domain as a linked list |
|
Deletes a WS-Federation Resource Partner. This will then delete the agent, realm, rule, policy, and policy link objects associated with the Resource Partner object |
|
Associates a user directory entry with a WS-Federation Resource Partner. |
|
Disssociates a user directory entry from a WS-Federation Resource Partner |
|
Gets the user directory entries associated with a WS-Federation Resource Partner |
|
Creates or updates a WS-Federation authentication scheme |
|
Gets a WS-Federation authentication scheme. |
Function declarations include the syntax and return values for each function in the Policy Management API for reference.
Creates a new SiteMinder administrator object at a global scope. The administrator's attributes are contained in the pstructAdmin structure.
If the administrator object exists and bUpdate is true, the item is updated.
Type
Administrator function, global scope.
Syntax
int SM_EXTERN Sm_PolicyApi_AddAdmin ( void* pSessionHandle, Sm_PolicyApi_Admin_t* pstructAdmin, const bool bUpdate );
Parameter |
I/O |
Description |
---|---|---|
pSessionHandle |
I |
A pointer to an internal Policy Management API data structure. The structure holds information about the administrator session and the client session. |
pstructAdmin |
I |
A pointer to a completely filled-in administrator structure. |
bUpdate |
I |
A flag to indicate that if an existing object is found, it should be updated. |
Returns
Adds an administrator to an affiliate domain.
Type
Federation function
Syntax
int SM_EXTERN Sm_PolicyApi_AddAdminToAffiliateDomain ( void* pSessionHandle, const char* pszAdminOid, const char* pszAffiliateDomainOid );
Parameter |
I/O |
Description |
---|---|---|
pSessionHandle |
I |
A pointer to an internal Policy Management API data structure. The structure holds information about the administrator session and the client session. |
pszAdminOid |
I |
A null-terminated string containing the object identifier of an existing administrator. |
pszAffiliate |
I |
A null-terminated string containing the object identifier of an existing affiliate domain. |
Returns
Gives the specified administrator permission to administer the specified domain, and associates the administrator object identified by szAdminOid with the domain identified by szDomainOid.
Type
Administrator function, global scope.
Syntax
int SM_EXTERN Sm_PolicyApi_AddAdminToDomain ( void* pSessionHandle, const char* pszAdminOid, const char* pszDomainOid );
Parameter |
I/O |
Description |
---|---|---|
pSessionHandle |
I |
A pointer to an internal Policy Management API data structure. The structure holds information about the administrator session and the client session. |
pszAdminOid |
I |
A null-terminated string containing the object identifier of an existing administrator. |
pszDomainOid |
I |
A null-terminated string containing the object identifier of an existing domain. |
Returns
Creates a new or updates an existing affiliate object. This function will also retrieve the PropertyCollection object based on the AffiliateDomain OID.
Type
Federation function
Syntax
int SM_EXTERN Sm_PolicyApi_AddAffiliate ( void* pSessionHandle, Sm_PolicyApi_Affiliate_t* pstructAffiliate, const bool bUpdate );
Parameter |
I/O |
Description |
---|---|---|
pSessionHandle |
I |
A pointer to an internal Policy Management API data structure. The structure holds information about the administrator session and the client session. |
pstructAffiliate
|
I |
A pointer to a completely filled-in affiliate structure. |
bUpdate |
I |
A flag to indicate that if an existing object is found, it should be updated. |
Remarks
This function creates affiliate objects that are based on the artifact profile or the POST profile (see the Sm_PolicyApi_Affiliate_t field SAMLProfile). Creating an affiliate object based on the POST profile requires an API version of at least SM_POLICY_API_VERSION_6_0_2. If an earlier version is involved, the POST profile request is ignored (along with any POST-specific fields in Sm_PolicyApi_Affiliate_t) and an attempt is made to create an affiliate object based on the artifact profile.
Returns
Creates a new or updates an existing affiliate domain. Sets bIsAffiliate to TRUE.
Type
Federation function
Syntax
int SM_EXTERN Sm_PolicyApi_AddAffiliateDomain ( void* pSessionHandle, Sm_PolicyApi_AffiliateDomain_t *pstructAffiliateDomain, const bool bUpdate );
Parameter |
I/O |
Description |
---|---|---|
pSessionHandle |
I |
A pointer to an internal Policy Management API data structure. The structure holds information about the administrator session and the client session. |
pstructAffiliate |
I |
A pointer to a completely filled-in affiliate domain structure. |
bUpdate |
I |
A boolean flag to indicate that if an existing object is found, it should be updated. |
Returns
Creates a new SiteMinder agent. The attributes of the agent are contained in the pstructAgent structure.
If the agent exists and the bUpdate flag is true, the item is updated.
You must specify an agent type with this call. To get the agent type OID for the agent, use Sm_PolicyApi_GetGlobalObjects().
Type
Agent function, global scope.
Syntax
int SM_EXTERN Sm_PolicyApi_AddAgent ( void* pSessionHandle, Sm_PolicyApi_Agent_t* pstructAgent, const bool bUpdate );
Parameter |
I/O |
Description |
---|---|---|
pSessionHandle |
I |
A pointer to an internal Policy Management API data structure. The structure holds information about the administrator session and the client session. |
pstructAgent |
I |
A pointer to a completely filled-in agent structure. |
bUpdate |
I |
A flag to indicate that if an existing object is found, it should be updated. |
Returns
Creates or modifies an agent configuration object in the policy store.
Type
Agent configuration function, global scope.
Syntax
int SM_EXTERN Sm_PolicyApi_AddAgentConfig ( void* pSessionHandle, Sm_PolicyApi_AgentConfig_t* pstructAgentConfig, const bool bUpdate );
Parameter |
I/O |
Description |
---|---|---|
pSessionHandle |
I |
A pointer to an internal Policy Management API data structure. The structure holds information about the administrator session and the client session. |
pstructAgentConfig |
I |
Address of a structure that defines the agent configuration object. |
bUpdate |
I |
If true, the object is being updated. |
Returns
Adds or modifies a configuration parameter name and corresponding value in a specified agent configuration object.
Type
Agent configuration function, global scope.
Syntax
int SM_EXTERN Sm_PolicyApi_AddAgentConfigAssociation ( void* pSessionHandle, const char* pszAgentConfigOid, Sm_PolicyApi_Association_t* pstructAssociation, bool bUpdate );
Parameter |
I/O |
Description |
---|---|---|
pSessionHandle |
I |
A pointer to an internal Policy Management API data structure. The structure holds information about the administrator session and the client session. |
pszAgentConfigOid |
I |
Unique identifier of the agent configuration object. |
pstructAssociation |
I |
The name/value pair to add or modify in the agent configuration object. |
bUpdate |
I |
If true, the object is being updated. |
Returns
Adds a new indexed endpoint, which includes an index, binding, and an Assertion Consumer Service URL, to the Service Provider.
Note: An existing indexed endpoint reference cannot be modified.
Type
Federation function
Syntax
int SM_EXTERN Sm_PolicyApi_AddAssertionConsumerServiceToSAMLSP ( void* pSessionHandle, const Sm_PolicyApi_SAMLSPAssertionConsumerService_t* pstructSAMLSPAssertionConsumerService, const char* pszSAMLSPOid );
Parameter |
I/O |
Description |
---|---|---|
pSessionHandle |
I |
A pointer to an internal Policy Management API data structure. The structure holds information about the administrator session and the client session. |
pstructSAMLSPAssertion |
I |
A pointer to an Assertion Consumer Service structure. |
pszSAMLSPOid |
I |
A pointer to a string containing the OID of the Service Provider. |
Returns
Remarks
The following fields of the Sm_PolicyApi_SAMLSPAssertionConsumerService_t structure are evaluated:
Adds a new attribute to an affiliate.
Type
Federation function
Syntax
int SM_EXTERN Sm_PolicyApi_AddAttributeToAffiliate ( void* pSessionHandle, const Sm_PolicyApi_AffiliateAttr_t* pstructAffiliateAttr, const char* pszAffiliateOid );
Parameter |
I/O |
Description |
---|---|---|
pSessionHandle |
I |
A pointer to an internal Policy Management API data structure. The structure holds information about the administrator session and the client session. |
pstructAffiliate |
I |
A pointer to a completely filled-in affiliate attribute structure. |
pszAffiliateOid |
I |
A null-terminated string containing the object identifier of an existing affiliate. |
Returns
Adds an attribute, which can be requested from the configured Attribute Service, to a SAML 2.0 authentication scheme.
Syntax
int SM_EXTERN Sm_PolicyApi_AddAttributeToSAMLScheme( void* pHandle, const Sm_PolicyApi_Scheme_t* pstructScheme, const Sm_PolicyApi_SAMLRequesterAttr_t* pAttr );
Parameter |
I/O |
Description |
---|---|---|
pHandle |
I |
A pointer to an internal Policy Management API data structure. The structure holds information about the administrator session and the client session. |
pstructScheme |
I |
A pointer to a completely filled-in structure for a SAML 2.0 Scheme. |
pAttr |
I |
A pointer to the Sm_PolicyApi_SAMLRequesterAttr_t structure containing the attribute to be added. |
Returns
Defines a SAML 2.0 attribute for the Service Provider.
A SAML 2.0 attribute contains information about a principal who is trying to access a resource on the Service Provider-for example, the principal's user DN.
The defined attribute is included in an attribute statement for all SAML 2.0 assertions that are produced for the Service Provider.
Type
SAML 2.0 Configuration function, domain scope.
Syntax
int SM_EXTERN Sm_PolicyApi_AddAttributeToSAMLSP ( void* pHandle, const Sm_PolicyApi_SAMLSPAttr_t* pstructSAMLSPAttr, const char* pszSAMLSPOid );
Parameter |
I/O |
Description |
---|---|---|
pHandle |
I |
A pointer to an internal Policy Management API data structure. The structure holds information about the administrator session and the client session. |
pstructSAMLSPAttr |
I |
A pointer to a completely filled-in attribute structure. |
pszSAMLSPOid |
|
A null-terminated string containing the object identifier of an existing Service Provider. |
Returns
Creates a new SiteMinder domain. Attributes of the domain are contained in the pstructDomain structure.
If the domain exists and the bUpdate flag is true, the item is updated.
Type
Domain function, global scope.
Syntax
int SM_EXTERN Sm_PolicyApi_AddDomain ( void* pSessionHandle, Sm_PolicyApi_Domain_t* pstructDomain, const bool bUpdate );
Parameter |
I/O |
Description |
---|---|---|
pSessionHandle |
I |
A pointer to an internal Policy Management API data structure. The structure holds information about the administrator session and the client session. |
pstructDomain |
I |
A pointer to a completely filled-in domain structure. |
bUpdate |
I |
A flag to indicate that if an existing object is found, it should be updated. |
Returns
Creates a new global policy in the object store. The policy attributes are contained in the pStructPolicy structure.
If the policy exists and the bUpdate flag is true, the item is updated.
Type
Policy function, global scope.
Syntax
int SM_EXTERN Sm_PolicyApi_AddGlobalPolicy ( void* pSessionHandle, Sm_PolicyApi_Policy_t* pStructPolicy, const bool bUpdate );
Parameter |
I/O |
Description |
---|---|---|
pSessionHandle |
I |
A pointer to an internal Policy Management API data structure. The structure holds information about the administrator session and the client session. |
pStructPolicy |
I |
A pointer to a completely filled policy structure. The structure's domain OID is ignored. |
bUpdate |
I |
A flag to indicate that if an existing object is found, it should be updated. |
Returns
Creates a new global response in the object store.
Type
Rule function, global scope.
Syntax
int SM_EXTERN Sm_PolicyApi_AddGlobalResponse ( void* pSessionHandle, Sm_PolicyApi_Response_t* pStructResponse, const bool bUpdate );
Parameter |
I/O |
Description |
---|---|---|
pSessionHandle |
I |
A pointer to an internal Policy Management API data structure. The structure holds information about the administrator session and the client session. |
pStructResponse |
I |
A pointer to a completely filled response structure. The structure's domain OID is ignored. |
bUpdate |
I |
A flag to indicate that if an existing object is found, it should be updated. |
Returns
Creates a new global rule in the object store.
Type
Rule function, global scope.
Syntax
int SM_EXTERN Sm_PolicyApi_AddGlobalRule ( void* pSessionHandle, Sm_PolicyApi_Rule_t* pStructRule, const bool bUpdate );
Parameter |
I/O |
Description |
---|---|---|
pSessionHandle |
I |
A pointer to an internal Policy Management API data structure. The structure holds information about the administrator session and the client session. |
pStructRule |
I |
A pointer to a completely filled-in rule structure. The realm OID in the structure is ignored. |
bUpdate |
I |
A flag to indicate that if an existing object is found, it should be updated. |
Returns
Adds a new group object to the Siteminder policy store. The attributes of the group are contained in the pStructGroup structure.
Note: Groups of global objects are not supported.
The pszDomainOid parameter is required by a rule group or response group. An agent group does not require a domain OID because it is not a domain-based object.
If the group object exists and the bUpdate flag is true, the item is updated.
Type
Group function, global scope (agents) or domain scope (responses, rules).
Syntax
int SM_EXTERN Sm_PolicyApi_AddGroup ( void* pSessionHandle, Sm_PolicyApi_Groups_t dwGroup, const char* pszDomainOid, Sm_PolicyApi_Group_t* pStructGroup, const bool bUpdate );
Parameter
|
I/O |
Description |
---|---|---|
pSession Handle |
I |
A pointer to an internal Policy Management API data structure. The structure holds information about the administrator session and the client session. |
dwGroup |
I |
Indicates the type of group to be added. |
pszDomainOid |
I |
A null-terminated string containing the name of an existing domain. Required parameter for rule or response group. (Global rule or response groups are not supported.) |
pStructGroup
|
I
|
A pointer to a completely filled-in group structure.
|
bUpdate |
I |
A flag to indicate that if an existing object is found, it should be updated. |
Returns
Creates or updates a host configuration object in the policy store.
Type
Agent configuration function, global scope.
Syntax
int SM_EXTERN Sm_PolicyApi_AddHostConfig ( void* pSessionHandle, Sm_PolicyApi_HostConfig_t* pstructHostConfig, const bool bUpdate );
Parameter |
I/O |
Description |
---|---|---|
pSessionHandle |
I |
A pointer to an internal Policy Management API data structure. The structure holds information about the administrator session and the client session. |
pstructHostConfig |
I |
Address of structure that defines the host configuration object. |
bUpdate |
I |
If true, the object is being updated. |
Returns
Adds or updates a message consumer plugin setting to a SAML 1.x authentication scheme.
Syntax
int SM_EXTERN Sm_PolicyApi_AddMessageConsumerPluginToSAML1xScheme( void* pHandle, char* pszSchemeOID, char* pluginClass, char* pluginParam );
Parameters
[in] A pointer to an internal Policy Management API data structure. The structure holds information about the administrator session and the client session.
[in] A pointer to the OID of the authentication scheme that is being updated.
[in] A pointer to the name of the message consumer plugin class to be set.
[in] A pointer to the parameters of the message consumer plugin class to be set.
Returns
Adds or updates the OneTimeUse property for an assertion in a SAML 1.x affiliate.
Syntax
int SM_EXTERN Sm_PolicyApi_AddOneTimeUsePropToAffiliate( void* pHandle, char* pszAffiliateOID, bool bOneTimeUse );
Parameters
[in] A pointer to an internal Policy Management API data structure. The structure holds information about the administrator session and the client session.
[in] A pointer to the OID of an existing SMAL 1.x affiliate.
[in] A Boolean value that specifies whether an assertion is used only once in this affiliate.
Returns
Adds a password policy object.
Note the following about Sm_PolicyApi_PasswordPolicy_t:
/siteminderagent/forms/smpwservices.fcc
Type
Password policy function, global scope.
Syntax
int SM_EXTERN Sm_PolicyApi_AddPasswordPolicy ( void* pSessionHandle, Sm_PolicyApi_PasswordPolicy_t* pstructPasswordPolicy, const bool bUpdate );
Parameter |
I/O |
Description |
---|---|---|
pSessionHandle |
I |
A pointer to an internal Policy Management API data structure. The structure holds information about the administrator session and the client session. |
pstructPassword |
I |
The address of a pointer to a Sm_PolicyApi_PasswordPolicy_t structure containing information about password policy. |
bUpdate |
I |
A flag to indicate that if an existing object is found, it should be updated. |
Returns
Creates a new SiteMinder policy. The policy attributes are contained in the pStructPolicy structure.
If the policy exists and the bUpdate flag is true, the item is updated.
Type
Policy function, domain scope.
Syntax
int SM_EXTERN Sm_PolicyApi_AddPolicy ( void* pSessionHandle, Sm_PolicyApi_Policy_t* pStructPolicy, const bool bUpdate );
Parameter |
I/O |
Description |
---|---|---|
pSessionHandle |
I |
A pointer to an internal Policy Management API data structure. The structure holds information about the administrator session and the client session. |
pStructPolicy |
I |
A pointer to a completely filled-in policy structure. |
bUpdate |
I |
A flag to indicate that if an existing object is found, it should be updated. |
Returns
Creates a new SiteMinder policy link for the policy identified by pszPolicyOid.
A policy link object binds a policy to a rule and, optionally, a response. The attributes of the new policy link are contained in the pstructPolicyLink structure.
If the policy link exists and the bUpdate flag is true, the item is updated.
Type
Policy function, domain scope.
Syntax
int SM_EXTERN Sm_PolicyApi_AddPolicyLink ( void* pSessionHandle, const pszPolicyOid, Sm_PolicyApi_PolicyLink_t* pstructPolicyLink );
Parameter |
I/O |
Description |
---|---|---|
pSessionHandle |
I |
A pointer to an internal Policy Management API data structure. The structure holds information about the administrator session and the client session. |
pszPolicyOid |
I |
A null-terminated string containing the object identifier of an existing policy. |
pstructPolicyLink |
I |
A pointer to a completely filled-in policy link structure. |
Returns
Creates a new SiteMinder realm within the domain specified in pStructRealm. The pStructRealm structure also contains other attributes of the realm, including the agent or agent group that protects the realm.
Sm_PolicyApi_AddRealm() fails if a protecting agent or agent group is not specified.
If the new realm is a top-level realm, set pszParentRealmOid (in Sm_PolicyApi_Realm_t) to the domain OID. Otherwise, set pszParentRealmOid to the OID of the new realm's parent realm.
If the realm exists and the bUpdate flag is true, the existing item is updated.
It is the responsibility of the client application to meet the following conditions in order to add an authorization directory to a realm successfully:
Note: The Policy Management API checks only to see if the authorization user directory exists. It does not validate if there is a directory mapping for the given authorization user directory.
Type
Realm function, domain scope.
Syntax
int SM_EXTERN Sm_PolicyApi_AddRealm ( void* pSessionHandle, Sm_PolicyApi_Realm_t* pStructRealm, const bool bUpdate );
Parameter |
I/O |
Description |
---|---|---|
pSessionHandle |
I |
A pointer to an internal Policy Management API data structure. The structure holds information about the administrator session and the client session. |
pStructRealm
|
I |
A pointer to a completely filled-in structure. |
bUpdate |
I |
A flag to indicate that if an existing object is found, it should be updated. |
Returns
Adds or updates a redirect URL setting in a SAML 1.x authentication scheme.
Syntax
int SM_EXTERN Sm_PolicyApi_AddRedirectURLToSAML1xScheme( void* pSessionHandle, const char* pszSchemeOid, int iTypeURL, char* URL, int redirectMode );
Parameters
[in] A pointer to an internal Policy Management API data structure. The structure holds information about the administrator session and the client session.
[in] A null-terminated string containing the object identifier of the authentication scheme being updated.
[in] An integer specifying the type of redirect URL, defined in Sm_PolicyAPI_SAML1_STATUS_REDIRECT_URL_TYPE_t as follows:
[in] A pointer to the input redirect URL.
[in] An integer specifying the input redirect mode, which is either 0 for 302 No Data, or 1 for Http-Post.
Return Values
Adds a registration scheme.
Type
Registration scheme function, global scope.
Syntax
int SM_EXTERN Sm_PolicyApi_AddRegistrationScheme ( void* pSessionHandle, Sm_PolicyApi_RegistrationScheme_t* pstructRegistrationScheme, const bool bUpdate );
Parameter |
I/O |
Description |
---|---|---|
pSessionHandle |
I |
A pointer to an internal Policy Management API data structure. The structure holds information about the administrator session and the client session. |
pstruct |
I |
The address of a pointer to Sm_PolicyApi_RegistrationScheme_t, which contains information about the registration scheme. |
bUpdate |
I |
A flag to indicate that if an existing object is found, it should be updated. |
Returns
Adds a regular expression to the referenced password policy. Implemented only if the session's version is set to SM_POLICY_API_VERSION_6_0.
Type
Regular Expression function.
Syntax
int SM_EXTERN Sm_PolicyApi_AddRegularExpressionToPasswordPolicy ( void* pSessionHandle, const char* pszPasswordPolicyOid, Sm_PolicyApi_RegularExpression_t* pstructRegExpr );
Parameter |
I/O |
Description |
---|---|---|
pSessionHandle |
I |
A pointer to an internal Policy Management API data structure. The structure holds information about the administrator session and the client session. |
pszPassword |
I |
The OID of the password policy to add the regular expression to. |
pstructRegExpr |
I |
A pointer to the regular expression structure to add. |
Returns
Creates a new SiteMinder response. The attributes of the response itself are contained in the pStructResponse structure.
If the response exists, and the bUpdate flag is true, the item is updated.
Type
Response function, domain scope.
Syntax
int SM_EXTERN Sm_PolicyApi_AddResponse ( void* pSessionHandle, Sm_PolicyApi_Response_t* pStructResponse, const bool bUpdate );
Parameter |
I/O |
Description |
---|---|---|
pSessionHandle |
I |
A pointer to an internal Policy Management API data structure. The structure holds information about the administrator session and the client session. |
pStructResponse |
I |
A pointer to a completely filled-in response structure. |
bUpdate |
I |
A flag to indicate that if an existing object is found, it should be updated. |
Returns
Creates a new SiteMinder response attribute object within the response identified by pszResponseOid. The response attributes are contained in the pstructResponseAttr parameter.
Type
Response function, domain scope.
Syntax
int SM_EXTERN Sm_PolicyApi_AddResponseAttr ( void* pSessionHandle, const char* pszResponseOid, Sm_PolicyApi_ResponseAttr_t* pstructResponseAttr );
Parameter |
I/O |
Description |
---|---|---|
pSessionHandle |
I |
A pointer to an internal Policy Management API data structure. The structure holds information about the administrator session and the client session. |
pszResponseOid |
I |
A null-terminated string containing the object identifier of an existing response. |
pstructResponseAttr |
I |
A pointer to a completely filled-in response structure. |
Returns
The response OID was not found.
Creates a new SiteMinder rule. The attributes of the rule itself are contained in the structure referenced by pStructRule.
If the rule exists and the bUpdate flag is true, the item is updated.
Note: A rule is always associated with a realm. Rule names are unique within in a realm but not within a domain.
Type
Rule function, domain scope.
Syntax
int SM_EXTERN Sm_PolicyApi_AddRule ( void* pSessionHandle, Sm_PolicyApi_Rule_t* pStructRule, const bool bUpdate );
Parameter |
I/O |
Description |
---|---|---|
pSessionHandle |
I |
A pointer to an internal Policy Management API data structure. The structure holds information about the administrator session and the client session. |
pStructRule |
I |
A pointer to a completed rule structure. |
bUpdate |
I |
A flag to indicate that if an existing object is found, it should be updated. |
Returns
Adds a new SAML affiliation object or modifies an existing one.
Type
SAML 2.0 Configuration function, global scope.
Syntax
int SM_EXTERN Sm_PolicyApi_AddSAMLAffiliation ( void* pSessionHandle, Sm_PolicyApi_SAMLAffiliation_t* pstructAffiliation, const bool bUpdate, char** pszErrMsg );
Parameter |
I/O |
Description |
---|---|---|
pSessionHandle |
I |
A pointer to an internal Policy Management API data structure. The structure holds information about the administrator session and the client session. |
pstructAffiliation |
I |
A pointer to a completed SAML affiliation structure. |
bUpdate |
I |
Specifies whether an update operation should be performed on an existing object. |
pszErrMsg |
O |
String containing an error message if the affiliation is not added or updated successfully. The Policy Management API allocates memory for this parameter dynamically. It is the responsibility of the custom application to free it using a call to Sm_PolicyApi_FreeString(). If Sm_PolicyApi_MissingProperty or Sm_PolicyApi_InvalidProp are returned, this field contains the name of the property that is missing or invalid. |
Returns
Adds a new SAML 2.0 authentication scheme object or modifies an existing one. This function also defines metadata properties for the associated Identity Provider. The metadata properties are stored with the authentication scheme.
Type
SAML 2.0 Configuration function, global scope.
Syntax
int SM_EXTERN Sm_PolicyApi_AddSAMLScheme
( void* pHandle, Sm_PolicyApi_Scheme_t* pstructScheme, Sm_PolicyApi_SAMLProviderProp_t* pProps, const bool bUpdate, char** pszErrMsg );
Parameter |
I/O |
Description |
---|---|---|
pHandle |
I |
A pointer to an internal Policy Management API data structure. The structure holds information about the administrator session and the client session. |
pstructScheme |
I |
A pointer to a completed scheme structure. |
pProps |
I |
SAML 2.0 metadata properties associated with the authentication scheme. If you do not assign a value to a property associated with a default value, the default will be assigned. |
bUpdate |
I |
Specifies whether an update operation should be performed on an existing object. |
pszErrMsg |
O |
String containing an error message if the authentication scheme is not added or updated successfully. The Policy Management API allocates memory for this parameter dynamically. It is the responsibility of the custom application to free it using a call to Sm_PolicyApi_FreeString().. If Sm_PolicyApi_MissingProperty or Sm_PolicyApi_InvalidProp are returned, this field contains the name of the property that is missing or invalid. |
Returns
Adds a new SAML 2.0 Service Provider object or modifies an existing one.
If a Service Provider cannot be created, any associated objects created in the policy store during the attempt will be rolled back.
Type
SAML 2.0 Configuration function, domain scope.
Syntax
int SM_EXTERN Sm_PolicyApi_AddSAMLServiceProvider ( void* pSessionHandle, Sm_PolicyApi_SAMLSP_t* pstructSAMLSP, const bool bUpdate, char** pszErrMsg );
Parameter |
I/O |
Description |
---|---|---|
pSessionHandle |
I |
A pointer to an internal Policy Management API data structure. The structure holds information about the administrator session and the client session. |
pstructSAMLSP |
I |
A pointer to a completed Service Provider structure. |
bUpdate |
I |
Specifies whether an update operation should be performed on an existing object. |
pszErrMsg |
O |
String containing an error message if the Service Provider is not added or updated successfully. The Policy Management API allocates memory for this parameter dynamically. It is the responsibility of the custom application to free it using a call to Sm_PolicyApi_FreeString(). If Sm_PolicyApi_MissingProperty or Sm_PolicyApi_InvalidProp are returned, this field contains the name of the property that is missing or invalid. |
Returns
Creates a new SiteMinder authentication scheme. Attributes of the scheme are contained in the pstructScheme structure.
If the scheme exists and the bUpdate flag is true, the item is updated.
Type
Authentication scheme function, global scope.
Syntax
int SM_EXTERN Sm_PolicyApi_AddScheme ( void* pSessionHandle, Sm_PolicyApi_Scheme_t* pstructScheme, const bool bUpdate );
Parameter |
I/O |
Description |
---|---|---|
pSessionHandle |
I |
A pointer to an internal Policy Management API data structure. The structure holds information about the administrator session and the client session. |
pstructScheme |
I |
A pointer to a completely filled-in scheme structure. |
bUpdate |
I |
A flag to indicate that if an existing object is found, it should be updated. |
Returns
Adds a default target configuration setting in a SAML 1.x authentication scheme.
Syntax
The Sm_PolicyApi_AddTargetConfigToSAML1xScheme function has the following syntax:
int SM_EXTERN Sm_PolicyApi_AddTargetConfigToSAML1xScheme( void* pHandle, const char* pszSchemeOid, const char* pszURL, int iQPOverridesTarget );
Parameters
The Sm_PolicyApi_AddTargetConfigToSAML1xScheme function accepts the following parameters:
[in] A pointer to an internal Policy Management API data structure. The structure holds information about the administrator session and the client session.
[in] A null-terminated string containing the object identifier of the authentication scheme being updated.
[in] A pointer to a valid default target configuration URL.
[in] An integer specifying the value specified in the 'Query parameter override Default Target' check box.
Valid values for iQPOverridesTarget are:
Return Values
The Sm_PolicyApi_AddTargetConfigToSAML1xScheme function returns one of the following values:
Adds an item to the group identified by pszGroupOid.
The item (which may be a group) and the group must exist and must be of the same type.
The pszDomainOid parameter is required by a rule group or response group. An agent group does not require a domain OID because it is not a domain-based object.
Type
Group function, global scope (agents) or domain scope (responses, rules).
Syntax
int SM_EXTERN Sm_PolicyApi_AddToGroup ( void* pSessionHandle, Sm_PolicyApi_Groups_t dwGroup, const char* pszItemOid, const char* pszGroupOid, const char* pszDomainOid );
Parameter |
I/O |
Description |
---|---|---|
pSessionHandle |
I |
A pointer to an internal Policy Management API data structure. The structure holds information about the administrator session and the client session. |
dwGroup |
I |
The type of group. |
pszItemOid |
I |
A null-terminated string containing the object identifier of an existing item of the same type as the group. |
pszGroupOid |
I |
A null-terminated string containing the object identifier of a group of the type indicated by dwGroup. |
pszDomainOid |
I |
A null-terminated string containing the object identifier of an existing domain. Required for rule and response objects. |
Returns
Creates or modifies a trusted host object in the object store.
Use this function to register the trusted host "offline"-that is, without a connection between the agent and the Policy Server. When you use this function, you must run the SiteMinder smreghost tool to define the shared secret in the host configuration file (default name SmHost.conf). You define the shared secret with the -sh option of the smreghost tool.
Type
Agent configuration function, global scope.
Syntax
int SM_EXTERN Sm_PolicyApi_AddTrustedHost ( void* pSessionHandle, Sm_PolicyApi_TrustedHost_t* pstructTrustedHost, bool bUpdate, bool bGenSharedSecret );
Parameter |
I/O |
Description |
---|---|---|
pSessionHandle |
I |
Specifies the identifier of the session. |
pstructTrustedHost |
I/O |
The address of a structure of type Sm_PolicyApi_TrustedHost_t. The structure is filled by a caller prior to a function call. |
bUpdate |
I |
Specifies whether the function was called to update the existing object in the object store. |
bGenSharedSecret |
I |
Indicates whether to generate the shared secret. |
Remarks
If bGenSharedSecret is true, the function generates a 128-byte value and updates the pszSecret field of pstructTrustedHost. If bGenSharedSecret is false, the value of the shared secret for a new or updated trusted host object is taken from the pszSecret field of the pstructTrustedHost structure.
If both bGenSharedSecret and bUpdate are true, the function ignores the value specified in the pszSecret field of pstructTrustedHost, generates a new value, and updates the object in the object store and in the pszSecret field of pstructTrustedHost.
If the function generates the shared secret, you must retrieve the generated shared secret in clear text so that you can define it in the -sh option of the smreghost tool. To retrieve the shared secret, call Sm_PolicyApi_GetTrustedHost().
In past releases, agent registration with the Policy Server always used 128-byte random ASCII shared secrets. The new model makes it possible to use a user-defined string value as a shared secret. This is a potential security weakness. The administrator who chooses offline agent host configuration must create a strong shared secret and store it safely. It is strongly recommended that you call the function Sm_PolicyApi_AddTrustedHost() with the bGenSharedSecret parameter set to true. This enforces automatic generation of a hard-to-guess shared secret.
Use of this function is not required to either create a trusted host or to define the host configuration. SiteMinder automatically creates and configures the trusted host during installation, and also when you run smreghost without using the -sh option.
Returns
Adds a user directory to an existing affiliate domain.
Type
Federation function
Syntax
int SM_EXTERN Sm_PolicyApi_AddUserDirToAffiliateDomain ( void* pSessionHandle, const char* pszUserDirOid, const char* pszAffiliateDomainOid );
Parameter |
I/O |
Description |
---|---|---|
pSessionHandle |
I |
A pointer to an internal Policy Management API data structure. The structure holds information about the administrator session and the client session. |
pszUserDirOid |
I |
A null-terminated string containing the object identifier of an existing user directory. |
pszAffiliate |
I |
A null-terminated string containing the object identifier of an existing affiliate domain. |
Returns
Associates the directory object identified by pszUserDirOid with the domain identified by pszDomainOid. The directory object is appended to the end of the search order.
Type
User directory function, global scope.
Syntax
int SM_EXTERN Sm_PolicyApi_AddUserDirToDomain ( void* pSessionHandle, const char* pszUserDirOid, const char* pszDomainOid );
Parameter |
I/O |
Description |
---|---|---|
pSessionHandle |
I |
A pointer to an internal Policy Management API data structure. The structure holds information about the administrator session and the client session. |
pszUserDirOid |
I |
A null-terminated string containing the object identifier of an existing user directory. |
pszDomainOid |
I |
A null-terminated string containing the object identifier of an existing domain. |
Returns
Adds or updates the UseSecureAuthURL property to a SAML 1.x affiliate.
Syntax
int SM_EXTERN Sm_PolicyApi_AddUseSecureAuthPropToAffiliate( void* pHandle, char* pszAffiliateOID, bool bUseSecureAuthURL );
Parameters
[in] A pointer to an internal Policy Management API data structure. The structure holds information about the administrator session and the client session.
[in] A pointer to the OID of an existing SMAL 1.x affiliate.
[in] A Boolean value that specifies whether to use a secure authentication URL for this affiliate.
Returns
Adds a user directory entry to an affiliate.
Type
Federation function
Syntax
int SM_EXTERN Sm_PolicyApi_AddUsersToAffiliate ( void* pSessionHandle, const char* pszAffiliateOid, Sm_PolicyApi_User_t *pStructUsers, int iPolicyFlags );
Parameter |
I/O |
Description |
---|---|---|
pSessionHandle |
I |
A pointer to an internal Policy Management API data structure. The structure holds information about the administrator session and the client session. |
pszAffiliateOid |
I |
A null-terminated string containing the object identifier of an existing affiliate. |
pStructUsers |
I |
Pointer to a Sm_PolicyApi_User_t structure containing information about the user directory. |
iPolicyFlags |
I |
A bit field that indicates whether the policy includes or excludes a user and whether the policy should be applied recursively. The bit definitions are listed in Figure 21 on page 112. |
Returns
Adds a user directory entry to the policy identified by pszPolicyOid. Only one user specification (which may be an aggregate) can be added at a time.
Type
User and user state function.
Syntax
int SM_EXTERN Sm_PolicyApi_AddUsersToPolicy ( void* pSessionHandle, const char* pszPolicyOid, Sm_PolicyApi_User_t* pStructUsers, int iPolicyFlags );
Parameter |
I/O |
Description |
---|---|---|
pSessionHandle |
I |
A pointer to an internal Policy Management API data structure. The structure holds information about the administrator session and the client session. |
pszPolicyOid |
I |
A null-terminated string containing the object identifier of an existing policy to which a user is to be added. |
pStructUsers |
I |
Pointer to a Sm_PolicyApi_User_t structure containing information about the user directory. |
iPolicyFlags |
I |
A bit field that indicates whether the policy includes or excludes users, and whether the policy should be applied recursively. Bit definitions are listed in Policy Flags. |
Returns
Associates a user directory entry with SAML 2.0 Service Provider.
Type
SAML 2.0 Configuration function, domain scope.
Syntax
int SM_EXTERN Sm_PolicyApi_AddUsersToSAMLServiceProvider
( void* pSessionHandle, const char* pszProviderOid, Sm_PolicyApi_User_t* pStructUsers, int iPolicyFlags );
Parameter |
I/O |
Description |
---|---|---|
pSessionHandle |
I |
A pointer to an internal Policy Management API data structure. The structure holds information about the administrator session and the client session. |
pszProviderOid |
I |
A null-terminated string containing the object identifier of an existing SAML Service Provider. |
pStructUsers |
I |
Pointer to a Sm_PolicyApi_User_t structure containing information about the user directory. |
iPolicyFlags |
I |
A bit field that indicates whether:
|
Returns
Associates a user directory entry with WS-Federation Resource Partner.
Syntax
int SM_EXTERN Sm_PolicyApi_AddUsersToWSFEDResourcePartner ( void* pSessionHandle, const char * pszProviderOid, Sm_PolicyApi_User_t *pStructUsers, int iPolicyFlags );
Parameters
[in] A pointer to an internal Policy Management API data structure. The structure holds information about the administrator session and the client session.
[in] A null-terminated string containing the object identifier of an existing WS-Federation Resource Partner.
[in] A Pointer to a Sm_PolicyApi_User_t structure containing information about the user directory.
[in] A bit field that indicates whether the policy created for WS-Federation Resource Partner includes or excludes a user and whether the policy should be applied recursively.
Return Values
Adds a variable object.
Type
Variable function.
Syntax
int SM_EXTERN Sm_PolicyApi_AddVariable ( void* pSessionHandle, Sm_PolicyApi_Variable_t* pstructVariable, const bool bUpdate );
Parameter |
I/O |
Description |
---|---|---|
pSessionHandle |
I |
A pointer to an internal Policy Management API data structure. The structure holds information about the administrator session and the client session. |
pstructVariable |
I |
A pointer to a Sm_PolicyApi_Variable_t structure containing information about the variable. |
bUpdate |
I |
A flag to indicate that if an existing object is found, it should be updated. |
Returns
Creates a new or update an existing WS-Federation Resource Partner object. Validation of properties (values and dependencies on other properties) is performed.
Syntax
int SM_EXTERN Sm_PolicyApi_AddWSFEDResourcePartner ( void* pSessionHandle, Sm_PolicyApi_WSFEDResourcePartner_t* structServiceProvider, const bool bUpdate, char **pszErrMsg );
Parameters
[in] A pointer to an internal Policy Management API data structure. The structure holds information about the administrator session and the client session.
[in] A pointer to a completely filled-in WS-Federation Resource Partner structure.
[in] A flag to indicate that if an existing object is found, update it.
[out] When a call to this function returns a value of Sm_PolicyApi_SAML_UnknownProperty, Sm_PolicyApi_MissingProperty, or Sm_PolicyApi_InvalidProp, this variable contains the name of the property which produced the error. You release the memory allocated for this variable by using a call to Sm_PolicyApi_FreeString().
Return Values
Remarks
In the event that a Resource Partner cannot be created, any objects created in the policy store must be rolled back. In addition, the prefix string wsfed: will be used for the Name property to differentiate between affiliate: and samlsp:.
Creates a new or updates an existing SiteMinder WSFED authentication scheme (WSFED auth scheme) object. Validation of properties (values and dependencies on other properties) is performed.
Syntax
int SM_EXTERN Sm_PolicyApi_AddWSFEDScheme( void* pSessionHandle, Sm_PolicyApi_Scheme_t* pstructScheme, Sm_PolicyApi_WSFEDProviderProp_t* pProps, const bool bUpdate, char **pszErrMsg );
Parameters
[in] A pointer to an internal Policy Management API data structure. The structure holds information about the administrator session and the client session.
[in] A pointer to a completely filled-in scheme structure.
[in] A pointer to a linked list of WSFED provider properties.
[in] A flag to indicate that if an existing object is found, it should be updated.
[out] When a call to this function returns a value of Sm_PolicyApi_WSFED_UnknownProperty, Sm_PolicyApi_MissingProperty or Sm_PolicyApi_InvalidProp, this variable contains the name of the property which produced the error. You release the memory allocated for this variable by using a call to SmPolicyApi_FreeString().
Return Values
Converts a v4.x agent to a v5.x agent.
Calling this function is the equivalent of clearing the Support 4.x agents check box on the Agent Properties dialog box.
Type
Agent function, global scope.
Syntax
int SM_EXTERN Sm_PolicyApi_ConvertFromLegacyAgent ( void* pSessionHandle, Sm_PolicyApi_Agent_t* pStructAgent );
Parameter |
I/O |
Description |
---|---|---|
pSessionHandle |
I |
A pointer to an internal Policy Management API data structure. The structure holds information about the administrator session and the client session. |
pStructAgent |
I |
A pointer to a completely filled-in agent structure. |
Returns
Converts a v5.x agent to a v4.x agent.
Calling this function is the equivalent of checking the Support 4.x agents check box on the Agent Properties dialog box.
Type
Agent function, global scope.
Syntax
int SM_EXTERN Sm_PolicyApi_ConvertToLegacyAgent ( void* pSessionHandle, Sm_PolicyApi_Agent_t* pStructAgent );
Parameter |
I/O |
Description |
---|---|---|
pSessionHandle |
I |
A pointer to an internal Policy Management API data structure. The structure holds information about the administrator session and the client session. |
pStructAgent |
I |
A pointer to a completely filled-in agent structure. |
Returns
Creates an authentication and authorization directory mapping object.
Type
Authentication/Authorization map function, global scope.
Syntax
int SM_EXTERN Sm_PolicyApi_CreateAuthAzMap ( void* pSessionHandle, Sm_PolicyApi_AuthAzMap_t* pAuthAzMap, const bool bUpdate );
Parameter |
I/O |
Description |
---|---|---|
pSessionHandle |
I |
A pointer to an internal Policy Management API data structure. The structure holds information about the administrator session and the client session. |
pAuthAzMap |
I |
The address of a pointer to information about authentication and authorization mapping. |
bUpdate |
I |
A flag to indicate that if an existing object is found, it should be updated. |
Returns
Creates a certification mapping object.
Type
Certificate map function, global scope.
Syntax
int SM_EXTERN Sm_PolicyApi_CreateCertMap ( void* pSessionHandle, Sm_PolicyApi_CertMap_t* pCertMap, const bool bUpdate );
Parameter |
I/O |
Description |
---|---|---|
pSessionHandle |
I |
A pointer to an internal Policy Management API data structure. The structure holds information about the administrator session and the client session. |
pCertMap |
I |
The address of a pointer to Sm_PolicyApi_CertMap_t, which contains information about certificate mapping. |
Update |
I |
A flag to indicate that if an existing object is found, it should be updated. |
Returns
Creates a new ODBC Query Scheme. An ODBC query scheme is used to create an ODBC directory. The attributes of the user directory are contained in the pstructODBCQueryScheme structure.
If the user ODBC query scheme object exists and the bUpdate flag is true, the item is updated.
Type
ODBC query scheme function, global scope.
Syntax
int SM_EXTERN Sm_PolicyApi_CreateODBCQueryScheme ( void* pSessionHandle, Sm_PolicyApi_ODBCQueryScheme_t* pstructODBCQueryScheme, const bool bUpdate );
Parameter |
I/O |
Description |
---|---|---|
pSessionHandle |
I |
A pointer to an internal Policy Management API data structure. The structure holds information about the administrator session and the client session. |
pstructODBCQueryScheme |
I |
A pointer to a completely filled-in ODBC query scheme. |
bUpdate |
I |
A flag to indicate that if an existing object is found, it should be updated. |
Returns
Creates a new SiteMinder user directory object at global scope. The attributes of the user directory are contained in the pstructUserDir structure.
If the user directory object exists and the bUpdate flag is true, the item is updated.
Type
User directory function, global scope.
Syntax
int SM_EXTERN Sm_PolicyApi_CreateUserDir ( void* pSessionHandle, Sm_PolicyApi_UserDir_t* pstructUserDir, const bool bUpdate );
Parameter |
I/O |
Description |
---|---|---|
pSessionHandle |
I |
A pointer to an internal Policy Management API data structure. The structure holds information about the administrator session and the client session. |
pstructUserDir |
I |
A pointer to a completely filled-in user directory structure. |
bUpdate |
I |
A flag to indicate that if an existing object is found, it should be updated. |
The following table shows the SM_PolicyAPI_UserDir_t field that Sm_PolicyApi_CreateUserDir() uses for different types of user directories:
Field |
User Directory Type |
|||
---|---|---|---|---|
ODBC |
LDAP |
WinNT |
Custom |
|
pszOid Object Identifier of the user directory being updated |
X |
X |
X |
X |
pszName Required field. |
X |
X |
X |
X |
pszDesc |
X |
X |
X |
X |
pszNamespace Required field. |
ODBC |
LDAP |
WinNT |
Custom |
pszServer Required field. |
ODBC data source |
IP address |
NT Domain name |
Name of shared library |
pszODBCQuerySchemeOid Required field. |
X |
|
|
|
pszSearchRoot |
|
X |
|
parameter string |
pszUserLookupStart |
|
X |
|
|
pszUserLookupEnd |
|
X |
|
|
bRequireCredentials |
X |
X |
X |
X |
pszUsername Required field if bRequireCredentials is true. |
X |
X |
X |
X |
pszPassword Required field if bRequireCredentials is true. |
X |
X |
X |
X |
nSearchResults |
|
X |
|
Max results |
nSearchScope |
|
X |
|
|
nSearchTimeout |
|
X |
|
Max time out |
bSecureConnection |
|
X |
|
X |
pszDisabledAttr |
X |
X |
|
(Varies) |
pszUniversalIDAttr |
X |
X |
X |
(Varies) |
pszAnonymousId |
|
X |
|
(Varies) |
pszPasswordData |
X |
X |
|
(Varies) |
pszPasswordAttribute |
X |
X |
|
(Varies) |
pszEmailAddressAttr |
|
|
|
|
pszChallengeRespAttr |
|
X |
|
(Varies) |
Note: With custom directories, fields indicated by the word varies may or may not apply to the user directory object being created.
Returns
Deletes the administrator object identified by pszAdminOid.
Type
Administrator function, global scope.
Syntax
int SM_EXTERN Sm_PolicyApi_DeleteAdmin ( void* pSessionHandle, const char* pszAdminOid )
Parameter |
I/O |
Description |
---|---|---|
pSessionHandle |
I |
A pointer to an internal Policy Management API data structure. The structure holds information about the administrator session and the client session. |
pszAdminOid |
I |
A null-terminated string containing the object identifier of an existing administrator. |
Returns
Deletes an existing affiliate.
Type
Federation function
Syntax
int SM_EXTERN Sm_PolicyApi_DeleteAffiliate ( void* pSessionHandle, const char* pszAffiliateOid );
Parameter |
I/O |
Description |
---|---|---|
pSessionHandle |
I |
A pointer to an internal Policy Management API data structure. The structure holds information about the administrator session and the client session. |
pszAffiliateOid |
I |
A null-terminated string containing the object identifier of an existing affiliate. |
Remarks
This function deletes affiliate objects that are based on the artifact profile or the POST profile (see the Sm_PolicyApi_Affiliate_t field SAMLProfile). Deletion of an affiliate object based on the POST profile requires an API version of at least SM_POLICY_API_VERSION_6_0_2. If an earlier version is involved, and the function specifies an affiliate object based on a POST profile, the request fails.
Returns
Deletes an existing affiliate domain.
Type
Federation function
Syntax
int SM_EXTERN Sm_PolicyApi_DeleteAffiliateDomain ( void* pSessionHandle, const char* pszAffiliateDomainOid );
Parameter |
I/O |
Description |
---|---|---|
pSessionHandle |
I |
A pointer to an internal Policy Management API data structure. The structure holds information about the administrator session and the client session. |
pszAffiliate |
I |
A null-terminated string containing the object identifier of an existing affiliate domain. |
Returns
Deletes the agent identified by pszAgentOid.
Type
Agent function, global scope.
Syntax
int SM_EXTERN Sm_PolicyApi_DeleteAgent ( void* pSessionHandle, const char* pszAgentOid );
Parameter |
I/O |
Description |
---|---|---|
pSessionHandle |
I |
A pointer to an internal Policy Management API data structure. The structure holds information about the administrator session and the client session. |
pszAgentOid |
I |
A null-terminated string containing the object identifier of an existing agent. |
Returns
Deletes an agent configuration object.
Type
Agent configuration function, global scope.
Syntax
int SM_EXTERN Sm_PolicyApi_DeleteAgentConfig ( void* pSessionHandle, const char* pszAgentConfigOid );
Parameter |
I/O |
Description |
---|---|---|
pSessionHandle |
I |
A pointer to an internal Policy Management API data structure. The structure holds information about the administrator session and the client session. |
pszAgentConfigOid |
I |
Unique identifier of the agent configuration object to delete. |
Returns
Deletes an authentication and authorization directory mapping object.
Type
Authentication/Authorization map function, global scope.
Syntax
int SM_EXTERN Sm_PolicyApi_DeleteAuthAzMap ( void* pSessionHandle, const char* pszAuthAzMapOid );
Parameter |
I/O |
Description |
---|---|---|
pSessionHandle |
I |
A pointer to an internal Policy Management API data structure. The structure holds information about the administrator session and the client session. |
pszAuthAzMapOid |
I |
A null-terminated string containing the object identifier of the directory mapping object. |
Returns
Deletes a certificate mapping object.
Type
Certificate map function, global scope.
Syntax
int SM_EXTERN Sm_PolicyApi_DeleteCertMap ( void* pSessionHandle, const char* pszCertMapOid );
Parameter |
I/O |
Description |
---|---|---|
pSessionHandle |
I |
A pointer to an internal Policy Management API data structure. The structure holds information about the administrator session and the client session. |
pszCertMapOid |
I |
A null-terminated string containing the object identifier of the certificate mapping object. |
Returns
Deletes the domain identified by pszDomainOid as well as the domain's children (rules, responses, realms, and policies).
Type
Domain function, global scope.
Syntax
int SM_EXTERN Sm_PolicyApi_DeleteDomain ( void* pSessionHandle, const char* pszDomainOid );
Parameter |
I/O |
Description |
---|---|---|
pSessionHandle |
I |
A pointer to an internal Policy Management API data structure. The structure holds information about the administrator session and the client session. |
pszDomainOid |
I |
A null-terminated string containing the object identifier of an existing domain. |
Returns
Deletes a host configuration object from the policy store.
Type
Agent configuration function, global scope.
Syntax
int SM_EXTERN Sm_PolicyApi_DeleteHostConfig ( void* pSessionHandle, const char* pszHostConfigOid );
Parameter |
I/O |
Description |
---|---|---|
pSessionHandle |
I |
A pointer to an internal Policy Management API data structure. The structure holds information about the administrator session and the client session. |
pszHostConfigOid |
I |
Unique identifier of the host configuration object to delete. |
Returns
Deletes the group object identified by pszGroupOid.
The pszDomainOid parameter is required by a rule group or response group. An agent group does not require a domain OID because it is not a domain-based object.
Type
Group function, global scope (agents) or domain scope (responses, rules).
Syntax
int SM_EXTERN Sm_PolicyApi_DeleteGroup ( void* pSessionHandle, Sm_PolicyApi_Groups_t dwGroup, const char* pszGroupOid, const char* pszDomainOid );
Parameter |
I/O |
Description |
---|---|---|
pSessionHandle |
I |
A pointer to an internal Policy Management API data structure. The structure holds information about the administrator session and the client session. |
dwGroup |
I |
Indicates the type of the group to be deleted. |
pszGroupOid |
I |
A null-terminated string containing the object identifier of the group and the type indicated by dwGroup. |
pszDomainOid |
I |
A null-terminated string containing the object identifier of an existing domain. Required parameter for rule or response group. |
Returns
Deletes the ODBC query scheme identified by pszODBCQuerySchemeOid.
Type
ODBC query scheme function, global scope.
Syntax
int SM_EXTERN Sm_PolicyApi_DeleteODBCQueryScheme ( void* pSessionHandle, const char* pszODBCQuerySchemeOid );
Parameter |
I/O |
Description |
---|---|---|
pSessionHandle |
I |
A pointer to an internal Policy Management API data structure. The structure holds information about the administrator session and the client session. |
pszODBCQuerySchemeOid |
I |
A null-terminated string containing the object identifier of an existing ODBC Query Scheme. |
Returns
Deletes a password policy.
Type
Password policy function, global scope.
Syntax
int SM_EXTERN Sm_PolicyApi_DeletePasswordPolicy ( void* pSessionHandle, const char* pszPasswordPolicyOid );
Parameter |
I/O |
Description |
---|---|---|
pSessionHandle |
I |
A pointer to an internal Policy Management API data structure. The structure holds information about the administrator session and the client session. |
pszPasswordPolicyOid |
I |
A null-terminated string containing the object identifier of a password policy. |
Returns
Deletes the policy identified by pszPolicyOid.
Type
Policy function, domain scope.
Syntax
int SM_EXTERN Sm_PolicyApi_DeletePolicy ( void* pSessionHandle, const char* pszPolicyOid );
Parameter |
I/O |
Description |
---|---|---|
pSessionHandle |
I |
A pointer to an internal Policy Management API data structure. The structure holds information about the administrator session and the client session. |
pszPolicyOid |
I |
A null-terminated string containing the object identifier of an existing policy. |
Returns
Deletes the realm identified by pszRealOid.
Note: You cannot delete a realm while it is inked to rules.
Type
Realm function, domain scope.
Syntax
int SM_EXTERN Sm_PolicyApi_DeleteRealm ( void* pSessionHandle, const char* pszRealmOid );
Parameter |
I/O |
Description |
---|---|---|
pSessionHandle |
I |
A pointer to an internal Policy Management API data structure. The structure holds information about the administrator session and the client session. |
pszRealmOid |
I |
A null-terminated string containing the object identifier of an existing realm. |
Returns
Deletes a registration scheme.
Type
Registration scheme function, global scope.
Syntax
int SM_EXTERN Sm_PolicyApi_DeleteRegistrationScheme ( void* pSessionHandle, const char* pszRegistrationSchemeOid );
Parameter |
I/O |
Description |
---|---|---|
pSessionHandle |
I |
A pointer to an internal Policy Management API data structure. The structure holds information about the administrator session and the client session. |
pszRegistrationOid |
I |
A null-terminated string containing the object identifier of the registration scheme. |
Returns
Deletes the response identified by pszResponseOid and any related response attributes.
Type
Response function, domain scope.
Syntax
int SM_EXTERN Sm_PolicyApi_DeleteResponse ( void* pSessionHandle, const char* pszResponseOid );
Parameter |
I/O |
Description |
---|---|---|
pSessionHandle |
I |
A pointer to an internal Policy Management API data structure. The structure holds information about the administrator session and the client session. |
pszResponseOid |
I |
A null-terminated string containing the object identifier of an existing response. |
Returns
Deletes the rule identified by pszRuleOid.
Type
Rule function, domain scope.
Syntax
int SM_EXTERN Sm_PolicyApi_DeleteRule ( void* pSessionHandle, const char* pszRuleOid );
Parameter |
I/O |
Description |
---|---|---|
pSessionHandle |
I |
A pointer to an internal Policy Management API data structure. The structure holds information about the administrator session and the client session. |
pszRuleOid |
I |
A null-terminated string containing the object identifier of an existing rule. |
Returns
Deletes the SAML affiliation identified by pszAffiliationOid.
Type
SAML 2.0 Configuration function, global scope.
Syntax
int SM_EXTERN Sm_PolicyApi_DeleteSAMLAffiliation ( void* pSessionHandle, const char* pszAffiliationOid );
Parameter |
I/O |
Description |
---|---|---|
pSessionHandle |
I |
A pointer to an internal Policy Management API data structure. The structure holds information about the administrator session and the client session. |
pszAffiliationOid |
I |
A null-terminated string containing the object identifier of an existing SAML affiliation. |
Returns
Deletes the Service Provider identified by pszProviderOid.
Type
SAML 2.0 Configuration function, domain scope.
Syntax
int SM_EXTERN Sm_PolicyApi_DeleteSAMLServiceProvider( void* pSessionHandle, const char* pszProviderOid );
Parameter |
I/O |
Description |
---|---|---|
pSessionHandle |
I |
A pointer to an internal Policy Management API data structure. The structure holds information about the administrator session and the client session. |
pszProviderOid |
I |
A null-terminated string containing the object identifier of an existing Service Provider. |
Returns
Deletes the authentication scheme identified by pszSchemeOid.
Type
Authentication scheme function, global scope.
Syntax
int SM_EXTERN Sm_PolicyApi_DeleteScheme ( void* pSessionHandle, const char* pszSchemeOid );
Parameter |
I/O |
Description |
---|---|---|
pSessionHandle |
I |
A pointer to an internal Policy Management API data structure. The structure holds information about the administrator session and the client session. |
pszSchemeOid |
I |
A null-terminated string containing the object identifier of an existing authentication scheme. |
Returns
Deletes an existing trusted host object from the policy store.
Type
Agent configuration function, global scope.
Syntax
int SM_EXTERN Sm_PolicyApi_DeleteTrustedHost ( void* pSessionHandle, const char* pszTrustedHostOid );
Parameter |
I/O |
Description |
---|---|---|
pSessionHandle |
I |
A pointer to an internal Policy Management API data structure. The structure holds information about the administrator session and the client session. |
pszTrustedHostOid |
I |
Unique identifier of the trusted host object to delete. |
Returns
Deletes the user directory identified by pszUserDirOid.
Type
User directory function, global scope.
Syntax
int SM_EXTERN Sm_PolicyApi_DeleteUserDir ( void* pSessionHandle, const char* pszUserDirOid );
Parameter |
I/O |
Description |
---|---|---|
pSessionHandle |
I |
A pointer to an internal Policy Management API data structure. The structure holds information about the administrator session and the client session. |
pszUserDirOid |
I |
A null-terminated string containing the object identifier of an existing user directory. |
Returns
Deletes a variable object.
Type
Variable function.
Syntax
int SM_EXTERN Sm_PolicyApi_DeleteVariable ( void* pSessionHandle, const char* pszVariableOid );
Parameter |
I/O |
Description |
---|---|---|
pSessionHandle |
I |
A pointer to an internal Policy Management API data structure. The structure holds information about the administrator session and the client session. |
pszVariableOid |
I |
A null-terminated string containing the object identifier of an existing variable. |
Returns
Deletes an existing WS-Federation Resource Partner object.
Syntax
int SM_EXTERN Sm_PolicyApi_DeleteWSFEDResourcePartner ( void* pSessionHandle, const char * pszProviderOid, );
Parameters
[in] A pointer to an internal Policy Management API data structure. The structure holds information about the administrator session and the client session.
[in] A null-terminated string containing the object identifier of an existing WS-Federation Resource Partner.
Return Values
Disables a user for the reason Sm_Api_Disabled_AdminDisabled. It does not change other concurrent disabling reasons.
To make this function work, the attribute for tracking disabled users must be set in the user directory (the pszDisabledAttr field of Sm_PolicyApi_UserDir_t). You can also set the attribute using the Policy Server UI.
Type
User and user state function.
Syntax
int SM_EXTERN Sm_PolicyApi_DisableUser ( void* pSessionHandle, const char* pszUserDirOid, const char* pszUserDN, char** pszErrMsg );
Parameter |
I/O |
Description |
---|---|---|
pSessionHandle |
I |
A pointer to an internal Policy Management API data structure. The structure holds information about the administrator session and the client session. |
pszUserDirOid |
I |
A null-terminated string containing the object identifier of the user directory where the user may be found. |
pszUserDN |
I |
The distinguished name of the user to be disabled. |
pszErrMsg |
O |
String containing an error message if the user is not disabled successfully. You release the memory allocated for this variable by calling Sm_PolicyApi_FreeString(). |
Returns
Enables a user by clearing all the disabled bits. It does not clear the qualifier bit Sm_Api_Disabled_PWMustChange.
Type
User and user state function.
Syntax
int SM_EXTERN Sm_PolicyApi_EnableUser ( void* pSessionHandle, const char* pszUserDirOid, const char* pszUserDN, char** pszErrMsg );
Parameter |
I/O |
Description |
---|---|---|
pSessionHandle |
I |
A pointer to an internal Policy Management API data structure. The structure holds information about the administrator session and the client session. |
pszUserDirOid |
I |
A null-terminated string containing the object identifier of the user directory where the user may be found. |
pszUserDN |
I |
The distinguished name of the user to be enabled. |
pszErrMsg |
O |
String containing an error message if the user is not enabled successfully. You release the memory allocated for this variable by calling Sm_PolicyApi_FreeString(). |
Returns
Flushes the specified realm identified by pszRealmOid from a resource cache.
Type
Utility function.
Syntax
int SM_EXTERN Sm_PolicyApi_FlushRealm ( void* pSessionHandle, const char* pszRealmOid );
Parameter |
I/O |
Description |
---|---|---|
pSessionHandle |
I |
A pointer to an internal Policy Management API data structure. The structure holds information about the administrator session and the client session. |
pszRealmOid |
I |
A null-terminated string containing the object identifier of a realm. |
Returns
Flushes a user from a User Cache.
Type
Utility function.
Syntax
int SM_EXTERN Sm_PolicyApi_FlushUser ( void* pSessionHandle, const char* pszUserDirOid, const char* pszUserDN, char** pszErrMsg );
Parameter |
I/O |
Description |
---|---|---|
pSessionHandle |
I |
A pointer to an internal Policy Management API data structure. The structure holds information about the administrator session and the client session. |
pszUserDirOid |
I |
A null-terminated string containing the object identifier of an existing user directory. |
pszUserDN |
I |
A null-terminated string containing the name of a user in an existing user directory who is to be flushed from the user cache. |
pszErrMsg |
O |
Error message returned by the Policy Management API. You release the memory allocated for this variable by using a call to Sm_PolicyApi_FreeString(). |
Returns
Note: This function is deprecated for clients starting at SM_POLICY_API_VERSION_6_0. Instead, use Sm_PolicyApi_FreeMemoryEx().
Call Sm_PolicyApi_FreeMemory() to free memory that was allocated by the Policy Management API. This includes the Sm_PolicyApi_Server_t structures allocated as part of the Sm_PolicyApi_HostConfig_t structure.
Type
Utility function.
Syntax
int SM_EXTERN Sm_PolicyApi_FreeMemory (void* pMem);
Parameter |
I/O |
description |
---|---|---|
pMem |
I |
A void pointer to memory that was allocated by the Policy Management API. |
Returns
Sm_PolicyApi_Success or Sm_PolicyApi_Failure.
Call Sm_PolicyApi_FreeMemoryEx() to free memory that was allocated by the Policy Management API. This includes the Sm_PolicyApi_Server_t structures allocated as part of the Sm_PolicyApi_HostConfig_t structure.
Note: Clients starting at version SM_POLICY_API_VERSION_6_0 must use this function instead of Sm_PolicyApi_FreeMemory().
Type
Utility function.
Syntax
int SM_EXTERN Sm_PolicyApi_FreeMemoryEx ( void* pInitHandle void* pMem );
Parameter |
I/O |
description |
---|---|---|
pInitHandle |
I |
A void pointer that points to memory that was allocated by the Policy Management API. |
pMem |
I |
A void pointer that points to memory that was allocated by the Policy Management API. |
Returns
Frees string arrays that were allocated by the Policy Management API.
Type
Utility function.
Syntax
int SM_EXTERN Sm_PolicyApi_FreeStringArray ( char* pszStringArray[] );
Parameter |
I/O |
Description |
---|---|---|
pszStringArray |
I |
A pointer to an array of pointers that point to null-terminated strings. |
Returns
This function always returns Sm_PolicyApi_Success.
Gets the contents of the administrator object identified by szAdminOid.
The results of this function are returned in a structure referenced by ppstructAdmin. Free the memory allocated for this structure by calling Sm_PolicyApi_FreeMemoryEx().
Type
Administrator function, global scope.
Syntax
int SM_EXTERN Sm_PolicyApi_GetAdmin ( void* pSessionHandle, const char* pszAdminOid, Sm_PolicyApi_Admin_t** ppstructAdmin );
Parameter |
I/O |
Description |
---|---|---|
pSessionHandle |
I |
A pointer to an internal Policy Management API data structure. The structure holds information about the administrator session and the client session. |
pszAdminOid |
I |
A null-terminated string containing the object identifier of an existing administrator. |
ppstructAdmin |
O |
The address of a pointer to an administrator structure. |
Returns
Gets the contents of the administrator object identified by szAdminName.
The results of this function are returned in a structure referenced by ppstructAdmin. Free the memory allocated for this structure by calling Sm_PolicyApi_FreeMemoryEx().
Type
Administrator function, global scope.
Syntax
int SM_EXTERN Sm_PolicyApi_GetAdminByName ( void* pSessionHandle, const char* pszAdminName, Sm_PolicyApi_Admin_t** ppstructAdmin );
Parameter |
I/O |
Description |
---|---|---|
pSessionHandle |
I |
A pointer to an internal Policy Management API data structure. The structure holds information about the administrator session and the client session. |
pszAdminName |
I |
A null-terminated string containing the name of an existing administrator. |
ppstructAdmin |
O |
The address of a pointer to an administrator structure. |
Returns
Gets an affiliate.
Type
Federation function
Syntax
int SM_EXTERN Sm_PolicyApi_GetAffiliate ( void* pSessionHandle, const char* pszAffiliateOid, Sm_PolicyApi_Affiliate_t** ppstructAffiliate );
Parameter |
I/O |
Description |
---|---|---|
pSessionHandle |
I |
A pointer to an internal Policy Management API data structure. The structure holds information about the administrator session and the client session. |
pszAffiliateOid |
I |
A null-terminated string containing the object identifier of an existing affiliate. |
ppstruct |
O |
The address of a pointer to an affiliate structure. |
Remarks
This function retrieves affiliate objects that are based on the artifact profile or the POST profile (see the Sm_PolicyApi_Affiliate_t field SAMLProfile). Retrieval of an affiliate object based on the POST profile requires an API version of at least SM_POLICY_API_VERSION_6_0_2. If an earlier version is involved, and the function specifies an affiliate object based on a POST profile, the request fails.
Returns
Gets an affiliate.
Type
Federation function
Syntax
int SM_EXTERN Sm_PolicyApi_GetAffiliateByName ( void* pSessionHandle, const char* pszAffiliateOid, const char* pszAffiliateName, Sm_PolicyApi_Affiliate_t** ppstructAffiliate );
Parameter |
I/O |
Description |
---|---|---|
pSessionHandle |
I |
A pointer to an internal Policy Management API data structure. The structure holds information about the administrator session and the client session. |
pszAffiliateOid |
I |
A null-terminated string containing the object identifier of an existing affiliate. |
pszAffiliateName |
I |
A null-terminated string containing the name of an existing affiliate. |
ppstruct |
O |
The address of a pointer to an affiliate structure. |
Remarks
This function retrieves affiliate objects that are based on the artifact profile or the POST profile (see the Sm_PolicyApi_Affiliate_t field SAMLProfile). Retrieval of an affiliate object based on the POST profile requires an API version of at least SM_POLICY_API_VERSION_6_0_2. If an earlier version is involved, and the function specifies an affiliate object based on a POST profile, the request fails.
Returns
Gets an affiliate domain.
Type
Federation function
Syntax
int SM_EXTERN Sm_PolicyApi_GetAffiliateDomain ( void* pSessionHandle, const char* pszAffiliateDomainOid, Sm_PolicyApi_AffiliateDomain_t** ppstructAffiliateDomain );
Parameter |
I/O |
Description |
---|---|---|
pSessionHandle |
I |
A pointer to an internal Policy Management API data structure. The structure holds information about the administrator session and the client session. |
pszAffiliate |
I |
A null-terminated string containing the object identifier of an existing affiliate domain. |
ppstruct |
O |
The address of a pointer to an affiliate domain structure. |
Returns
Gets an affiliate domain.
Type
Federation function
Syntax
int SM_EXTERN Sm_PolicyApi_GetAffiliateDomainByName ( void* pSessionHandle, const char* pszAffiliateDomainName, Sm_PolicyApi_AffiliateDomain_t** ppstructAffiliateDomain );
Parameter |
I/O |
Description |
---|---|---|
pSessionHandle |
I |
A pointer to an internal Policy Management API data structure. The structure holds information about the administrator session and the client session. |
pszAffiliate |
I |
A null-terminated string containing the name of an existing affiliate domain. |
ppstruct |
O |
The address of a pointer to an affiliate domain structure. |
Returns
Gets affiliate domain objects.
Type
Federation function
Syntax
int SM_EXTERN Sm_PolicyApi_GetAffiliateDomainObjects ( void* pSessionHandle, const char* pszAffiliateDomainOid, const Sm_PolicyApi_Objects_t nObjectId, Sm_PolicyApi_Oid_t** ppstructObject );
Parameter |
I/O |
Description |
---|---|---|
pSessionHandle |
I |
A pointer to an internal Policy Management API data structure. The structure holds information about the administrator session and the client session. |
pszAffiliate |
I |
A null-terminated string containing the object identifier of an existing affiliate domain. |
nObjectId |
I |
The type of domain object to retrieve. Valid types are for affiliate, admin, and user directory objects only. |
ppstructObject |
O |
The address of a pointer to a Sm_PolicyApi_Oid_t structure |
Returns
Gets the user directory search order for an affiliate domain.
Type
Federation function
Syntax
int SM_EXTERN Sm_PolicyApi_GetAffiliateDomainUserDirSearchOrder ( void* pSessionHandle, const char* pszAffiliateDomainOid, char** pszArray[] );
Parameter |
I/O |
Description |
---|---|---|
pSessionHandle |
I |
A pointer to an internal Policy Management API data structure. The structure holds information about the administrator session and the client session. |
pszAffiliate |
I |
A null-terminated string containing the object identifier of an existing affiliate domain. |
pszArray |
O |
The returned array of user directory OIDs of the requested objects. |
Returns
Retrieves all the SAML authentication schemes associated with the specified SAML affiliation.
Type
SAML 2.0 Configuration function, global scope.
Syntax
int SM_EXTERN Sm_PolicyApi_GetAffiliatedSAMLAuthSchemes ( void* pSessionHandle, const char* pszAffiliationOid, Sm_PolicyApi_Scheme_t** ppstructSchemes );
Parameter |
I/O |
Description |
---|---|---|
pSessionHandle |
I |
A pointer to an internal Policy Management API data structure. The structure holds information about the administrator session and the client session. |
pszAffiliationOid |
I |
A null-terminated string containing the object identifier of an existing SAML affiliation. |
ppstructSchemes |
O |
The address of a pointer to SAML authentication scheme structures. |
Returns
Retrieves all the Service Providers associated with the specified SAML affiliation.
Type
SAML 2.0 Configuration function, global scope.
Syntax
int SM_EXTERN Sm_PolicyApi_GetAffiliatedSAMLServiceProviders ( void* pSessionHandle, const char* pszAffiliationOid, Sm_PolicyApi_SAMLSP_t** ppstructSAMLSPs );
Parameter |
I/O |
Description |
---|---|---|
pSessionHandle |
I |
A pointer to an internal Policy Management API data structure. The structure holds information about the administrator session and the client session. |
pszAffiliationOid |
I |
A null-terminated string containing the object identifier of an existing SAML affiliation. |
ppstructSAMLSPs |
O |
The address of a pointer to Service Provider structures. |
Returns
Gets the user directory entries for an affiliate.
Type
Federation function
Syntax
int SM_EXTERN Sm_PolicyApi_GetAffiliateUsers ( void* pSessionHandle, const char* pszAffiliateOid, const char* pszUserDirOid, Sm_PolicyApi_User_t **ppStructUsers );
Parameter |
I/O |
Description |
---|---|---|
pSessionHandle |
I |
A pointer to an internal Policy Management API data structure. The structure holds information about the administrator session and the client session. |
pszAffiliateOid |
I |
A null-terminated string containing the object identifier of an existing affiliate. |
pszUserDirOid |
I |
A null-terminated string containing the object identifier of an existing user directory. |
ppStructUsers |
O |
The address of a pointer to a linked list of user structures. |
Returns
Gets the contents of the agent identified by pszAgentOid. The results of this function are returned in a structure referenced by ppstructAgent.
Free the memory allocated for this structure by calling Sm_PolicyApi_FreeMemoryEx().
Type
Agent function, global scope.
Syntax
int SM_EXTERN Sm_PolicyApi_GetAgent ( void* pSessionHandle, const char* pszAgentOid, Sm_PolicyApi_Agent_t** ppstructAgent );
Parameter |
I/O |
Description |
---|---|---|
pSessionHandle |
I |
A pointer to an internal Policy Management API data structure. The structure holds information about the administrator session and the client session. |
pszAgentOid |
I |
A null-terminated string containing the object identifier of an existing agent. |
ppstructAgent |
O |
The address of a pointer to an agent structure. |
Returns
Gets the contents of the agent identified by szAgentName. The results of this function are returned in a structure referenced by ppstructAgent.
Free the memory allocated for this structure by calling Sm_PolicyApi_FreeMemoryEx().
Type
Agent function, global scope.
Syntax
int SM_EXTERN Sm_PolicyApi_GetAgentByName ( void* pSessionHandle, const char* pszAgentName, Sm_PolicyApi_Agent_t** ppstructAgent );
Parameter |
I/O |
Description |
---|---|---|
pSessionHandle |
I |
A pointer to an internal Policy Management API data structure. The structure holds information about the administrator session and the client session. |
pszAgentName |
I |
A null-terminated string containing the name of an existing agent. |
ppstructAgent |
O |
The address of a pointer to an agent structure. |
Returns
Retrieves an existing agent configuration object.
Type
Agent configuration function, global scope.
Syntax
int SM_EXTERN Sm_PolicyApi_GetAgentConfig ( void* pSessionHandle, const char* pszAgentConfigOid, Sm_PolicyApi_AgentConfig_t** ppstructAgentConfig );
Parameter |
I/O |
Description |
---|---|---|
pSessionHandle |
I |
A pointer to an internal Policy Management API data structure. The structure holds information about the administrator session and the client session. |
pszAgentConfigOid |
I |
Unique identifier of the agent configuration object to retrieve. |
ppstructAgentConfig |
O |
Address of a pointer to a structure that defines the agent configuration object. The function allocates the structure. |
Returns
Retrieves an existing agent configuration object by pszAgentConfigName.
Type
Agent configuration function, global scope.
Syntax
int SM_EXTERN Sm_PolicyApi_GetAgentConfigByName (
void* pSessionHandle, const char* pszAgentConfigName, Sm_PolicyApi_AgentConfig_t** ppstructAgentConfig );
Parameter |
I/O |
Description |
---|---|---|
pSessionHandle |
I |
A pointer to an internal Policy Management API data structure. The structure holds information about the administrator session and the client session. |
pszAgentConfigName |
I |
Unique name of the agent configuration object to retrieve. |
ppstructAgentConfig |
O |
Address of a pointer to a structure that defines the agent configuration object. The function allocates the structure. |
Returns
Retrieves a list of configuration parameters for an agent configuration object.
Type
Agent configuration function, global scope.
Syntax
int SM_EXTERN Sm_PolicyApi_GetAgentConfigAssociations ( void* pSessionHandle, const char* pszAgentConfigOid, Sm_PolicyApi_Association_t** ppstructAssociations );
Parameter |
I/O |
Description |
---|---|---|
pSessionHandle |
I |
A pointer to an internal Policy Management API data structure. The structure holds information about the administrator session and the client session. |
pszAgentConfigOid |
I |
Unique identifier of the agent configuration object. |
ppstructAssociations |
O |
A list of name/value pairs representing the configuration parameters for the agent configuration object. |
Returns
Gets the contents of the agent type object identified by pszAgentTypeOid. The results of this function will be returned in a structure referenced by ppstructAgentType.
Free the memory allocated for this structure by calling Sm_PolicyApi_FreeMemoryEx().
Type
Agent function, global scope.
Syntax
int SM_EXTERN Sm_PolicyApi_GetAgentType ( void* pSessionHandle, const char* pszAgentTypeOid, Sm_PolicyApi_AgentType_t** ppstructAgentType );
Parameter |
I/O |
Description |
---|---|---|
pSessionHandle |
I |
A pointer to an internal Policy Management API data structure. The structure holds information about the administrator session and the client session. |
pszAgentTypeOid |
I |
A null-terminated string containing the object identifier of an existing agent type. |
ppstructAgentType |
O |
The address of a pointer to an agent type structure. |
Returns
Gets the contents of the agent type object identified by pszAgentTypeName. The results of this function will be returned in a structure referenced by ppstructAgentType.
Free the memory allocated for this structure by calling Sm_PolicyApi_FreeMemoryEx().
Type
Agent function, global scope.
Syntax
int SM_EXTERN Sm_PolicyApi_GetAgentTypeByName ( void* pSessionHandle, const char* pszAgentTypeName, Sm_PolicyApi_AgentType_t** ppstructAgentType );
Parameter |
I/O |
Description |
---|---|---|
pSessionHandle |
I |
A pointer to an internal Policy Management API data structure. The structure holds information about the administrator session and the client session. |
pszAgentTypeName |
I |
A null-terminated string containing the name of an existing agent type. |
ppstructAgentType |
O |
The address of a pointer to an agent type structure. |
Returns
Returns one or all agent attributes:
Type
Agent function, global scope.
Syntax
int SM_EXTERN Sm_PolicyApi_GetAgentTypeAttr ( void* pSessionHandle, const char* pszOid, Sm_PolicyApi_AgentTypeAttr_t** ppstructAgentTypeAttr );
Parameter |
I/O |
Description |
---|---|---|
pSessionHandle |
I |
A pointer to an internal Policy Management API data structure. The structure holds information about the administrator session and the client session. |
pszOid |
I |
A null-terminated string containing the object identifier of an existing agent type or agent type attribute. |
ppstructAgentTypeAttr |
O |
The address of a pointer to an agent type attribute structure. |
Returns
Returns an agent type attribute object by name.
Type
Agent function, global scope.
Syntax
int SM_EXTERN Sm_PolicyApi_GetAgentTypeAttrByName ( void* pSessionHandle, const char* szAgentTypeName, Sm_PolicyApi_AgentTypeAttr_t** ppstructAgentTypeAttr );
Parameter |
I/O |
Description |
---|---|---|
pSessionHandle |
I |
A pointer to an internal Policy Management API data structure. The structure holds information about the administrator session and the client session. |
szAgentTypeName |
I |
A null-terminated string containing the name of an existing agent type attribute. |
ppstructAgentTypeAttr |
O |
The address of a pointer to an agent type attribute structure. |
Returns
Gets all the attributes for an affiliate.
Type
Federation function
Syntax
int SM_EXTERN Sm_PolicyApi_GetAllAffiliateAttributes ( void* pSessionHandle, const char* pszAffiliateOid, Sm_PolicyApi_AffiliateAttr_t** ppstructAffiliateAttr );
Parameter |
I/O |
Description |
---|---|---|
pSessionHandle |
I |
A pointer to an internal Policy Management API data structure. The structure holds information about the administrator session and the client session. |
pszAffiliateOid |
I |
A null-terminated string containing the object identifier of an existing affiliate. |
ppstruct |
O |
The address of a pointer to an affiliate attribute structure. |
Returns
Gets all affiliates in the specified affiliate domain.
Type
Federation function
Syntax
int SM_EXTERN Sm_PolicyApi_GetAllAffiliates ( void* pSessionHandle, const char* pszAffiliateDomainOid, Sm_PolicyApi_Affiliate_t** ppstructAffiliates );
Parameter |
I/O |
Description |
---|---|---|
pSessionHandle |
I |
A pointer to an internal Policy Management API data structure. The structure holds information about the administrator session and the client session. |
pszAffiliate |
I |
A null-terminated string containing the object identifier of an existing affiliate domain. |
ppstruct |
O |
The address of a pointer to an affiliate structure. |
Returns
Retrieves all existing SAML affiliation objects.
Type
SAML 2.0 Configuration function, global scope.
Syntax
int SM_EXTERN Sm_PolicyApi_GetAllSAMLAffiliations ( void* pSessionHandle, Sm_PolicyApi_SAMLAffiliation_t** ppstructAffiliations );
Parameter |
I/O |
Description |
---|---|---|
pSessionHandle |
I |
A pointer to an internal Policy Management API data structure. The structure holds information about the administrator session and the client session. |
ppstruct |
O |
The address of a pointer to SAML affiliation structures. |
Returns
Returns a linked list of all attributes defined for a SAML Requester.
Syntax
int SM_EXTERN Sm_PolicyApi_AddAttributeToSAMLScheme( void* pHandle, const Sm_PolicyApi_Scheme_t* pstructScheme, const Sm_PolicyApi_SAMLRequesterAttr_t* pAttr );
Parameter |
I/O |
Description |
---|---|---|
pHandle |
I |
A pointer to an internal Policy Management API data structure. The structure holds information about the administrator session and the client session. |
pstructScheme |
I |
A pointer to a completely filled-in scheme structure. |
pAttr |
O |
A pointer that will be assigned to the first Sm_PolicyApi_SAMLRequesterAttr_t structure in the returned list of attributes. |
Returns
Retrieves all the Service Providers in the specified affiliate domain.
Type
SAML 2.0 Configuration function, domain scope.
Syntax
int SM_EXTERN Sm_PolicyApi_GetAllSAMLServiceProviders ( void* pSessionHandle, const char* pszAffiliateDomainOid, Sm_PolicyApi_SAMLSP_t** ppstructSAMLSPs );
Parameter |
I/O |
Description |
---|---|---|
pSessionHandle |
I |
A pointer to an internal Policy Management API data structure. The structure holds information about the administrator session and the client session. |
pszAffiliate |
I |
A null-terminated string containing the object identifier of an existing affiliate domain. |
ppstructSAMLSPs |
O |
The address of a pointer to Service Provider structures. |
Returns
Retrieves a list of all the Assertion Consumer Services currently in the policy store.
Note: The list of Assertion Consumer Service structures that is returned by this function must be freed using the Sm_PolicyApi_FreeMemory function.
Type
Federation function
Syntax
int SM_EXTERN Sm_PolicyApi_GetAllSAMLSPAssertionConsumerService( void* pSessionHandle, const Sm_PolicyApi_SAMLSPAssertionConsumerService_t** ppstructSAMLSPAssertionConsumerService, const char* pszSAMLSPOid );
Parameter |
I/O |
Description |
---|---|---|
pSessionHandle |
I |
A pointer to an internal Policy Management API data structure. The structure holds information about the administrator session and the client session. |
ppstructSAMLSPAssertion ConsumerServiceAttr |
I |
A pointer to an array of Assertion Consumer Service structures. |
pszSAMLSPOid |
I |
A pointer to a string containing the OID of the Service Provider. |
Returns
Retrieves all the attributes associated with the specified Service Provider.
Type
SAML 2.0 Configuration function, domain scope.
Syntax
int SM_EXTERN Sm_PolicyApi_GetAllSAMLSPAttributes ( void* pHandle, const char* pszSAMLSPOid, Sm_PolicyApi_SAMLSPAttr_t** ppstructSAMLSPAttr );
Parameter |
I/O |
Description |
---|---|---|
pHandle |
I |
A pointer to an internal Policy Management API data structure. The structure holds information about the administrator session and the client session. |
pszSAMLSPOid |
I |
A null-terminated string containing the object identifier of an existing Service Provider. |
ppstructSAML |
O |
The address of a pointer to attribute structures. |
Returns
Retrieves all existing Resource Partner objects.
Syntax
int SM_EXTERN Sm_PolicyApi_GetAllWSFEDResourcePartners ( void* pSessionHandle, const char * pszAffiliateDomainOid, Sm_PolicyApi_WSFEDResourcePartner_t** ppResourcePartners );
Parameters
[in] A pointer to an internal Policy Management API data structure. The structure holds information about the administrator session and the client session.
[in] A null-terminated string containing the object identifier of an existing affiliate domain.
[out] The address of the pointer to WS-Federation Resource Partner structures.
Return Values
Gets the contents of an authentication and authorization directory mapping object.
Type
Authentication/Authorization map function, global scope.
Syntax
int SM_EXTERN Sm_PolicyApi_GetAuthAzMap ( void* pSessionHandle, const char* pszAuthAzMapOid, Sm_PolicyApi_AuthAzMap_t** ppAuthAzMap );
Parameter |
I/O |
Description |
---|---|---|
pSessionHandle |
I |
A pointer to an internal Policy Management API data structure. The structure holds information about the administrator session and the client session. |
pszAuthAzMapOid |
I |
A null-terminated string containing the object identifier of the directory mapping object. |
pszAuthAzMap |
O |
The address of a pointer to an Sm_PolicyApi_AuthAzMap_t structure. |
Returns
Retrieves a certificate mapping object.
Type
Certificate map function, global scope.
Syntax
int SM_EXTERN Sm_PolicyApi_GetCertMap ( void* pSessionHandle, const char* pszCertMapOid, Sm_PolicyApi_CertMap_t** ppCertMap );
Parameter |
I/O |
Description |
---|---|---|
pSessionHandle |
I |
A pointer to an internal Policy Management API data structure. The structure holds information about the administrator session and the client session. |
pszCertMapOid |
I |
A null-terminated string containing the object identifier of the certificate mapping object. |
ppCertMap |
O |
The address of a pointer to an Sm_PolicyApi_CertMap_t structure. |
Returns
Builds the hierarchical realm and rule tree.
This function retrieves a list of OIDs. The OIDs are of type realms, or realms and rules. If the function is called with a domain OID, it retrieves a list of top-level realm OIDs. If the function is called with a realm OID, it retrieves a list of realm and rule OIDs under that realm. The iObjectId field in Sm_PolicyApi_Oid_t specifies the type of OID.
If there are no children for the domain or realm OID, the function returns an empty list.
Type
Realm function, domain scope.
Syntax
int SM_EXTERN Sm_PolicyApi_GetChildren ( void* pSessionHandle, const char* pszOid, Sm_PolicyApi_Oid_t** ppStructObject );
Parameter |
I/O |
Description |
---|---|---|
pSessionHandle |
I |
A pointer to an internal Policy Management API data structure. The structure holds information about the administrator session and the client session. |
pszOid |
I |
A null-terminated string containing the object identifier of a domain or a realm. |
ppStructObject |
O |
The address of a pointer to a Sm_PolicyApi_Oid_t structure. |
Returns
Retrieves a linked list of user structures (referenced by ppStructUsers) for a particular user directory.
The granularity of the response to this function is governed by the following registry entry:
HKLM\Software\Netegrity\SiteMinder\CurrentVersion\Ds\ClassFilters
Free the memory allocated for the returned structures by calling Sm_PolicyApi_FreeMemoryEx().
Type
User directory function, global scope.
Syntax
int SM_EXTERN Sm_PolicyApi_GetDirectoryContents ( void* pSessionHandle, const char* pszUserDirOid, Sm_PolicyApi_User_t** ppStructUserSpec );
Parameter |
I/O |
Description |
---|---|---|
pSessionHandle |
I |
A pointer to an internal Policy Management API data structure. The structure holds information about the administrator session and the client session. |
pszUserDirOid |
I |
A null-terminated string containing the object identifier of an existing user directory. |
ppStructUserSpec |
O |
The address of a pointer to a user structure. |
Returns
Retrieves the disabled state of a user.
To make this function work successfully, you must specify a directory attribute to track disabled users. This attribute is specified in the disabled flag of the user directory. The disabled reasons are enumerated in Sm_Api_DisabledReason_t, which is defined in SmApi.h.
Type
User and user state function.
Syntax
int SM_EXTERN Sm_PolicyApi_GetDisabledUserState ( void* pSessionHandle, const char* pszUserDirOid, const char* pszUserDN, Sm_Api_DisabledReason_t* nDisabledReason, char** pszErrMsg );
Parameter |
I/O |
Description |
---|---|---|
pSessionHandle |
I |
A pointer to an internal Policy Management API data structure. The structure holds information about the administrator session and the client session. |
pszUserDirOid |
I |
A null-terminated string containing the object identifier of an existing user directory where the user may be found. |
pszUserDN |
I |
A null-terminated string containing the distinguished name of a user whose disabled state is to be changed. |
nDisabledReason |
O |
Reason for disabling or enabling a user. Reasons are enumerated in Sm_Api_DisabledReason_t, which is defined in SmApi.h. |
pszErrMsg |
O |
The error message is held in this string if the retrieval was not successful. You release the memory allocated for this variable by calling Sm_PolicyApi_FreeString(). |
Returns
Gets the contents of the domain identified by pszDomainOid. The results of this function are returned in a structure referenced by ppstructDomain.
Free the memory allocated for this structure by calling Sm_PolicyApi_FreeMemoryEx().
Type
Domain function, global scope.
Syntax
int SM_EXTERN Sm_PolicyApi_GetDomain ( void* pSessionHandle, const char* pszDomainOid, Sm_PolicyApi_Domain_t** ppstructDomain );
Parameter |
I/O |
Description |
---|---|---|
pSessionHandle |
I |
A pointer to an internal Policy Management API data structure. The structure holds information about the administrator session and the client session. |
pszDomainOid |
I |
A null-terminated string containing the object identifier of an existing domain. |
ppstructDomain |
O |
The address of a pointer to a domain structure. |
Returns
Gets the contents of the domain identified by pszDomainName. The results of this function are returned in a structure referenced by ppstructDomain.
Free the memory allocated for this structure by calling Sm_PolicyApi_FreeMemoryEx().
Type
Domain function, global scope.
Syntax
int SM_EXTERN Sm_PolicyApi_GetDomainByName ( void* pSessionHandle, const char* pszDomainName, Sm_PolicyApi_Domain_t** ppstructDomain );
Parameter |
I/O |
Description |
---|---|---|
pSessionHandle |
I |
A pointer to an internal Policy Management API data structure. The structure holds information about the administrator session and the client session. |
pszDomainName |
I |
A null-terminated string containing the name of an existing domain. |
ppstructDomain |
O |
The address of a pointer to a domain structure. |
Returns
Retrieves the OIDs of domain objects for a given object type within the domain identified by pszDomainOid. The returned values are contained in the Sm_PolicyApi_Oid_t structure.
Free the memory allocated for this structure by calling Sm_PolicyApi_FreeMemoryEx().
Type
Domain function, global scope.
Syntax
int SM_EXTERN Sm_PolicyApi_GetDomainObjects ( void* pSessionHandle, const char* pszDomainOid, const Sm_PolicyApi_Objects_t nObjectId, Sm_PolicyApi_Oid_t** ppstructObject );
Parameter |
I/O |
Description |
---|---|---|
pSessionHandle |
I |
A pointer to an internal Policy Management API data structure. The structure holds information about the administrator session and the client session. |
pszDomainOid |
I |
A null-terminated string containing the object identifier of an existing domain. |
nObjectId |
I |
The type of domain object to retrieve, as enumerated in Sm_PolicyApi_Objects_t. |
ppstructObject |
O |
The address of a pointer to a Sm_PolicyApi_Oid_t structure. |
Returns
Retrieves the object identifiers of global objects of a specified type. Beginning at SiteMinder v6.0, this function will accept rule, policy, and response properties as global objects, and will return global rules, policies, and responses.
The returned values are contained in structure Sm_PolicyApi_Oid_t. Free the memory allocated for this structure by calling Sm_PolicyApi_FreeMemoryEx().
Note: In releases prior to SiteMinder v4.5, the functionality provided by Sm_PolicyApi_GetGlobalObjects() was provided by Sm_PolicyApi_GetGlobalObjectNames().
Type
General object function, global scope.
Syntax
int SM_EXTERN Sm_PolicyApi_GetGlobalObjects ( void* pSessionHandle, const Sm_PolicyApi_Objects_t nObjectId, Sm_PolicyApi_Oid_t** ppstructObject );
Parameter |
I/O |
Description |
---|---|---|
pSessionHandle |
I |
A pointer to an internal Policy Management API data structure. The structure holds information about the administrator session and the client session. |
nObjectId |
I |
The type of global object to retrieve. Object types are enumerated in Sm_PolicyApi_Objects_t. |
ppstructObject |
O |
The address of a pointer to a Sm_PolicyApi_Oid_t structure. |
Returns
Gets a specified global policy.
The results of this function are returned in a structure referenced by ppstructPolicy. Free the memory allocated for this structure by calling Sm_PolicyApi_FreeMemoryEx().
Type
Administrator function, global scope.
Syntax
int SM_EXTERN Sm_PolicyApi_GetGlobalPolicyByName ( void* pHandle, const char* szPolicyName, Sm_PolicyApi_Policy_t** ppstructPolicy );
Parameter |
I/O |
Description |
---|---|---|
pHandle |
I |
A pointer to an internal Policy Management API data structure. The structure holds information about the administrator session and the client session. |
szPolicyName |
I |
Unique name that corresponds to a global policy. |
ppstructPolicy |
O |
The address of a pointer to a policy structure. |
Returns
Gets the specified global response.
The results of this function are returned in a structure referenced by ppstructResponse.
Free the memory allocated for this structure by calling Sm_PolicyApi_FreeMemoryEx().
Type
Administrator function, global scope.
Syntax
int SM_EXTERN Sm_PolicyApi_GetGlobalResponseByName ( void* pHandle, const char* szResponseName, Sm_PolicyApi_Response_t** ppstructReponse );
Parameter |
I/O |
Description |
---|---|---|
pHandle |
I |
A pointer to an internal Policy Management API data structure. The structure holds information about the administrator session and the client session. |
szResponseName |
I |
Unique name that corresponds to a global response. |
ppstructResponse |
O |
The address of a pointer to a response structure. |
Returns
Gets the specified global rule.
The results of this function are returned in a structure referenced by ppstructRule.
Free the memory allocated for this structure by calling Sm_PolicyApi_FreeMemoryEx().
Type
Administrator function, global scope.
Syntax
int SM_EXTERN Sm_PolicyApi_GetGlobalRuleByName ( void* pHandle, const char* szRuleName, Sm_PolicyApi_Rule_t** ppstructRule );
Parameter |
I/O |
Description |
---|---|---|
pHandle |
I |
A pointer to an internal Policy Management API data structure. The structure holds information about the administrator session and the client session. |
szRuleName |
I |
Unique name that corresponds to a global rule. |
ppstructRule |
O |
The address of a pointer to a response structure. |
Returns
Gets the contents of the group object identified by pszGroupOid. The results of this function are returned in a structure referenced by ppStructGroup.
The pszDomainOid parameter is required by a rule or response group. An agent group does not require a domain OID because it is not a domain-based object.
Free the memory allocated for this structure by calling Sm_PolicyApi_FreeMemoryEx().
Type
Group function, global scope (agents) or domain scope (responses, rules).
Syntax
int SM_EXTERN Sm_PolicyApi_GetGroup ( void* pSessionHandle, Sm_PolicyApi_Groups_t dwGroup, const char* pszGroupOid, const char* pszDomainOid, Sm_PolicyApi_Group_t** ppStructGroup );
Parameter |
I/O |
Description |
---|---|---|
pSessionHandle |
I |
A pointer to an internal Policy Management API data structure. The structure holds information about the administrator session and the client session. |
dwGroup |
I |
The type of group to be retrieved. |
pszGroupOid |
I |
A null-terminated string containing the object identifier of the group object being retrieved. |
pszDomainOid |
I |
A null-terminated string containing the object identifier of an existing domain. Required parameter for rule or response groups. |
ppStructGroup |
O |
The address of a pointer to a group structure. |
Returns
Gets the contents of the group object identified by pszGroupName. The results of this function are returned in a structure referenced by ppStructGroup.
The pszDomainOid parameter is required by a rule or response group. An agent group does not require a domain OID because it is not a domain-based object.
Free the memory allocated for this structure by calling Sm_PolicyApi_FreeMemoryEx().
Type
Group function, global scope (agents) or domain scope (responses, rules).
Syntax
int SM_EXTERN Sm_PolicyApi_GetGroupByName ( void* pSessionHandle, Sm_PolicyApi_Groups_t dwGroup, const char* pszGroupName, const char* pszDomainOid, Sm_PolicyApi_Group_t** ppStructGroup );
Parameter |
I/O |
Description |
---|---|---|
pSessionHandle |
I |
A pointer to an internal Policy Management API data structure. The structure holds information about the administrator session and the client session. |
dwGroup |
I |
The type of group to be retrieved. |
pszGroupOid |
I |
A null-terminated string containing the object identifier of the group object being retrieved. |
pszDomainName |
I |
A null-terminated string containing the name of an existing domain. Required parameter for rule or response groups. |
ppStructGroup |
O |
The address of a pointer to a group structure. |
Returns
Retrieves the object identifiers contained within a group object. The results of this function are returned in a structure referenced by ppStructObjects.
Free the memory allocated for this structure by calling Sm_PolicyApi_FreeMemoryEx().
pszDomainOid is required by a rule group or response group. An agent group does not require a domain OID because it is not a domain-based object.
Note: At releases prior to SiteMinder v4.5, the functionality provided by Sm_PolicyApi_GetGroupOids() was provided by Sm_PolicyApi_GetGroupNames().
Type
Group function, global scope (agents) or domain scope (responses, rules).
Syntax
int SM_EXTERN Sm_PolicyApi_GetGroupOids ( void* pSessionHandle, Sm_PolicyApi_Groups_t dwGroup, const char* pszGroupOid, const char* pszDomainOid, Sm_PolicyApi_Oid_t** ppStructObjects );
Parameter |
I/O |
Description |
---|---|---|
pSessionHandle |
I |
A pointer to an internal Policy Management API data structure. The structure holds information about the administrator session and the client session. |
dwGroup |
I |
Indicates the type of the group from which to retrieve object identifiers. |
pszGroupOid |
I |
A null-terminated string containing the object identifier of a group of the type indicated by dwGroup. |
pszDomainOid |
I |
A null-terminated string containing the object identifier of an existing domain. Required parameter for rule or response group. |
ppStructObjects |
O |
A pointer to the address of an object structure. |
Returns
Retrieves an existing host configuration object.
Type
Agent configuration function, global scope.
Syntax
int SM_EXTERN Sm_PolicyApi_GetHostConfig ( void* pSessionHandle, const char* pszHostConfigOid, Sm_PolicyApi_HostConfig_t** ppstructHostConfig );
Parameter |
I/O |
Description |
---|---|---|
pSessionHandle |
I |
A pointer to an internal Policy Management API data structure. The structure holds information about the administrator session and the client session. |
pszHostConfigOid |
I |
Unique identifier of the host configuration object to retrieve. |
ppstructHostConfig |
O |
Address of a pointer to a structure that defines the host configuration object. The function allocates the structure. |
Returns
Retrieves an existing host configuration object.
Type
Agent configuration function, global scope.
Syntax
int SM_EXTERN Sm_PolicyApi_GetHostConfigByName ( void* pSessionHandle, const char* pszHostConfigName, Sm_PolicyApi_HostConfig_t** ppstructHostConfig );
Parameter |
I/O |
Description |
---|---|---|
pSessionHandle |
I |
A pointer to an internal Policy Management API data structure. The structure holds information about the administrator session and the client session. |
pszHostConfigName |
I |
Unique name of the host configuration object to retrieve. |
ppstructHostConfig |
O |
Address of a pointer to a structure that defines the host configuration object. The function allocates the structure. |
Returns
Gets a message consumer plugin setting from a SAML 1.x authentication scheme.
Syntax
int SM_EXTERN Sm_PolicyApi_GetMessageConsumerPluginFromSAML1xScheme( void* pHandle, char* pszSchemeOID, char** pluginClass, char** pluginParam );
Parameters
[in] A pointer to an internal Policy Management API data structure. The structure holds information about the administrator session and the client session.
[in] A pointer to the OID of the authentication scheme that is being updated.
[out] A pointer to the name of the plugin class to be read in from the authentication scheme,
[out] A pointer to the parameters of the plugin class to be read in from the authentication scheme.
Returns
Gets the contents of the ODBC Query Scheme object identified by pszODBCQuerySchemeOid.
The results of this function are returned in a structure referenced by pstructODBCQueryScheme. Free the memory allocated for this structure calling Sm_PolicyApi_FreeMemoryEx().
Type
ODBC query scheme function, global scope.
Syntax
int SM_EXTERN Sm_PolicyApi_GetODBCQueryScheme ( void* pSessionHandle, const char* pszODBCQuerySchemeOid, Sm_PolicyApi_ODBCQueryScheme_t** pstructODBCQueryScheme );
Parameter |
I/O |
Description |
---|---|---|
pSessionHandle |
I |
A pointer to an internal Policy Management API data structure. The structure holds information about the administrator session and the client session. |
pszODBCQuerySchemeOid |
I |
A null-terminated string containing the object identifier of an existing ODBC Query Scheme. |
pstructODBCQueryScheme |
O |
The address of a pointer to a ODBC query scheme. |
Returns
Gets the contents of the ODBC Query Scheme object identified by pszODBCQuerySchemeName.
The results of this function are returned in a structure referenced by pstructODBCQueryScheme. Free the memory allocated for this structure calling Sm_PolicyApi_FreeMemoryEx().
Type
ODBC query scheme function, global scope.
Syntax
int SM_EXTERN Sm_PolicyApi_GetODBCQuerySchemeByName ( void* pSessionHandle, const char* pszODBCQuerySchemeName, Sm_PolicyApi_ODBCQueryScheme_t** pstructODBCQueryScheme );
Parameter |
I/O |
Description |
---|---|---|
pSessionHandle |
I |
A pointer to an internal Policy Management API data structure. The structure holds information about the administrator session and the client session. |
pszODBCQuerySchemeName |
I |
A null-terminated string containing the name of an existing ODBC Query Scheme. |
pstructODBCQueryScheme |
O |
The address of a pointer to a ODBC query scheme. |
Returns
Retrieves the value of the OneTimeUse property for an assertion in a SAML 1.x affiliate.
Syntax
int SM_EXTERN Sm_PolicyApi_GetOneTimeUsePropFromAffiliate( void* pHandle, char* pszAffiliateOID, bool &bOneTimeUse );
Parameters
[in] A pointer to an internal Policy Management API data structure. The structure holds information about the administrator session and the client session.
[in] A pointer to the OID of an existing SMAL 1.x affiliate.
[in] A Boolean value that specifies whether an assertion is used only once in this affiliate.
Returns
Gets information about an error that occurred during an attempt to validate a new password.
Call this function when Sm_PolicyApi_SetPassword() returns the error code Sm_PolicyApi_InvalidPasswordSyntax.
Type
User and user state function.
Syntax
int SM_EXTERN Sm_PolicyApi_GetPasswordMsg ( void* pSessionHandle, const char* pszPasswordMsg, unsigned int* nVersion, unsigned int* nMsgId, unsigned int* nArgs, Sm_PolicyApi_PasswordMsgField_t** ppStructMsgField );
Parameter |
I/O |
Description |
---|---|---|
pSessionHandle |
I |
A pointer to an internal Policy Management API data structure. The structure holds information about the administrator session and the client session. |
pszPasswordMsg |
I |
Encoded error message returned in the pszErrMsg parameter of the function Sm_PolicyApi_SetPassword(). |
nVersion |
O |
The version of the SiteMinder password services. |
nMsgId |
O |
The password services message identifier retrieved for the encoded error message. Message identifiers are enumerated in Sm_PolicyApi_PasswordMsgId_t. |
nArgs |
O |
The number of fields in the Sm_PolicyApi_PasswordMsgField_t structure referenced by ppStructMsgField. |
ppStructMsgField |
O |
The address of a pointer to an Sm_PolicyApi_PasswordMsgField_t structure containing the password error message information. |
Remarks
SiteMinder password services errors contain a unique message identifier. A message identifier (enumerated in Sm_PolicyApi_PasswordMsgId_t) is returned in the nMsgId parameter of the function Sm_PolicyApi_GetPasswordMsg().
Further, each message identifier is associated with additional information about the error. This additional information is referenced by a field identifier (enumerated in Sm_PolicyApi_PasswordMsgFieldId_t).
For example, suppose an administrator sets the minimum length of a password to seven characters. If a user tries to validate a new password containing just six characters, the following events can occur:
Field |
Value and Meaning |
---|---|
iStructId |
Sm_PolicyApi_PasswordMsgField_ID. The error information relates to a password policy. |
nId |
Sm_PolicyApi_PasswordMsgField_Id_Min. The error violates a minimum character requirement for the password (the minimum password length). |
nType |
Sm_PolicyApi_FieldType_Int. The error description is an integer, so nValue is filled and pszMsg is not. |
pszMsg |
"". Not applicable to this error. |
nValue |
7. The minimum password length. The length of the requested password was less than this value. |
Gets the contents of a password policy object.
Type
Password policy function, global scope.
Syntax
int SM_EXTERN Sm_PolicyApi_GetPasswordPolicy ( void* pSessionHandle, const char* pszPasswordPolicyOid, Sm_PolicyApi_PasswordPolicy_t** ppstructPasswordPolicy );
Parameter |
I/O |
Description |
---|---|---|
pSessionHandle |
I |
A pointer to an internal Policy Management API data structure. The structure holds information about the administrator session and the client session. |
pszPassword |
I |
A null-terminated string containing the object identifier of the password policy. |
ppstruct |
O |
The address of a pointer to Sm_PolicyApi_PasswordPolicy_t. |
Returns
Gets the contents of a password policy object.
Type
Password policy function, global scope.
Syntax
int SM_EXTERN Sm_PolicyApi_GetPasswordPolicyByName ( void* pSessionHandle, const char* pszPasswordPolicyName, Sm_PolicyApi_PasswordPolicy_t** ppstructPasswordPolicy );
Parameter |
I/O |
Description |
---|---|---|
pSessionHandle |
I |
A pointer to an internal Policy Management API data structure. The structure holds information about the administrator session and the client session. |
pszPassword |
I |
A null-terminated string containing the name of the password policy. |
ppstruct |
O |
The address of a pointer to Sm_PolicyApi_PasswordPolicy_t. |
Returns
Gets the contents of the policy identified by pszPolicyOid.
The results of this function are returned in a structure referenced by ppstructPolicy. Free the memory allocated for this structure by calling Sm_PolicyApi_FreeMemoryEx().
Type
Policy function, domain scope.
Syntax
int SM_EXTERN Sm_PolicyApi_GetPolicy ( void* pSessionHandle, const char* pszPolicyOid, Sm_PolicyApi_Policy_t** ppstructPolicy );
Parameter |
I/O |
Description |
---|---|---|
pSessionHandle |
I |
A pointer to an internal Policy Management API data structure. The structure holds information about the administrator session and the client session. |
pszPolicyOid |
I |
A null-terminated string containing the object identifier of an existing policy. |
ppstructPolicy |
O |
The address of a pointer to a policy structure. |
Returns
Gets the contents of the policy identified by pszPolicyName and the corresponding pszDomainOid of the Domain in which the policy exists.
The results of this function are returned in a structure referenced by ppstructPolicy. Free the memory allocated for this structure by calling Sm_PolicyApi_FreeMemoryEx().
Type
Policy function, domain scope.
Syntax
int SM_EXTERN Sm_PolicyApi_GetPolicyByName ( void* pSessionHandle, const char* szDomainOid, const char* pszPolicyName, Sm_PolicyApi_Policy_t** ppstructPolicy );
Parameter |
I/O |
Description |
---|---|---|
pSessionHandle |
I |
A pointer to an internal Policy Management API data structure. The structure holds information about the administrator session and the client session. |
szDomainOid |
I |
A null-terminated string containing the object identifier of an existing domain. |
pszPolicyName |
I |
A null-terminated string containing the name of an existing policy. |
ppstructPolicy |
O |
The address of a pointer to a policy structure. |
Returns
Returns a linked list of all of the policy links that are associated with the policy identified by pszPolicyOid.
The linked list returned is referenced by the ppstructPolicyLink structure. Free the memory allocated to these structures by calling Sm_PolicyApi_FreeMemoryEx().
Type
Policy function, domain scope.
Syntax
int SM_EXTERN Sm_PolicyApi_GetPolicyLinks ( void* pSessionHandle, const char* pszPolicyOid, Sm_PolicyApi_PolicyLink_t** ppstructPolicyLink );
Parameter |
I/O |
Description |
---|---|---|
pSessionHandle |
I |
A pointer to an internal Policy Management API data structure. The structure holds information about the administrator session and the client session. |
pszPolicyOid |
I |
A null-terminated string containing the object identifier of an existing policy. |
ppstructPolicyLink |
O |
The address of a policy link structure. |
Returns
Returns a linked list of Sm_PolicyApi_User_t structures corresponding to the users who are associated with the policy identified by pszPolicyOid and who optionally belong to the user directory identified by pszUserDirOid. Free the memory allocated for this structure by calling Sm_PolicyApi_FreeMemoryEx().
Type
User and user state function.
Syntax
int SM_EXTERN Sm_PolicyApi_GetPolicyUsers ( void* pSessionHandle, const char* pszPolicyOid, const char* pszUserDirOid, Sm_PolicyApi_User_t** ppStructUsers );
Parameter |
I/O |
Description |
---|---|---|
pSessionHandle |
I |
A pointer to an internal Policy Management API data structure. The structure holds information about the administrator session and the client session. |
pszPolicyOid |
I |
A null-terminated string containing the object identifier of an existing policy. |
pszUserDirOid |
I |
A null-terminated string containing the object identifier of an existing user directory. This parameter is optional. If it is empty, the function returns all the policy users under the specified policy. If it is specified, the function returns policy users who belong to this directory under the specified policy. |
ppStructUsers |
O |
The address of a pointer to a linked list of user structures. |
Returns
Gets the contents of the realm identified by pszRealmOid.
The results of this function are returned in a structure referenced by ppstructRealm. Free the memory allocated for this structure by calling Sm_PolicyApi_FreeMemoryEx().
Type
Realm function, domain scope.
Syntax
int SM_EXTERN Sm_PolicyApi_GetRealm ( void* pSessionHandle, const char* pszRealmOid, Sm_PolicyApi_Realm_t** ppstructRealm );
Parameter |
I/O |
Description |
---|---|---|
pSessionHandle |
I |
A pointer to an internal Policy Management API data structure. The structure holds information about the administrator session and the client session. |
pszRealmOid |
I |
A null-terminated string containing the object identifier of an existing realm. |
ppstructRealm |
O |
The address of a pointer to a realm structure. |
Returns
Gets the contents of the realm identified by pszRealmName, and the corresponding pszDomainOrParentRealmOid of the Domain in which the Realm exists, or the Oid of the Parent Realm in the case of a child Realm.
The results of this function are returned in a structure referenced by ppstructRealm. Free the memory allocated for this structure by calling Sm_PolicyApi_FreeMemoryEx().
Type
Realm function, domain scope.
Syntax
int SM_EXTERN Sm_PolicyApi_GetRealmByName ( void* pSessionHandle, const char* pszRealmOid, Sm_PolicyApi_Realm_t** ppstructRealm );
Parameter |
I/O |
Description |
---|---|---|
pSessionHandle |
I |
A pointer to an internal Policy Management API data structure. The structure holds information about the administrator session and the client session. |
szDomainOr |
I |
A null-terminated string containing the object identifier of an existing Domain or Realm |
pszRealmName |
I |
A null-terminated string containing the name of an existing realm. |
ppstructRealm |
O |
The address of a pointer to a realm structure. |
Returns
Retrieves a redirect URL setting from a SAML 1.x authentication scheme.
Syntax
int SM_EXTERN Sm_PolicyApi_GetRedirectURLFromSAML1xScheme( void* pSessionHandle, const char* pszSchemeOid, int iTypeURL, char** URL, int &redirectMode );
Parameters
[in] A pointer to an internal Policy Management API data structure. The structure holds information about the administrator session and the client session.
[in] A null-terminated string containing the object identifier of the authentication scheme being updated.
[in] An integer specifying the type of redirect URL, defined in Sm_PolicyAPI_SAML1_STATUS_REDIRECT_URL_TYPE_t as follows:
[out] A pointer to the redirect URL from the authentication scheme
[out] An integer specifying the input redirect mode, which is either 0 for 302 No Data, or 1 for Http-Post.
Return Values
Gets a registration scheme.
Type
Registration scheme function, global scope.
Syntax
int SM_EXTERN Sm_PolicyApi_GetRegistrationScheme ( void* pSessionHandle, const char* pszRegistrationSchemeOid, Sm_PolicyApi_RegistrationScheme_t** ppstructRegistrationScheme );
Parameter |
I/O |
Description |
---|---|---|
pSessionHandle |
I |
A pointer to an internal Policy Management API data structure. The structure holds information about the administrator session and the client session. |
pszRegistration |
I |
A null-terminated string containing the object identifier of the registration scheme. |
ppstruct |
O |
The address of a pointer to Sm_PolicyApi_RegistrationScheme_t. |
Returns
Gets a registration scheme.
Type
Registration scheme function, global scope.
Syntax
int SM_EXTERN Sm_PolicyApi_GetRegistrationSchemeByName ( void* pSessionHandle, const char* pszRegistrationSchemeName, Sm_PolicyApi_RegistrationScheme_t** ppstructRegistrationScheme );
Parameter |
I/O |
Description |
---|---|---|
pSessionHandle |
I |
A pointer to an internal Policy Management API data structure. The structure holds information about the administrator session and the client session. |
pszRegistration |
I |
A null-terminated string containing the name of the registration scheme. |
ppstruct |
O |
The address of a pointer to Sm_PolicyApi_RegistrationScheme_t. |
Returns
Gets a list of regular expressions belonging to the referenced password policy. Implemented only if the session's version is set to SM_POLICY_API_VERSION_6_0.
Type
Regular Expression function.
Syntax
int SM_EXTERN Sm_PolicyApi_GetRegularExpressions ( void* pSessionHandle, const char* pszPasswordPolicyOid, Sm_PolicyApi_RegularExpression_t** ppstructRegExpr );
Parameter |
I/O |
Description |
---|---|---|
pSessionHandle |
I |
A pointer to an internal Policy Management API data structure. The structure holds information about the administrator session and the client session. |
pszPassword |
I |
The OID of the password policy. |
ppstructRegExpr |
O |
Pointer to a linked list of regular expressions belonging to the referenced password policy. |
Returns
Gets the contents of the response identified by pszResponseOid.
The results of this function are returned in a structure referenced by ppstructResponse. Free the memory allocated for this structure by calling Sm_PolicyApi_FreeMemoryEx().
Type
Response function, domain scope.
Syntax
int SM_EXTERN Sm_PolicyApi_GetResponse ( void* pSessionHandle, const char* pszResponseOid, Sm_PolicyApi_Response_t** ppstructResponse );
Parameter |
I/O |
Description |
---|---|---|
pSessionHandle |
I |
A pointer to an internal Policy Management API data structure. The structure holds information about the administrator session and the client session. |
pszResponseOid |
I |
A null-terminated string containing the object identifier of an existing response. |
ppstructResponse |
O |
The address of a pointer to a response structure. |
Returns
Gets the contents of the response identified by pszResponseName and the corresponding pszDomainOid of the Domain in which the response exists.
The results of this function are returned in a structure referenced by ppstructResponse. Free the memory allocated for this structure by calling Sm_PolicyApi_FreeMemoryEx().
Type
Response function, domain scope.
Syntax
int SM_EXTERN Sm_PolicyApi_GetResponseByName ( void* pSessionHandle, const char* szDomainOid, const char* pszResponseName, Sm_PolicyApi_Response_t** ppstructResponse );
Parameter |
I/O |
Description |
---|---|---|
pSessionHandle |
I |
A pointer to an internal Policy Management API data structure. The structure holds information about the administrator session and the client session. |
szDomainOid |
|
A null-terminated string containing the object identifier of an existing Domain. |
pszResponseName |
I |
A null-terminated string containing the name of an existing response. |
ppstructResponse |
O |
The address of a pointer to a response structure. |
Returns
Retrieves a linked list of the response attributes that are associated with the response identified by pszResponseOid.
The linked list that is returned is referenced by the ppstructResponseAttr structure. Free the memory allocated for this structure by calling Sm_PolicyApi_FreeMemoryEx().
Type
Response function, domain scope.
Syntax
int SM_EXTERN Sm_PolicyApi_GetResponseAttrs ( void* pSessionHandle, const char* pszResponseOid, Sm_PolicyApi_ResponseAttr_t** ppstructResponseAttr );
Parameter |
I/O |
Description |
---|---|---|
pSessionHandle |
I |
A pointer to an internal Policy Management API data structure. The structure holds information about the administrator session and the client session. |
pszResponseOid |
I |
A null-terminated string containing the object identifier of an existing response. |
ppstructResponseAttr |
O |
A pointer to a response attribute structure. |
Returns
Gets the contents of the rule identified by pszRuleOid.
The results are returned in a structure referenced by ppstructRule. Free the memory allocated for this structure by calling Sm_PolicyApi_FreeMemoryEx().
Type
Rule function, domain scope.
Syntax
int SM_EXTERN Sm_PolicyApi_GetRule ( void* pSessionHandle, const char* pszRuleOid, Sm_PolicyApi_Rule_t** ppstructRule );
Parameter |
I/O |
Description |
---|---|---|
pSessionHandle |
I |
A pointer to an internal Policy Management API data structure. The structure holds information about the administrator session and the client session. |
pszRuleOid |
I |
A null-terminated string containing the object identifier of an existing rule. |
ppstructRule |
O |
The address of a pointer to a Sm_PolicyApi_Rule_t structure. |
Returns
Gets the contents of the rule identified by pszRuleName.
The results are returned in a structure referenced by ppstructRule. Free the memory allocated for this structure by calling Sm_PolicyApi_FreeMemoryEx().
Type
Rule function, domain scope.
Syntax
int SM_EXTERN Sm_PolicyApi_GetRuleByName ( void* pSessionHandle, const char* szRealmOid, const char* pszRuleName, Sm_PolicyApi_Rule_t** ppstructRule );
Parameter |
I/O |
Description |
---|---|---|
pSessionHandle |
I |
A pointer to an internal Policy Management API data structure. The structure holds information about the administrator session and the client session. |
szRealmOid |
I |
A null-terminated string containing the object identifier of an existing Realm. |
pszRuleName |
I |
A null-terminated string containing the name of an existing rule. |
ppstructRule |
O |
The address of a pointer to a Sm_PolicyApi_Rule_t structure. |
Returns
Retrieves the SAML affiliation specified by its object identifier in the policy store.
Type
SAML 2.0 Configuration function, global scope.
Syntax
int SM_EXTERN Sm_PolicyApi_GetSAMLAffiliation ( void* pSessionHandle, const char* pszAffiliationOid, Sm_PolicyApi_SAMLAffiliation_t** ppstructAffiliation );
Parameter |
I/O |
Description |
---|---|---|
pSessionHandle |
I |
A pointer to an internal Policy Management API data structure. The structure holds information about the administrator session and the client session. |
pszAffiliationOid |
I |
A null-terminated string containing the policy store object identifier of an existing SAML affiliation. |
ppstruct |
O |
The address of a pointer to a SAML affiliation structure. |
Returns
Retrieves the SAML affiliation specified by its unique affiliation identifier (URI).
Type
SAML 2.0 Configuration function, global scope.
Syntax
int SM_EXTERN Sm_PolicyApi_GetSAMLAffiliationById ( void* pSessionHandle, const char* pszAffiliationID, Sm_PolicyApi_SAMLAffiliation_t** ppstructAffiliation );
Parameter |
I/O |
Description |
---|---|---|
pSessionHandle |
I |
A pointer to an internal Policy Management API data structure. The structure holds information about the administrator session and the client session. |
pszAffiliationID |
I |
A null-terminated string containing the unique affiliation identifier of an existing SAML affiliation. The affiliation identifier is specified in SAML_KEY_AFFILIATION_ID. |
ppstruct |
O |
The address of a pointer to a SAML affiliation structure. |
Returns
Retrieves information about a SAML 2.0 authentication scheme and the metadata properties of the associated Identity Provider.
Type
SAML 2.0 Configuration function, global scope.
Syntax
int SM_EXTERN Sm_PolicyApi_GetSAMLScheme ( void* pHandle, const char* pszSchemeOid, Sm_PolicyApi_Scheme_t** ppstructScheme, Sm_PolicyApi_SAMLProviderProp_t** ppProps );
Parameter |
I/O |
Description |
---|---|---|
pHandle |
I |
A pointer to an internal Policy Management API data structure. The structure holds information about the administrator session and the client session. |
pszSchemeOid |
I |
A null-terminated string containing the object identifier of an existing SAML authentication scheme. |
ppstructScheme |
O |
The address of a pointer to a SAML authentication scheme structure. |
ppProps |
O |
The address of a pointer to a SAML 2.0 metadata properties structure. For information about these properties, see SAML 2.0 Authentication Scheme Properties. |
Returns
Retrieves the Service Provider specified by its object identifier in the policy store.
Type
SAML 2.0 Configuration function, domain scope.
Syntax
int SM_EXTERN Sm_PolicyApi_GetSAMLServiceProvider ( void* pSessionHandle, const char* pszProviderOid, Sm_PolicyApi_SAMLSP_t** pstructSAMLSP );
Parameter |
I/O |
Description |
---|---|---|
pSessionHandle |
I |
A pointer to an internal Policy Management API data structure. The structure holds information about the administrator session and the client session. |
pszProviderOid |
I |
A null-terminated string containing the policy store object identifier of an existing Service Provider. |
ppstructSAMLSP |
O |
The address of a pointer to a Service Provider structure. |
Returns
Retrieves the Service Provider specified by its unique provider identifier.
Type
SAML 2.0 Configuration function, domain scope
Syntax
int SM_EXTERN Sm_PolicyApi_GetSAMLServiceProvider ( void* pSessionHandle, const char* pszProviderId, Sm_PolicyApi_SAMLSP_t** pstructSAMLSP );
Parameter |
I/O |
Description |
---|---|---|
pSessionHandle |
I |
A pointer to an internal Policy Management API data structure. The structure holds information about the administrator session and the client session. |
pszProviderId |
I |
A null-terminated string containing the unique provider identifier of an existing Service Provider. The provider identifier is specified in SAML_KEY_SPID. |
ppstructSAMLSP |
O |
The address of a pointer to a Service Provider structure. |
Returns
Retrieves the user directory entries associated with the specified Service Provider.
Type
SAML 2.0 Configuration function, domain scope.
Syntax
int SM_EXTERN Sm_PolicyApi_GetSAMLServiceProviderUsers ( void* pSessionHandle, const char* pszProviderOid, const char* pszUserDirOid, Sm_PolicyApi_User_t** ppStructUsers );
Parameter |
I/O |
Description |
---|---|---|
pSessionHandle |
I |
A pointer to an internal Policy Management API data structure. The structure holds information about the administrator session and the client session. |
pszProviderOid |
I |
A null-terminated string containing the policy store object identifier of an existing Service Provider. |
pszUserDirOid |
I |
A null-terminated string containing the policy store object identifier of an existing user. |
ppStructUsers |
O |
The address of a pointer to user structures. |
Returns
Gets the contents of the authentication scheme identified by pszSchemeOid. The results of this function are returned in a structure referenced by ppstructScheme.
Free the memory allocated for this structure by calling Sm_PolicyApi_FreeMemoryEx().
Type
Authentication scheme function, global scope.
Syntax
int SM_EXTERN Sm_PolicyApi_GetScheme ( void* pSessionHandle, const char* pszSchemeOid, Sm_PolicyApi_Scheme_t** ppstructScheme );
Parameter |
I/O |
Description |
---|---|---|
pSessionHandle |
I |
A pointer to an internal Policy Management API data structure. The structure holds information about the administrator session and the client session. |
pszSchemeOid |
I |
A null-terminated string containing the object identifier of an existing scheme. |
ppstructScheme |
O |
The address of a pointer to a scheme structure. |
Returns
Gets the contents of the authentication scheme identified by pszSchemeName. The results of this function are returned in a structure referenced by ppstructScheme.
Free the memory allocated for this structure by calling Sm_PolicyApi_FreeMemoryEx().
Type
Authentication scheme function, global scope.
Syntax
int SM_EXTERN Sm_PolicyApi_GetSchemeByName ( void* pSessionHandle, const char* pszSchemeName, Sm_PolicyApi_Scheme_t** ppstructScheme );
Parameter |
I/O |
Description |
---|---|---|
pSessionHandle |
I |
A pointer to an internal Policy Management API data structure. The structure holds information about the administrator session and the client session. |
pszSchemeName |
I |
A null-terminated string containing the name of an existing scheme. |
ppstructScheme |
O |
The address of a pointer to a scheme structure. |
Returns
Gets the current SharedSecretPolicy.
Returns the current shared secret policy object. There will always be exactly one such object, so it is not necessary to specify its OID.
Type
Agent configuration.
Syntax
int SM_EXTERN Sm_PolicyApi_GetSharedSecretPolicy ( void* pSessionHandle, Sm_PolicyApi_SharedSecretPolicy_t** ppstructSecretPolicy );
Parameter |
I/O |
Description |
---|---|---|
pSessionHandle |
I |
The current Policy API session handle. |
ppstructSecret |
I/O |
Address of pointer to shared secret policy structure |
Returns
Retrieves a target configuration setting from a SAML 1.x authentication scheme.
Syntax
The Sm_PolicyApi_GetTargetConfigFromSAML1xScheme function has the following syntax:
int SM_EXTERN Sm_PolicyApi_GetTargetConfigFromSAML1xScheme( void* pHandle, const char* pszSchemeOid, char** pszDefaultTarget, int* iQPOverridesTarget );
Parameters
The Sm_PolicyApi_GetTargetConfigFromSAML1xScheme function accepts the following parameters:
[in] A pointer to an internal Policy Management API data structure. The structure holds information about the administrator session and the client session.
[in] A null-terminated string containing the object identifier of the authentication scheme being updated.
[out] Specifies the target configuration. The calling program must free up this memory by calling the Sm_PolicyApi_FreeMemory() function.
[out] Specifies the value of the 'Query parameter override Default Target' check box. The calling program is responsible for passing allocated memory.
Return Values
The Sm_PolicyApi_GetTargetConfigFromSAML1xScheme function returns one of the following values:
Retrieves an existing trusted host object.
Type
Agent configuration function, global scope.
Syntax
int SM_EXTERN Sm_PolicyApi_GetTrustedHost ( void* pSessionHandle, const char* pszTrustedHostOid, Sm_PolicyApi_TrustedHost_t** ppstructTrustedHost );
Parameter |
I/O |
Description |
---|---|---|
pSessionHandle |
I |
A pointer to an internal Policy Management API data structure. The structure holds information about the administrator session and the client session. |
pszTrustedHostOid |
I |
Unique identifier of the trusted host object to retrieve. |
ppstructTrustedHost |
O |
Address of a pointer to a structure that defines the trusted host object. The function allocates the structure. |
Returns
Retrieves an existing trusted host object.
Type
Agent configuration function, global scope.
Syntax
int SM_EXTERN Sm_PolicyApi_GetTrustedHostByName ( void* pSessionHandle, const char* pszTrustedHostName, Sm_PolicyApi_TrustedHost_t** ppstructTrustedHost );
Parameter |
I/O |
Description |
---|---|---|
pSessionHandle |
I |
A pointer to an internal Policy Management API data structure. The structure holds information about the administrator session and the client session. |
pszTrustedHostName |
I |
Unique name of the trusted host object to retrieve. |
ppstructTrustedHost |
O |
Address of a pointer to a structure that defines the trusted host object. The function allocates the structure. |
Returns
Retrieves the value of the UseSecureAuthURL property from a SAML 1.x affiliate.
Syntax
int SM_EXTERN Sm_PolicyApi_GetUseSecureAuthPropFromAffiliate( void* pHandle, char* pszAffiliateOID, bool &bUseSecureAuthURL );
Parameters
[in] A pointer to an internal Policy Management API data structure. The structure holds information about the administrator session and the client session.
[in] A pointer to the OID of an existing SMAL 1.x affiliate.
[in] A Boolean value that specifies whether to use a secure authentication URL for this affiliate.
Returns
Allows callers of the Policy Management API to access user context information.
Type
User directory function, global scope.
Syntax
int SM_EXTERN Sm_PolicyApi_GetUserContext ( void *pSessionHandle, const char *lpszUserDirOid, const char *lpszUserPath, const char *lpszSessionID, Sm_PolicyApi_UserContext_t **ppPolicyApiUserContext); );
Parameter |
I/O |
Description |
---|---|---|
pSessionHandle |
I |
A pointer to an internal Policy Management API data structure. The structure holds information about the administrator session and the client session. |
lpszUserDirOid |
I |
A null-terminated string containing the object identifier of the user directory for the user specified in lpszUserPath. |
lpszUserPath |
I |
The distinguished name of the user. |
lpszSessionID |
I |
A unique identifier of the session. After a successful login, the session ID is returned in the lpszSessionId field of the structure Sm_AgentApi_Session_t. If the session ID is not known, assign an empty string ("") to this parameter. |
ppPolicyApi |
O |
The user context information that SiteMinder passes to the function. |
Remarks
This function allows an application to access information about a user without having to connect to the underlying user directory. To retrieve the user information, the application calls the functions in the Sm_Api_UserContext_t structure, which is returned in ppPolicyApiUserContext.For example:
Important! After calling Sm_GetUserContext(), release the allocated memory by calling Sm_PolicyApi_FreeMemoryEx(). Otherwise, you can possibly see some Policy Server performance degradation.
Returns
Gets the contents of the user directory identified by pszUserDirOid.
The results of this function are returned in a structure referenced by ppstructUserDir. Free the memory allocated for this structure by calling Sm_PolicyApi_FreeMemoryEx().
Type
User directory function, global scope.
Syntax
int SM_EXTERN Sm_PolicyApi_GetUserDir ( void* pSessionHandle, const char* pszUserDirOid, Sm_PolicyApi_UserDir_t** ppstructUserDir );
Parameter |
I/O |
Description |
---|---|---|
pSessionHandle |
I |
A pointer to an internal Policy Management API data structure. The structure holds information about the administrator session and the client session. |
pszUserDirOid |
I |
A null-terminated string containing the object identifier of an existing user directory. |
ppstructUserDir |
O |
Address of a pointer to a user directory structure. |
Returns
Gets the contents of the user directory identified by pszUserDirName
The results of this function are returned in a structure referenced by ppstructUserDir. Free the memory allocated for this structure by calling Sm_PolicyApi_FreeMemoryEx().
Type
User directory function, global scope.
Syntax
int SM_EXTERN Sm_PolicyApi_GetUserDirByName ( void* pSessionHandle, const char* pszUserDirName, Sm_PolicyApi_UserDir_t** ppstructUserDir );
Parameter |
I/O |
Description |
---|---|---|
pSessionHandle |
I |
A pointer to an internal Policy Management API data structure. The structure holds information about the administrator session and the client session. |
pszUserDirName |
I |
A null-terminated string containing the name of an existing user directory. |
ppstructUserDir |
O |
Address of a pointer to a user directory structure. |
Returns
Retrieves the user directory capabilities.
The user directory capabilities are enumerated in Sm_DirectoryCapability_t in SmApi.h.
Type
User directory function, global scope.
Syntax
int SM_EXTERN Sm_PolicyApi_GetUserDirCapabilities ( void* pSessionHandle, const char* pszUserDirOid, unsigned long* pCapabilities );
Parameter |
I/O |
Description |
---|---|---|
pSessionHandle |
I |
A pointer to an internal Policy Management API data structure. The structure holds information about the administrator session and the client session. |
pszUserDirOid |
I |
A null-terminated string containing the object identifier of the user directory where the lookup has to be performed. |
pCapabilities |
O |
The address of a pointer to an unsigned long that will hold information about directory capability. Directory capabilities are enumerated in Sm_DirectoryCapability_t, which is defined in the header file SmApi.h. See Figure 12 on page 103. |
Returns
Retrieves the OIDs of the user directory objects that are associated with the domain identified by pszDomainOid.
The retrieved list of OIDs is stored in the pszArray string array in the order in that they are searched by SiteMinder. Free the memory allocated for this structure by calling Sm_PolicyApi_FreeStringArray().
Type
User directory function, global scope.
Syntax
int SM_EXTERN Sm_PolicyApi_GetUserDirSearchOrder ( void* pSessionHandle, const char* pszDomainOid, char** pszArray[] );
Parameter |
I/O |
Description |
---|---|---|
pSessionHandle |
I |
A pointer to an internal Policy Management API data structure. The structure holds information about the administrator session and the client session. |
pszDomainOid |
I |
A null-terminated string containing the object identifier of an existing domain. |
pszArray |
O |
The returned array of user directory OIDs of the requested objects. |
Returns
Gets the list of groups that a user is member of.
Type
User and user state function.
Syntax
int SM_EXTERN Sm_PolicyApi_GetUserGroups ( void * pSessionHandle, const char * pszUserDirOid, const char * pszUserDN, const bool bRecursive, char** pszGroups[] );
Parameter |
I/O |
Description |
---|---|---|
pSessionHandle |
I |
A pointer to an internal Policy Management API data structure. The structure holds information about the administrator session and the client session. |
pszUserDirOid |
I |
The user's object identifier. |
pszUserDN |
I |
The user's distinguished name. |
bRecursive |
I |
Value indicating whether to search just one level or all levels. If you specify True, all levels are searched. |
pszGroups |
O |
Array that will contain the groups that the user belongs to. Free the memory allocated for the array by calling Sm_PolicyApi_FreeStringArray(). |
Returns
Returns Sm_Api_UserPasswordState_t. The memory for the Sm_Api_UserPasswordState_t object should be allocated by the calling function.
Type
Password state function.
Syntax
int SM_EXTERN Sm_PolicyApi_GetUserPasswordState ( void *pSessionHandle, const char *pszUserDirOid, const char *pszUserDN, Sm_PolicyApi_UserPasswordState_t *pPasswordState );
Parameter |
I/O |
Description |
---|---|---|
pSessionHandle |
I |
A pointer to an internal Policy Management API data structure. The structure holds information about the administrator session and the client session. |
pszUserDirOid |
I |
Unique object identifier that corresponds to a particular User Directory. |
pszUserDN |
I |
Specifies the DN of the user within the user directory. |
pPasswordState |
O |
The user password state object. |
Returns
Gets the user directory entries associated with a WS-Federation Resource Partner.
Syntax
int SM_EXTERN Sm_PolicyApi_GetUsersFromWSFEDResourcePartner ( void* pSessionHandle, const char * pszProviderOid, const char * pszUserPolicyOid, Sm_PolicyApi_User_t ** ppStructUsers );
Parameters
[in] A pointer to an internal Policy Management API data structure. The structure holds information about the administrator session and the client session.
[in] A null-terminated string containing the object identifier of an existing WS-Federation Resource Partner.
[in] A null-terminated string containing the object identifier of an existing policy user.
[out] The address of a pointer to a linked list of user structures.
Return Values
Gets a specified variable.
The results of this function are returned in a structure referenced by ppstructVariable. Free the memory allocated for this structure by calling Sm_PolicyApi_FreeMemoryEx().
Type
Variable function.
Syntax
int SM_EXTERN Sm_PolicyApi_GetVariable ( void* pSessionHandle, const char* pszVariableOid, Sm_PolicyApi_Variable_t** ppstructVariable );
Parameter |
I/O |
Description |
---|---|---|
pSessionHandle |
I |
A pointer to an internal Policy Management API data structure. The structure holds information about the administrator session and the client session. |
pszVariableOid |
I |
Unique object identifier that corresponds to a variable. |
ppstructVariable |
O |
The address of a pointer to a variable structure. |
Returns
Gets a specified variable.
The results of this function are returned in a structure referenced by ppstructVariable. Free the memory allocated for this structure by calling Sm_PolicyApi_FreeMemoryEx().
Type
Variable function.
Syntax
int SM_EXTERN Sm_PolicyApi_GetVariableByName ( void* pSessionHandle, const char* pszVariableName, Sm_PolicyApi_Variable_t** ppstructVariable );
Parameter |
I/O |
Description |
---|---|---|
pSessionHandle |
I |
A pointer to an internal Policy Management API data structure. The structure holds information about the administrator session and the client session. |
pszDomainOid |
I |
A null-terminated string containing the object identifier of an existing Domain. |
pszVariableName |
I |
Unique name that corresponds to a variable. |
ppstructVariable |
O |
The address of a pointer to a variable structure. |
Returns
Gets a specified variable type.
The results of this function are returned in a structure referenced by ppstructVariable. Free the memory allocated for this structure by calling Sm_PolicyApi_FreeMemoryEx().
Type
Variable function.
Syntax
int SM_EXTERN Sm_PolicyApi_GetVariableType ( void* pSessionHandle, const char* pszVariableTypeOid, Sm_PolicyApi_VariableType_t** ppstructVariableType );
Parameter |
I/O |
Description |
---|---|---|
pSessionHandle |
I |
A pointer to an internal Policy Management API data structure. The structure holds information about the administrator session and the client session. |
pszVariableOid |
I |
Unique object identifier that corresponds to a variable type. |
ppstructVariable |
O |
The address of a pointer to a variable structure. |
Returns
Gets a specified variable type.
The results of this function are returned in a structure referenced by ppstructVariable. Free the memory allocated for this structure by calling Sm_PolicyApi_FreeMemoryEx().
Type
Variable function.
Syntax
int SM_EXTERN Sm_PolicyApi_GetVariableTypeByName ( void* pSessionHandle, const char* pszVariableTypeName, Sm_PolicyApi_VariableType_t** ppstructVariableType );
Parameter |
I/O |
Description |
---|---|---|
pSessionHandle |
I |
A pointer to an internal Policy Management API data structure. The structure holds information about the administrator session and the client session. |
pszVariableName |
I |
Unique name that corresponds to a variable type. |
ppstructVariable |
O |
The address of a pointer to a variable structure. |
Returns
Gets an existing Resource Partner object.
Syntax
int SM_EXTERN Sm_PolicyApi_GetWSFEDResourcePartner ( void* pSessionHandle, const char * pszProviderOid; Sm_PolicyApi_WSFEDResourcePartner_t** pstructServiceProvider );
Parameters
[in] A pointer to an internal Policy Management API data structure. The structure holds information about the administrator session and the client session.
[in] A null-terminated string containing the object identifier of an existing WS-Federation Resource Partner.
[out] The address of the pointer to WS-Federation Resource Partner structure.
Return Values
Gets an existing WSFED authentication scheme object.
Syntax
int SM_EXTERN Sm_PolicyApi_GetWSFEDScheme ( void* pSessionHandle, const char * pszProviderOid, Sm_PolicyApi_Scheme_t** ppstructScheme, Sm_PolicyApi_WSFEDProviderProp_t** ppProps );
Parameters
[in] A pointer to an internal Policy Management API data structure. The structure holds information about the administrator session and the client session.
[in] A null-terminated string containing the object identifier of an existing WSFED auth scheme.
[out] The address of the pointer to SiteMinder auth scheme structure.
[out] The address of the pointer to linked list WSFED provider properties.
Return Values
Initializes the connection to the SiteMinder policy store and establishes the init handle.
You can specify an initialization flag that will affect the API's behavior.
This function must be called once per API client session. It must be the first function called in the session.
Type
Required function.
Syntax
int SM_EXTERN Sm_PolicyApi_Init ( void** ppInitHandle, const Sm_PolicyApi_InitFlags_t nInitFlag );
Parameter |
I/O |
Description |
---|---|---|
ppInitHandle |
O |
A pointer to an internal Policy Management API data structure that contains client session information. This init handle is returned on successful initialization and is used as an input parameter to every call to Sm_PolicyApi_Login() and Sm_PolicyApi_Release(). |
nInitFlag |
I |
Value affecting the behavior of the API. |
Returns
Initializes a connection to the SiteMinder policy store and establishes the init handle based on a supplied version.
Type
Required function.
Syntax
int SM_EXTERN Sm_PolicyApi_InitEx ( void** ppInitHandle, const Sm_PolicyApi_InitFlags_t nInitFlag, const unsigned version )
Parameter |
I/O |
Description |
---|---|---|
ppInitHandle |
O |
A pointer to an internal Policy Management API data structure that contains client session information. |
nInitFlag |
I |
Value affecting the behavior of the API. |
version |
I |
Version of the Policy Management API to initialize. |
Returns
Determines whether an item is a group.
Type
Group function, global scope (agents) or domain scope (responses, rules).
Syntax
int SM_EXTERN Sm_PolicyApi_IsGroup ( void* pSessionHandle, Sm_PolicyApi_Groups_t dwGroup, const char* pszOid, const char* pszDomainOid, bool* bIsGroup );
Parameter |
I/O |
Description |
---|---|---|
pSessionHandle |
I |
A pointer to an internal Policy Management API data structure. The structure holds information about the administrator session and the client session. |
dwGroup |
I |
Indicates the type of the object. |
pszOid |
I |
A null-terminated string containing the object identifier of the item to check. |
pszDomainOid |
I |
A null-terminated string containing the object identifier of an existing domain. |
bIsGroup |
O |
A pointer to a boolean value. true if the pszOid object is a group. |
Returns
After initialization, a successful call to Sm_PolicyApi_Login() is a prerequisite to making any further function calls. This function checks the administrator's login credentials (username and password). If the API detects an uninitialized or improperly initialized init handle, an error is generated. If the administrator is authenticated, the function initializes internal data structures and resources. Once the administrator is logged in, the Policy Server initializes a session handle, which is used as an input parameter to all the Policy Management API functions.
Internally, the session handle contains data structures and context information required for the operation of the Policy Management API, including the client session data (from the init handle) and the administrator session data. The data structures and context information are transparent to the caller.
You can call Sm_PolicyApi_Login() to initialize a session handle without checking the administrator's credentials or without specifying any administrator. To log in under either of these circumstances, set the parameter nCheckCreds to false. See the description of the nCheckCreds parameter for more information.
This function can be called more than once during the client session and depends on the successful initialization of the Policy Store connection.
Type
Required function.
Syntax
int SM_EXTERN Sm_PolicyApi_Login ( void* pInitHandle, void** ppSessionHandle, int nCheckCreds, const char* pszUserName, const char* pszPassword, const char* pszClientIP, char** pszUserMsg, char** pszErrMsg );
Parameter |
I/O |
Description |
---|---|---|
pInitHandle |
I |
A pointer to an internal Policy Management API data structure. This is the init handle returned by Sm_PolicyApi_Init(). |
ppSessionHandle |
O |
A pointer to an internal Policy Management API data structure (a different instance of the structure from pInitHandle). The structure contains administrator session data. The session handle is transparent to the caller. |
nCheckCreds |
I |
Flag indicating whether to check the credentials of the administrator, as follows:
|
pszUserName |
I |
User Name of the Policy Management API administrator. If you pass in an empty string ( "" ) and set nCheckCreds to false, no administrator name and password are required. The caller is granted all administrator rights. |
pszPassword |
I |
Password of the Policy Management API administrator. |
pszClientIP |
I |
IP address of the machine the administrator is logging from. |
pszUserMsg |
O |
User message returned by the Policy Management API. You release the memory allocated for this variable by calling Sm_PolicyApi_FreeString(). |
pszErrMsg |
O |
Error message returned by the Policy Management API. You release the memory allocated for this variable by calling Sm_PolicyApi_FreeString(). |
Returns
Example
See the Sm_PolicyApi_Login() call in the example application smpolicyapiexample.cpp.
Logs out an administrator session.
Type
Required function.
Syntax
int SM_EXTERN Sm_PolicyApi_Logout ( void* pSessionHandle );
Parameter |
I/O |
Description |
---|---|---|
pSessionHandle |
I |
The session handle that was returned by Sm_PolicyApi_Login() after successful login of the administrator. |
Returns
Looks up the user specification in a user directory.
pszSearchPattern holds the search pattern for the lookup. User directory searches vary for each type of user directory namespaces.
Type
User directory function, global scope.
Syntax
int SM_EXTERN Sm_PolicyApi_LookupDirectoryEntry ( void* pSessionHandle, const char* pszUserDirOid, const char* pszSearchPattern, Sm_PolicyApi_User_t** ppStructUserSpec );
Parameter |
I/O |
Description |
---|---|---|
pSessionHandle |
I |
A pointer to an internal Policy Management API data structure. The structure holds information about the administrator session and the client session. |
pszUserDirOid |
I |
A null-terminated string containing the object identifier of the user directory where lookup is to be performed. |
pszSearchPattern |
I |
A null-terminated string containing the search pattern for the lookup. Information about the search expression grammar for different namespace types appears in the section below. |
ppStructUserSpec |
O |
The address of a pointer to a user structure. |
The search in an LDAP user directory can be based on an attribute-value pair or on an LDAP search expression.
<attribute-name>=<value>
For example if <attribute-name> is disabled and <value> is 0, the LDAP search filter is:
Base:'o=airius.com',
Filter:
'(& (|(objectclass=organizationalPerson) (objectclass=inetOrgPerson) (objectclass=organization) (objectclass=organizationalUnit) (objectclass=groupOfNames) (objectclass=groupOfUniqueNames) (objectclass=group) ) (disabled=0) )'
Base:'o=airius.com',
Filter:
'(& (|(objectclass=organizationalPerson) (objectclass=inetOrgPerson) (objectclass=organization) (objectclass=organizationalUnit) (objectclass=groupOfNames) (objectclass=groupOfUniqueNames) (objectclass=group) ) (uid=user1111) )'
You can search in an ODBC user directory for users, groups, or both. The search is based on attribute-value pairs.
The format of pszSearchPattern is:
[ <class>= ] <value>
In the format example:
Returns
Performs user, key, and resource management activities.
The Policy Management API supports the types of management commands that are enumerated in Sm_PolicyApi_ManagementCommands_t.
Type
Utility function.
Syntax
int SM_EXTERN Sm_PolicyApi_ManagementCommand ( void* pSessionHandle, Sm_PolicyApi_ManagementCommand_t* pstructManagementCommand );
Parameter |
I/O |
Description |
---|---|---|
pSessionHandle |
I |
A pointer to an internal Policy Management API data structure. The structure holds information about the administrator session and the client session. |
pstructManagementCommand |
I |
The address of a pointer to a management command structure. |
Returns
Disconnects from the policy store and releases memory and resources held by the API.
This function must be the last function called by the API client session. This function must be called once per client session.
Note: Failure to call this function will result in a memory leak.
Type
Required function.
Syntax
int SM_EXTERN Sm_PolicyApi_Release(void* pInitHandle);
Parameter |
I/O |
Description |
---|---|---|
pInitHandle |
I |
The init handle that was returned by Sm_PolicyApi_Init() after successful initialization of the client session. |
Returns
This function always returns Sm_PolicyApi_Success.
Removes an administrator from an affiliate domain.
Type
Federation function
Syntax
int SM_EXTERN Sm_PolicyApi_RemoveAdminFromAffiliateDomain ( void* pSessionHandle, const char* pszAdminOid, const char* pszAffiliateDomainOid );
Parameter |
I/O |
Description |
---|---|---|
pSessionHandle |
I |
A pointer to an internal Policy Management API data structure. The structure holds information about the administrator session and the client session. |
pszAdminOid |
I |
A null-terminated string containing the object identifier of an existing administrator. |
pszAffiliate |
I |
A null-terminated string containing the object identifier of an existing affiliate domain. |
Returns
Disassociates the administrator object identified by pszAdminOid from the domain identified by szDomainOid.
Type
Administrator function, global scope.
Syntax
int SM_EXTERN Sm_PolicyApi_RemoveAdminFromDomain ( void* pSessionHandle, const char* pszAdminOid, const char* pszDomainOid );
Parameter |
I/O |
Description |
---|---|---|
pSessionHandle |
I |
A pointer to an internal Policy Management API data structure. The structure holds information about the administrator session and the client session. |
pszAdminOid |
I |
A null-terminated string containing the object identifier of an existing administrator. |
pszDomainOid |
I |
A null-terminated string containing the object identifier of an existing domain. |
Returns
Removes a configuration parameter name/value pair from the specified agent configuration object.
Type
Agent configuration function, global scope.
Syntax
int SM_EXTERN Sm_PolicyApi_RemoveAgentConfigAssociation ( void* pSessionHandle, const char* pszAssociationOid );
Parameter |
I/O |
Description |
---|---|---|
pSessionHandle |
I |
A pointer to an internal Policy Management API data structure. The structure holds information about the administrator session and the client session. |
pszAssociationOid |
I |
Unique identifier of the name/value pair to remove. |
Returns
Removes an existing indexed endpoint reference to an Assertion Consumer Service from the policy store. The index, binding type, and Assertion Consumer Service URL must match an existing Assertion Consumer Service.
Type
Federation function
Syntax
int SM_EXTERN Sm_PolicyApi_RemoveAssertionConsumerServiceToSAMLSP ( void* pSessionHandle, const Sm_PolicyApi_SAMLSPAssertionConsumerService_t* pstructSAMLSPAssertionConsumerService, const char* pszSAMLSPOid );
Parameter |
I/O |
Description |
---|---|---|
pSessionHandle |
I |
A pointer to an internal Policy Management API data structure. The structure holds information about the administrator session and the client session. |
pstructSAMLAssertionConsumerService |
I |
A pointer to an Assertion Consumer Service structure. |
pszSAMLSPOid |
I |
A pointer to a string containing the OID of the Service Provider. |
Returns
Removes an attribute from an affiliate.
Type
Federation function
Syntax
int SM_EXTERN Sm_PolicyApi_RemoveAttributeFromAffiliate ( void* pSessionHandle, const Sm_PolicyApi_AffiliateAttr_t* pstructAffiliateAttr, const char* pszAffiliateOid );
Parameter |
I/O |
Description |
---|---|---|
pSessionHandle |
I |
A pointer to an internal Policy Management API data structure. The structure holds information about the administrator session and the client session. |
pstructAffiliate |
I |
A pointer to an affiliate attribute structure. |
pszAffiliateOid |
I |
A null-terminated string containing the object identifier of an existing affiliate. |
Returns
Removes a configured attribute from a SAML authentication scheme.
Syntax
int SM_EXTERN Sm_PolicyApi_RemoveAttributeFromSAMLScheme( void* pHandle, const Sm_PolicyApi_Scheme_t* pstructScheme, const Sm_PolicyApi_SAMLRequesterAttr_t* pAttr );
Parameter |
I/O |
Description |
---|---|---|
pHandle |
I |
A pointer to an internal Policy Management API data structure. The structure holds information about the administrator session and the client session. |
pstructScheme |
I |
A pointer to a completely filled-in scheme structure. |
pAttr |
I |
A pointer to the Sm_PolicyApi_SAMLRequesterAttr_t structure containng the attribute to be removed. |
Returns
Removes the specified SAML attribute from the Service Provider.
Type
SAML 2.0 Configuration function, domain scope.
Syntax
int SM_EXTERN Sm_PolicyApi_RemoveAttributeFromSAMLSP ( void* pHandle, const Sm_PolicyApi_SAMLSPAttr_t* pstructSAMLSPAttr, const char* pszSAMLSPOid );
Parameter |
I/O |
Description |
---|---|---|
pHandle |
I |
A pointer to an internal Policy Management API data structure. The structure holds information about the administrator session and the client session. |
pstructSAMLSPAttr |
I |
A pointer to a SAML attribute structure |
pszSAMLSPOid |
I |
The Service Provider's object identifier in the policy store. |
Returns
Removes an item from a group.
The item and the group must exist and must be of the same type, and the item must be contained in the group.
The pszDomainOid parameter is required by rule and response groups. An agent group does not require a domain OID because it is not a domain-based object.
Type
Group function, global scope (agents) or domain scope (responses, rules).
Syntax
int SM_EXTERN Sm_PolicyApi_RemoveFromGroup ( void* pSessionHandle, Sm_PolicyApi_Groups_t dwGroup, const char* pszItemOid, const char* pszGroupOid, const char* pszDomainOid );
Parameter |
I/O |
Description |
---|---|---|
pSessionHandle |
I |
A pointer to an internal Policy Management API data structure. The structure holds information about the administrator session and the client session. |
dwGroup |
I |
Indicates the type of the group. |
pszItemOid |
I |
A null-terminated string containing the object identifier of an existing item; must be the same type as the group. |
pszGroupOid |
I |
A null-terminated string containing the object identifier of the group. |
pszDomainOid |
I |
A null-terminated string containing the object identifier of an existing domain. Required by rule and response groups. |
Returns
By removing the policy link identified by pszPolicyLinkOid from the policy identified by pszPolicyOid, this function effectively removes the rule from the policy.
A policy link object binds a policy to a rule and, optionally, a response.
Note: In releases prior to SiteMinder v4.5, the functionality provided by Sm_PolicyApi_RemovePolicyLinkFromPolicy() was provided by Sm_PolicyApi_RemoveRuleFromPolicy().
Type
Policy function, domain scope.
Syntax
int SM_EXTERN Sm_PolicyApi_RemovePolicyLinkFromPolicy ( void* pSessionHandle, const char* pszPolicyLinkOid, const char* pszPolicyOid );
Parameter |
I/O |
Description |
---|---|---|
pSessionHandle |
I |
A pointer to an internal Policy Management API data structure. The structure holds information about the administrator session and the client session. |
pszPolicyLinkOid |
I |
A null-terminated string containing the object identifier of an existing policy link under pszPolicyOid. |
pszPolicyOid |
I |
A null-terminated string containing the object identifier of an existing policy. |
Returns
Removes a Regular Expression from the referenced password policy. Implemented only if the session's version is set to SM_POLICY_API_VERSION_6_0.
Type
Regular Expression function.
Syntax
int SM_EXTERN Sm_PolicyApi_RemoveRegularExpressionFromPasswordPolicy( void* pSessionHandle, const char* pszRegularExpressionOid, const char* pszPasswordPolicyOid );
Parameter |
I/O |
Description |
---|---|---|
pSessionHandle |
I |
A pointer to an internal Policy Management API data structure. The structure holds information about the administrator session and the client session. |
pszRegular |
I |
The OID of the regular expression to be removed. |
pszPassword |
I |
The OID of the password policy to remove the expression from. |
Returns
Disassociates the response attribute defined by the pstructResponseAttr structure from the response identified by pszResponseAttrOid. The attribute name and attribute value must match in order for the remove to occur.
Type
Response function, domain scope.
Syntax
int SM_EXTERN Sm_PolicyApi_RemoveResponseAttr ( void* pSessionHandle, const char* pszResponseAttrOid );
Parameter |
I/O |
Description |
---|---|---|
pSessionHandle |
I |
A pointer to an internal Policy Management API data structure. The structure holds information about the administrator session and the client session. |
pszResponseAttrOid |
I |
A null-terminated string containing the object identifier of an existing response attribute. |
Returns
Removes a user directory from an existing affiliate domain.
Type
Federation function
Syntax
int SM_EXTERN Sm_PolicyApi_RemoveUserDirFromAffiliateDomain( void* pSessionHandle, const char* pszUserDirOid, const char* pszAffiliateDomainOid );
Parameter |
I/O |
Description |
---|---|---|
pSessionHandle |
I |
A pointer to an internal Policy Management API data structure. The structure holds information about the administrator session and the client session. |
pszUserDirOid |
I |
A null-terminated string containing the object identifier of an existing user directory. |
pszAffiliate |
I |
A null-terminated string containing the object identifier of an existing affiliate domain. |
Returns
Disassociates the user directory identified by pszUserDirOid from the domain identified by pszDomainOid.
Type
User directory function, global scope.
Syntax
int SM_EXTERN Sm_PolicyApi_RemoveUserDirFromDomain ( void* pSessionHandle, const char* pszUserDirOid, const char* pszDomainOid );
Parameter |
I/O |
Description |
---|---|---|
pSessionHandle |
I |
A pointer to an internal Policy Management API data structure. The structure holds information about the administrator session and the client session. |
pszUserDirOid |
I |
A null-terminated string containing the object identifier of an existing user directory. |
pszDomainOid |
I |
A null-terminated string containing the object identifier of an existing domain. |
Returns
Removes a user directory entry from an affiliate.
Type
Federation function
Syntax
int SM_EXTERN Sm_PolicyApi_RemoveUsersFromAffiliate ( void* pSessionHandle, const char* pszAffiliateOid, const char* pszUserPolicyOid );
Parameter |
I/O |
Description |
---|---|---|
pSessionHandle |
I |
A pointer to an internal Policy Management API data structure. The structure holds information about the administrator session and the client session. |
pszAffiliateOid |
I |
A null-terminated string containing the object identifier of an existing affiliate. |
pszUserPolicyOid |
I |
A null-terminated string containing the object identifier of an existing policy user. |
Returns
Disassociates the user identified by pszUserPolicyOid from the policy identified by pszPolicyOid. Only one user specification (which may be an aggregate) can be removed at a time.
Type
User and user state function.
Syntax
int SM_EXTERN Sm_PolicyApi_RemoveUsersFromPolicy ( void* pSessionHandle, const char* pszPolicyOid, const char* pszUserPolicyOid );
Parameter |
I/O |
Description |
---|---|---|
pSessionHandle |
I |
A pointer to an internal Policy Management API data structure. The structure holds information about the administrator session and the client session. |
pszPolicyOid |
I |
A null-terminated string containing the object identifier of an existing policy from which a user is to be removed. |
pszUserPolicyOid |
I |
A null-terminated string containing the object identifier of an existing policy user. |
Remarks
This function is successful only when the pointer to Sm_PolicyApi_User_t is obtained with the Sm_PolicyApi_GetPolicyUsers() function. If the user is retrieved with Sm_PolicyApi_LookupDirectoryEntry(), Sm_PolicyApi_GetDirectoryContents(), or Sm_PolicyApi_ValidateDirectoryEntry(), pszUserPolicyOid will be invalid and the call will fail.
Returns
Removes the specified users from the Service Provider.
Type
SAML 2.0 Configuration function, domain scope.
Syntax
int SM_EXTERN Sm_PolicyApi_AddUsersToSAMLServiceProvider ( void* pSessionHandle, const char* pszProviderOid, Sm_PolicyApi_User_t* pStructUsers, int iPolicyFlags );
Parameter |
I/O |
Description |
---|---|---|
pSessionHandle |
I |
A pointer to an internal Policy Management API data structure. The structure holds information about the administrator session and the client session. |
pszProviderOid |
I |
A null-terminated string containing the Service Provider's object identifier. |
pStructUsers |
I |
The users to remove from the Service Provider. |
iPolicyFlags |
I |
A bit field that indicates whether:
|
Returns
Dissociates a user directory entry from WS-Federation Resource Partner.
Syntax
int SM_EXTERN Sm_PolicyApi_RemoveUsersFromWSFEDResourcePartner ( void* pSessionHandle, const char * pszProviderOid, const char * pszUserPolicyOid );
Parameters
[in] A pointer to an internal Policy Management API data structure. The structure holds information about the administrator session and the client session.
[in] A null-terminated string containing the object identifier of an existing WS-Federation Resource Partner.
[in] A null-terminated string containing the object identifier of an existing policy user.
Return Values
Renames a domain or global object.
This function requires the Object Identifier (OID) of the object to be renamed. You can retrieve the object identifier by performing the Get operation on the object.
Type
General object function.
Syntax
int SM_EXTERN Sm_PolicyApi_RenameObject ( void* pSessionHandle, const char* pszOid, const char* pszNewName );
Parameter |
I/O |
Description |
---|---|---|
pSessionHandle |
I |
A pointer to an internal Policy Management API data structure. The structure holds information about the administrator session and the client session. |
pszOid |
I |
Object Identifier of the object to be renamed. |
pszNewName |
I |
New name for the object. |
Returns
Sets the user directory search order for an affiliate domain.
Type
Federation function
Syntax
int SM_EXTERN Sm_PolicyApi_SetAffiliateDomainUserDirSearchOrder ( void* pSessionHandle, const char* pszAffiliateDomainOid, char** pszArray[] );
Parameter |
I/O |
Description |
---|---|---|
pSessionHandle |
I |
A pointer to an internal Policy Management API data structure. The structure holds information about the administrator session and the client session. |
pszAffiliate |
I |
A null-terminated string containing the object identifier of an existing affiliate domain. |
pszArray |
I |
An array of user directory OIDs, in the desired order. |
Returns
Sets the disabled state of a user. You can also enable a user with this function.
To make this function work, the attribute for tracking disabled users must be set in the user directory (the pszDisabledAttr field of structure Sm_PolicyApi_UserDir_t). You can also set the attribute using the Policy Server User Interface.
Type
User and user state function.
Syntax
int SM_EXTERN Sm_PolicyApi_SetDisabledUserState ( void* pSessionHandle, const char* pszUserDirOid, const char* pszUserDN, const Sm_Api_DisabledReason_t nDisabledReason, char** pszErrMsg );
Parameter |
I/O |
Description |
---|---|---|
pSessionHandle |
I |
A pointer to an internal Policy Management API data structure. The structure holds information about the administrator session and the client session. |
pszUserDirOid |
I |
A null-terminated string containing the object identifier of an existing user directory. |
pszUserDN |
I |
The distinguished name of the user whose disabled state is to be changed. |
nDisabledReason |
I |
Reason for disabling or enabling a user. The reasons are enumerated in Sm_Api_DisabledReason_t, which is defined in SmApi.h. It is the responsibility of the caller to set the correct state. Multiple reasons can exist concurrently. When a user is enabled, all the flags in the disabled mask should be cleared.
|
pszErrMsg |
O |
The error message is held in the string if the operation was not successful. You release the memory allocated for this variable by calling Sm_PolicyApi_FreeString(). |
Returns
Examples
nDisabledReason = Sm_Api_Disabled_DisabledMask & Sm_Api_Disabled_PWExpired;
enum Sm_Api_DisabledReason_t nDisabledReason; iRes = Sm_PolicyApi_GetDisabledUserState (pSessionHandle, pszUserDirOid, pszUserDN, &nDisabledReason, &pszGetErrMsg); if (iRes != Sm_PolicyApi_Success) { cout << "Error: " << pszGetErrMsg << endl; } // Set admin disabled reason bit. nDisabledReason=(Sm_Api_DisabledReason_t) (nDisabledReason | Sm_Api_Disabled_AdminDisabled); // Set Disable user state iRes = Sm_PolicyApi_SetDisabledUserState(pSessionHandle, pszUserDirOid, pszUserDN, nDisabledReason, &pszSetErrMsg);
enum Sm_Api_DisabledReason_t nDisabledReason; iRes = Sm_PolicyApi_GetDisabledUserState(pSessionHandle, pszUserDirOid, pszUserDN, &nDisabledReason, &pszGetErrMsg); if (iRes != Sm_PolicyApi_Success) { if (pszGetErrMsg) { cout << "Error: " << pszGetErrMsg << endl; } } // Clear all the disable reason bits. nDisabledReason=(Sm_Api_DisabledReason_t) (nDisabledReason & (~Sm_Api_Disabled_DisabledMask)); // Set Disable user state to enable iRes = Sm_PolicyApi_SetDisabledUserState(pSessionHandle, pszUserDirOid, pszUserDN, nDisabledReason, &pszSetErrMsg);
Changes the password of a user account. It can also be used to validate a new password or an old password without changing the password.
To validate a new password, you must set SiteMinder Password services for the directory, and you must identify a password attribute in the SiteMinder user directory.
Type
User and user state function.
Syntax
int SM_EXTERN Sm_PolicyApi_SetPassword ( void* pSessionHandle, const char* pszUserDirOid, const char* pszUserDN, const char* pszNewPassword, const char* pszOldPassword, bool bChangePassword, bool bValidateNewPassword, bool bValidateOldPassword, char** pszErrMsg );
Parameter |
I/O |
Description |
---|---|---|
pSessionHandle |
I |
A pointer to an internal Policy Management API data structure. The structure holds information about the administrator session and the client session. |
pszUserDirOid |
I |
A null-terminated string containing the object identifier of the user directory where the user may be found. |
pszUserDN |
I |
The distinguished name of the user whose password is to be changed and/or whose new or old password is to be validated. |
pszNewPassword |
I |
New user password to validate or change. |
pszOldPassword |
I |
Old user password to validate or change. |
bChangePassword |
I |
If true, the password is changed to the new password and is recorded in the user's password history. If an error occurs, the function returns an error code. |
bValidateNewPassword |
I |
If true, the new password is checked to make sure it satisfies all password policy requirements. If the new password is in violation of any password policies, pszErrMsg is set and the function returns an error code. |
bValidateOldPassword |
I |
If true, the old password is used to authenticate the user. If authentication fails, the function returns an error code. |
pszErrMsg |
O |
String containing an error message if the user password change or validation was not successful. You release the memory allocated for this variable by calling Sm_PolicyApi_FreeString(). |
Returns
For information about the error, call Sm_PolicyApi_GetPasswordMsg() and pass to it the encoded error message (pszErrMsg) returned from Sm_PolicyApi_SetPassword().
Alters the policy link described by the ppstructPolicyLink structure.
This function sets a response or a response group to a rule or rule group. It can also be used to remove a response or response group from a policy link. To remove a response or response group from a policy link, set the pszResponseOid in Sm_PolicyApi_PolicyLink_t to an empty string.
Type
Response function, domain scope.
Syntax
int SM_EXTERN Sm_PolicyApi_SetResponseInPolicyLink ( void* pSessionHandle, const char* pszPolicyOid, Sm_PolicyApi_PolicyLink_t* ppstructPolicyLink );
Parameter |
I/O |
Description |
---|---|---|
pSessionHandle |
I |
A pointer to an internal Policy Management API data structure. The structure holds information about the administrator session and the client session. |
pszPolicyOid |
I |
A null-terminated string containing the object identifier of an existing policy. |
ppstructPolicyLink |
I |
The address of a policy link structure. |
Returns
Sets the current SharedSecretPolicy. There will always be exactly one such object, so it is not necessary to provide the bUpdate boolean flag.
Type
Agent configuration.
Syntax
int SM_EXTERN Sm_PolicyApi_SetSharedSecretPolicy ( void* pSessionHandle, Sm_PolicyApi_SharedSecretPolicy_t* ppstructSecretPolicy );
Parameter |
I/O |
Description |
---|---|---|
pSessionHandle |
I |
The current Policy API session handle. |
ppstructSecret |
I/O |
The shared secret policy structure. |
Returns
Rearranges the search order of the user directory objects associated with the domain identified by pszDomainOid.
The ordered list of names is specified in the pszArray string array. The user directories in this array must match in OID and number (but not order) the list of user directory names that were retrieved by a call to Sm_PolicyApi_GetUserDirSearchOrder().
Type
User directory function, global scope.
Syntax
int SM_EXTERN Sm_PolicyApi_SetUserDirSearchOrder ( void* pSessionHandle, const char* pszDomainOid, char** pszArray[] );
Parameter |
I/O |
Description |
---|---|---|
pSessionHandle |
I |
A pointer to an internal Policy Management API data structure. The structure holds information about the administrator session and the client session. |
pszDomainOid |
I |
A null-terminated string containing the object identifier of an existing domain. |
pszArray |
I |
An array of user directory OIDs, in the desired order. |
Returns
Add or update a UserPasswordState object.
If there is no PasswordState associated with the user, a new PasswordState will be created. Otherwise, the UserPasswordState will be updated.
Type
Password state function.
Syntax
int SM_EXTERN Sm_PolicyApi_SetUserPasswordState ( void *pSessionHandle, const char *pszUserDirOid, const char *pszUserDN, Sm_PolicyApi_UserPasswordState_t *pPasswordState bool bEmptyHistory );
Parameter |
I/O |
Description |
---|---|---|
pSessionHandle |
I |
A pointer to an internal Policy Management API data structure. The structure holds information about the administrator session and the client session. |
pszUserDirOid |
I |
Unique object identifier that corresponds to a particular User Directory. |
pszUserDN |
I |
Specifies the distinguished name of the user within the user directory. |
pPasswordState |
I/O |
The user password state object. If this parameter changes the user directory setting for the last time the password was changed, and the password is reset outside of SiteMinder, the password policy preventing password reuse may not work as expected. If this parameter is set to NULL, the function returns Sm_PolicyApi_Failure. |
bEmptyHistory |
I |
Specifies whether this function should clear the existing password history. If this parameter is set to true, the field tLastPWChange field of structure Sm_PolicyApi_UserPasswordState_t is implicitly reset to zero. |
Returns
Validates a user specification in a user directory.
Type
User directory function, global scope.
Syntax
int SM_EXTERN Sm_PolicyApi_ValidateDirectoryEntry ( void* pSessionHandle, const char* pszUserDirOid, const char* pszPath, Sm_PolicyApi_User_t** ppUserEntry );
Parameter |
I/O |
Description |
---|---|---|
pSessionHandle |
I |
A pointer to an internal Policy Management API data structure. The structure holds information about the administrator session and the client session. |
pszUserDirOid |
I |
A null-terminated string containing the object identifier of the user directory. |
pszPath |
I |
A null-terminated string containing the path of a user. |
ppUserEntry |
O |
The address of a pointer to a user structure. |
Returns
When you configure an authentication scheme programmatically, you provide information that would otherwise be provided through the Authentication Scheme Properties dialog of the Policy Server UI. You provide this information through the fields in the structure Sm_PolicyApi_Scheme_t.
Note: The following categories of information can be used for different purposes in different authentication schemes. For example, with the TeleID authentication scheme, the shared secret is used to supply the encryption seed.
SiteMinder provides a number of standard authentication scheme types (also known as templates). Each authentication scheme type is configured differently.
Brief description of the authentication scheme.
Protection level values can range from 1 through 1000. The higher the number, the greater the degree of protection provided by the scheme.
An authentication scheme library performs authentication processing for the associated authentication scheme type. Each predefined authentication scheme is shipped with a default library. Optionally, you can use a custom library instead of the default.
Additional information that the authentication scheme requires, such as the URL of an HTML login page. With some authentication schemes, the parameter information is constructed from field values in the Scheme Type Setup tab of the Authentication Scheme Properties dialog. To see how a parameter string is constructed for a given scheme type, open this dialog, select the appropriate scheme type, provide values to the fields in the Scheme Type Setup tab, and view the constructed parameter in the Advanced tab.
Information that is known to both the authentication scheme and the Policy Server. Different authentication schemes use different kinds of secrets. Most schemes use no secret.
A flag that specifies whether the authentication scheme is a template.
Note: Setting an authentication scheme as a template with the C Policy Management API was deprecated in SDK v6.0 SP3.
A flag that specifies whether the authentication scheme can be used to authenticate administrators.
A flag that specifies whether to save the user's credentials.
A flag that specifies whether the scheme can be used with RADIUS agents.
A flag that specifies whether password policies for the scheme are enabled. If True (1), password policies are disabled.
Note: The Ignore password check flag must be set to True for anonymous authentication schemes.
Use this table when configuring an authentication scheme based on the scheme type Anonymous. The structure fields referenced in the table are in Sm_PolicyApi_Scheme_t.
Note: The Ignore password check flag must be set to True for anonymous authentication schemes.
Information Type |
Value Assignment and Meaning |
---|---|
Scheme type |
nType=Sm_Api_SchemeType_Anonymous The scheme type Anonymous. |
Description |
pszDesc=description The description of the authentication scheme. |
Protection level |
nLevel=0 Set to 0. Not applicable to this scheme type. |
Library |
pszLib="smauthanon" The default library for this scheme type. |
Parameter |
pszParam=param A string containing the guest DN. Policies associated with the guest DN must apply to anonymous users. |
Shared secret |
pszSecret="" Set to an empty string. Not applicable to this scheme. |
Is template? |
bIsTemplate=0 Set to false (0) to indicate that the scheme is not a template. Any other value is ignored. |
Is used by administrator? |
bIsUsedbyAdmin=0 Set to false (0)-scheme is not used to authenticate administrators. |
Save credentials? |
bAllowSaveCreds=0 Set to false (0) to indicate that user credentials won't be saved. |
Is RADIUS? |
bIsRadius=0 Set to false (0)-scheme is not used with RADIUS agents. |
Ignore password check? |
bIgnorePwCheck=1 Set to true (1)-ignore password checking. |
Use this table when configuring an authentication scheme based on the scheme type Basic over SSL. The structure fields referenced in the table are in Sm_PolicyApi_Scheme_t.
Information Type |
Value Assignment and Meaning |
---|---|
Scheme type |
nType=Sm_Api_SchemeType_BasicOverSSL The scheme type Basic over SSL. |
Description |
pszDesc=description The description of the authentication scheme. |
Protection level |
nLevel=value A value of 1 through 1000. The higher the number, the greater degree of protection provided by the scheme. Default is 10. |
Library |
pszLib="smauthcert" The default library for this scheme type. |
Parameter |
pszParam=param A string containing the domain or IP address of the SSL server and the name of the SSL Credentials Collector (SCC). Format: https://server/SCC?basic The following example uses the default SCC: https://my.server.com/siteminderagent/ |
Shared secret |
pszSecret="" Set to an empty string. Not applicable to this scheme. |
Is template? |
bIsTemplate=0 Set to false (0) to indicate that the scheme is not a template. Any other value is ignored. |
Is used by administrator? |
bIsUsedbyAdmin=0 Set to false (0) for this scheme. |
Save credentials? |
bAllowSaveCreds=0 Set to false (0) to indicate that user credentials won't be saved. |
Is RADIUS? |
bIsRadius=0 Set to false (0)-scheme is not used with RADIUS agents. |
Ignore password check? |
bIgnorePwCheck=flag Set to true (1) to ignore password checking, or false (0) to check passwords. Default is 0. |
Use this table when configuring an authentication scheme based on the scheme type Basic. The structure fields referenced in the table are in Sm_PolicyApi_Scheme_t.
Information Type |
Value Assignment and Meaning |
---|---|
Scheme type |
nType=Sm_Api_SchemeType_Basic The scheme type Basic. |
Description |
pszDesc=description The description of the authentication scheme. |
Protection level |
nLevel=value A value of 1 through 1000. The higher the number, the greater degree of protection provided by the scheme. Default is 5. |
Library |
pszLib="smauthdir" The default library for this scheme type. |
Parameter |
pszParam="" Set to an empty string. Not applicable to this scheme. |
Shared secret |
pszSecret="" Set to an empty string. Not applicable to this scheme. |
Is template? |
bIsTemplate=0 Set to false (0) to indicate that the scheme is not a template. Any other value is ignored. |
Is used by administrator? |
bIsUsedbyAdmin=1 Set to true (1)-scheme can be used to authenticate administrators. |
Save credentials? |
bAllowSaveCreds=0 Set to false (0) to indicate that user credentials won't be saved. |
Is RADIUS? |
bIsRadius=1 Set to true (1)-scheme can be used with RADIUS agents. |
Ignore password check? |
bIgnorePwCheck=flag Set to true (1) to ignore password checking, or false (0) to check passwords. Default is 0. |
Use this table when configuring an authentication scheme based on the scheme type Custom. You create custom schemes using the Authentication API. The structure fields referenced in the table are in Sm_PolicyApi_Scheme_t.
Information Type |
Value Assignment and Meaning |
---|---|
Scheme type |
nType=Sm_Api_SchemeType_Custom The scheme type Custom. |
Description |
pszDesc=description The description of the authentication scheme. |
Protection level |
nLevel=value A value of 0 through 1000. The higher the number, the greater degree of protection provided by the scheme. Default is 5. |
Library |
pszLib=customLibName The name of the custom shared library you created using the Authentication API. |
Parameter |
pszParam=param Any string of one or more parameters required by your custom authentication scheme. For a custom authentication scheme that uses SSL, you must supply a URL that points to a SiteMinder Web Agent library required for the SSL-based authentication. |
Shared secret |
pszSecret=secret The shared secret, if any, that your custom authentication scheme uses for encryption of credentials. |
Is template? |
bIsTemplate=0 Set to false (0) to indicate that the scheme is not a template. Any other value is ignored. |
Is used by administrator? |
bIsUsedbyAdmin=flag Set to true (1) to specify that the scheme can be used to authenticate administrators, or to false (0) to specify that the scheme cannot be used to authenticate administrators. Default is 0. |
Save credentials? |
bAllowSaveCreds=0 Set to false (0) to indicate that user credentials won't be saved. |
Is RADIUS? |
bIsRadius=0 Set to false (0)-scheme is not used with RADIUS agents. |
Ignore password check? |
bIgnorePwCheck=flag Set to true (1) to ignore password checking, or false (0) to check passwords. Default is 0. |
Use this table when configuring an authentication scheme based on the scheme type HTML Form. The structure fields referenced in the table are in Sm_PolicyApi_Scheme_t.
Information Type |
Value Assignment and Meaning |
---|---|
Scheme type |
nType=Sm_Api_SchemeType_HTMLForm The scheme type HTML Form. |
Description |
pszDesc=description The description of the authentication scheme. |
Protection level |
nLevel=value A value of 1 through 1000. The higher the number, the greater degree of protection provided by the scheme. Default is 5. |
Library |
pszLib="smauthhtml" The default library for this scheme type. |
Parameter |
pszParam=param A string containing a user attribute list plus the location of the forms credential collector (FCC). The attribute list must begin with AL= and use commas as the list delimiter character, and it must end with a semicolon-for example: AL=Password,SSN,age,zipcode; The complete parameter format is: attr-list;https:/server/fcc The following example uses the default FCC: AL=PASSWORD,SSN,age,zipcode; |
Shared secret |
pszSecret="" Set to an empty string. Not applicable to this scheme. |
Is template? |
bIsTemplate=0 Set to false (0) to indicate that the scheme is not a template. Any other value is ignored. |
Is used by administrator? |
bIsUsedbyAdmin=0 Set to false (0)-scheme is not used to authenticate administrators. |
Save credentials? |
bAllowSaveCreds=flag Set to true (1) to indicate that user credentials should be saved, or false (0) to indicate that user credentials should not be saved. Default is 0. |
Is RADIUS? |
bIsRadius=0 Set to false (0)-scheme is not used with RADIUS agents. |
Ignore password check? |
bIgnorePwCheck=flag Set to true (1) to ignore password checking, or false (0) to check passwords. Default is 0. |
Use this table when configuring an authentication scheme based on the scheme type Impersonation. The structure fields referenced in the table are in Sm_PolicyApi_Scheme_t.
Information Type |
Value Assignment and Meaning |
---|---|
Scheme type |
nType=Sm_Api_SchemeType_Impersonation The scheme type Impersonation. |
Description |
pszDesc=description The description of the authentication scheme. |
Protection level |
nLevel=value A value of 1 through 1000. The higher the number, the greater degree of protection provided by the scheme. Default is 5. |
Library |
pszLib="smauthimpersonate" The default library for this scheme type. |
Parameter |
pszParam=param A string containing a user attribute list plus the location of the forms credential collector (FCC). The attribute list must begin with AL= and use commas as the list delimiter character, and it must end with a semicolon-for example: AL=Password,SSN,age,zipcode; The complete parameter format is: attr-list;https:/server/fcc The following example uses the default FCC: AL=PASSWORD,SSN,age,zipcode; |
Shared secret |
pszSecret="" Set to an empty string. Not applicable to this scheme. |
Is template? |
bIsTemplate=0 Set to false (0) to indicate that the scheme is not a template. Any other value is ignored. |
Is used by administrator? |
bIsUsedbyAdmin=0 Set to false (0)-scheme is not used to authenticate administrators. |
Save credentials? |
bAllowSaveCreds=0 Set to false (0) to indicate that user credentials won't be saved. |
Is RADIUS? |
bIsRadius=0 Set to false (0)-scheme is not used with RADIUS agents. |
Ignore password check? |
bIgnorePwCheck=1 Set to true (1)-ignore password checking. |
Copyright © 2012 CA.
All rights reserved.
|
|