Sm_PolicyApi_Scheme

Programming Guides › Programming Guide for C › Policy Management API › SM--Federation Security Services › Sm_PolicyApi_Scheme_t

Sm_PolicyApi_Scheme_t

Defines a SiteMinder authentication scheme object.

Syntax

typedef struct Sm_PolicyApi_Scheme_s
{
   int iStructId;
   char pszOid[BFSIZE];
   char pszName[BFSIZE];                    /* Required */
   char pszDesc[BFSIZE];
   int nLevel;                              /* Required */
   char pszLib[BFSIZE];
   char pszParam[BFSIZE];
   char pszSecret[BFSIZE];
   bool bIsTemplate;
   bool bIsUsedbyAdmin;
   Sm_Api_SchemeType_t nType;               /* Required */
   bool bAllowSaveCreds;                    /* Required */
   bool bIsRadius;                          /* Required */
   bool bIgnorePwCheck;                     /* Required */
   struct Sm_PolicyApi_Scheme_s* next;
} Sm_PolicyApi_Scheme_t;

Field	Description
iStructId	Authentication scheme data structure ID, defined in Sm_PolicyApi_Structs_t.
pszOid	The object identifier of the authentication scheme object.
pszName	Name of the authentication scheme.
pszDesc	Brief description of the authentication scheme.
nLevel	The protection level of the authentication scheme. The level may vary from 1 through 1000. The higher the number, the more secure is the scheme. With Anonymous authentication schemes, set this value to 0.
pszLib	The name of the shared library that implements the custom authentication scheme.
pszParam	Information that is passed on to the custom authentication scheme.
pszSecret	A shared secret known to two parties for the purpose of establishing secure data exchange. This information is passed on to the custom authentication scheme.
bIsTemplate	Flag to indicate whether the authentication scheme is a template. Note: Setting an authentication scheme as a template with the C Policy Management API is deprecated in SDK v6.0 SP3.
bIsUsedbyAdmin	Flag to indicate if the custom authentication scheme can be used to authenticate administrators.
nType	The type of the authentication scheme, defined in Sm_Api_SchemeType_t.
bAllowSaveCreds	Flag to allow user credentials to be saved.
bIsRadius	Flag to indicate if the scheme is of type Radius.
bIgnorePwCheck	If this flag is set to true, password policies for the authentication scheme will be disabled.
next	Pointer to the next Scheme structure.

More Information:

Authentication Scheme Configuration

Sm_PolicyApi_SharedSecretPolicy_t

Defines a shared secret policy.

In the Administrative UI, a shared secret policy is defined in the Shared Secret Rollover tab of the Key Management dialog box.

Syntax

typedef struct Sm_PolicyApi_SharedSecretPolicy_s
{
   int iStructID;
   bool bIsEnabled;
   int iRolloverPeriod;
   int iRolloverFrequency;
} Sm_PolicyApi_SharedSecretPolicy_t;

Field	Description
iStructID	Authentication scheme data structure ID, defined in Sm_PolicyApi_Structs_t.
bIsEnabled	Is shared secret rollover enabled?
iRolloverPeriod	The unit of time (hourly, daily, weekly, monthly) that is used with iRolloverFrequency to determine how often the shared secret is automatically changed (for example, every 3 days, every 2 months, etc.). Valid values are specified in Sm_PolicyApi_SecretRolloverPeriod_t.
iRolloverFrequency	Specifies the number of iRolloverPeriod units between rollovers.

Sm_PolicyApi_Server_t

Defines TCP/IP connectivity information for a Policy Server.

Syntax

typedef struct Sm_PolicyApi_Server_s
{
   int iStructId;
   char pszIpAddr[BFSIZE];                 /* Required */
   long nPort[3];
   long nClusterSeq;
   struct Sm_PolicyApi_Server_s* next;
} Sm_PolicyApi_Server_t;

Field	Description
iStructId	Policy server structure ID, defined in Sm_PolicyApi_Structs_t.
pszIpAddr	The TCP/IP address of a Policy Server.
nPort	Prior to v6.0 of SiteMinder, this is an array of TCP/IP ports for Accounting, Authentication, and Authorization services. Beginning with SiteMinder v6.0, only the Policy Server port needs to be specified.
nClusterSeq	The cluster sequence number for this server. For a non-cluster server, omit the parameter. For a cluster server, specify the cluster sequence number, starting from one. Specifying a sequence number that is equal to an existing sequence number will result in an error.
next	Pointer to the next server structure.

Sm_PolicyApi_TrustedHost_t

Defines a trusted host object.

Syntax

typedef struct Sm_PolicyApi_TrustedHost_s
{
   int iStructId;
   char pszOid[BFSIZE];
   char pszName[BFSIZE];
   char pszDesc[BFSIZE];
   char pszIPAddr[BFSIZE];
   char pszSecret[BFSIZE];
   bool bIs4xHost;
   struct Sm_PolicyApi_TrustedHost_s* next;
   bool bRolloverEnabled;
} Sm_PolicyApi_TrustedHost_t;

Field	Description
iStructId	Data structure ID, defined in Sm_PolicyApi_Structs_t.
pszOid	The object identifier of the trusted host object.
pszName	The trusted host name.
pszDesc	Brief description of the trusted host.
pszIPAddr	The IP address of the trusted host.
pszSecret	The shared secret of the trusted host.
bIs4xHost	Internal use only.
next	Pointer to the next trusted host structure.
bRolloverEnabled	Indicates whether or not shared secret rollover is enabled for this trusted host.

Sm_PolicyApi_User_t

Defines a SiteMinder User object.

Syntax

typedef struct Sm_PolicyApi_User_s
{
   int iStructId;
   char pszUserPolicyOid[BFSIZE];            /* Required */
   char pszUserDirOid[BFSIZE];               /* Required */
   char pszPath[BFSIZE];                     /* Required */
   char pszClass[BFSIZE];                    /* Required */
   Sm_PolicyResolution_t nPolicyResolution;  /* Required */
   int nFlags;                               /* Required */
   struct Sm_PolicyApi_User_s* next;
} Sm_PolicyApi_User_t;

Field	Description
iStructId	User data structure ID, defined in Sm_PolicyApi_Structs_t.
pszUserPolicyOid	The object identifier of the user policy.
pszUserDirOid	The object identifier of the user directory
pszPath	User's distinguished name (DN).
pszClass	The object class as understood by a user directory, such as organizationalUnit in LDAP or User in NT.
nPolicyResolution	The relationship between two policy objects. Policy resolutions are enumerated in Sm_PolicyResolution_t.
nFlags	A bitmask using the bits defined in Policy Flags.
next	Pointer to the next User structure.

Sm_PolicyApi_UserContext_t

Makes user context information available to callers of the Policy Management API.

Syntax

typedef struct Sm_PolicyApi_UserContext_s
{
   int iStructId;
   Sm_Api_UserContext_t *pUserContext;
   struct Sm_PolicyApi_UserContext_s* next;
} Sm_PolicyApi_UserContext_t;

Field	Description
iStructId	User data structure ID, defined in Sm_PolicyApi_Structs_t.
pUserContext	Pointer to the user context information.
next	This field is always set to null.

More Information:

Sm_PolicyApi_GetTrustedHostByName()

Sm_PolicyApi_UserDir_t

Defines a SiteMinder user directory object.

Syntax

typedef struct Sm_PolicyApi_UserDir_s
{
   int iStructId;
   char pszOid[BFSIZE];
   char pszName[BFSIZE];                     /* Required */
   char pszDesc[BFSIZE];
   char pszNamespace[BFSIZE];                /* Required */
   char pszServer[BFSIZE];                   /* Required */
   char pszSearchRoot[BFSIZE];
   char pszUserLookupStart[BFSIZE];
   char pszUserLookupEnd[BFSIZE];
   char pszUsername[BFSIZE];
   char pszPassword[BFSIZE];
   int nSearchResults;                       /* Required */
   int nSearchScope;                         /* Required */
   int nSearchTimeout;                       /* Required */
   bool bSecureConnection;                   /* Required */
   bool bRequireCredentials;                 /* Required */
   char pszDisabledAttr[BFSIZE];
   char pszUniversalIDAttr[BFSIZE];
   char pszODBCQuerySchemeOid[BFSIZE];
   char pszAnonymousId[BFSIZE];
   char pszPasswordData[BFSIZE];
   char pszPasswordAttribute[BFSIZE];
   char pszEmailAddressAttr[BFSIZE];
   char pszChallengeRespAttr[BFSIZE];
   struct Sm_PolicyApi_UserDir_s* next;
} Sm_PolicyApi_UserDir_t;

Field	Description
iStructId	User directory data structure ID, defined in Sm_PolicyApi_Structs_t.
pszOid	The object identifier of the user directory object.
pszName	Name of the user directory.
pszDesc	Brief description of the user directory.
pszNamespace	Mandatory field that designates the specific directory service being connected to (for example, LDAP:, ODBC:, WinNT:, AD:, or Custom:).
pszServer	Mandatory field. This is an overloaded field whose contents depend upon the namespace: ODBC - Data source name. NT - Domain name. LDAP or AD - An IP address or an IP address and port number in the format IP_address:port_number. The port number 389 is assumed if no port number is specified. Custom - Library name.
pszSearchRoot	One of the following values: With LDAP directories, the location in the LDAP tree that serves as the starting point for the directory connection-typically, an organization (o) or organizational unit (ou). The Policy Server begins searching at the root when locating a user. With custom directories, any parameters to pass to the custom library.
pszUserLookupStart	The User DN Lookup Start allows users to authenticate by entering only a part of the user name, without having to enter an entire DN string. Identifying unique and non-unique segments of the user DN string does this. Use this field with LDAP directories only.
pszUserLookupEnd	The User DN Lookup End allows users to authenticate by entering only a part of the user name, without having to enter an entire whole DN string. Use this field with LDAP directories only.
pszUsername	The user name needed to access a user directory.
pszPassword	The password needed to access a user directory.
nSearchResults	The maximum number of records that can be returned from a search of an LDAP or custom directory.
nSearchScope	The extent to which SiteMinder looks for users and user groups below pszSearchRoot in an LDAP directory - all levels below the root (subtree) or just one level below the root. Specify 1 for one level down or 2 for subtree.
nSearchTimeout	The maximum amount of time, in seconds, that SiteMinder will query an LDAP or custom directory.
bSecureConnection	This flag must be enabled when accessing an LDAP or custom directory over SSL. Enabling Secure Connect means that SiteMinder performs secure authentication and encrypted transmissions.
bRequireCredentials	Flag to specify credentials necessary to authenticate against a user directory
pszDisabledAttr	Name of the user directory attribute that SiteMinder uses to keep track of a user's enabled or disabled state. Applies to LDAP and ODBC directories, and possibly to custom directories.
pszUniversalIDAttr	Name of the user directory attribute that has been designated as the Universal ID. Typically, the Universal ID differs from the user's login ID, and the Universal ID is used to look up user information. Applies to LDAP, ODBC, and WinNT directories, and possibly to custom directories.
pszODBCQuerySchemeOid	The object identifier for a set of ODBC queries that SiteMinder uses to query the ODBC directory.
pszAnonymousId	Name of the user directory attribute that is designated as the anonymous user DN. This DN is defined in the anonymous authentication scheme. Anonymous users impersonate this DN to gain access to the resources associated with the anonymous authentication scheme. Applies to LDAP directories, and possibly to custom directories.
pszPasswordData	Name of the user directory attribute that SiteMinder uses to store password policy information. Applies to LDAP and ODBC directories, and possibly to custom directories.
pszPasswordAttribute	Name of the user directory attribute that contains the user's password, as defined using Password Services. Applies to LDAP and ODBC directories, and possibly to custom directories.
pszEmailAddressAttr	Reserved for future use.
pszChallengeRespAttr	Name of the user directory attribute that contains a response to return to the user, such as a hint for a forgotten password. Applies to LDAP directories, and possibly to custom directories.
next	Pointer to the next directory structure.

Remarks

Fields apply to all types of directories (LDAP, ODBC, WinNT, and custom) unless individual directory types are specified.

Fields that apply to LDAP directories also apply to Active Directories.

Sm_PolicyApi_UserPasswordState_t

Information regarding all PasswordState virtual attributes is returned using the SmPolicyApi_UserPasswordState_t structure. This structure coexists with a User object, which is restricted by the UserDirectory OID and a User DN string. The structure can be retrieved, created, or updated through the C Policy Management API.

Syntax

typedef struct Sm_PolicyApi_UserPasswordState_s
{
   int iLoginFailures;
   time_t tLastLogin;
   time_t tPrevLogin;
   time_t tDisabled;
   time_t tLastPWChange;
} Sm_PolicyApi_UserPasswordState_t;

Field	Description
iLoginFailures	Specifies how many times the user has failed to log in since the last successful login.
tLastLogin	Specifies the last time the user successfully logged in.
tPrevLogin	Specifies the second-to-last time the user successfully logged in.
tDisabled	Specifies the time the user was disabled.
tLastPWChange	Specifies the last time the user changed his password. If this value updates the user directory setting for the last time the password was changed, and the password is reset outside of SiteMinder, the password policy preventing password reuse may not work as expected. The value 0 may be returned in this field in the following cases: The user begins the procedure to change his password but does not complete it. Password history is cleared through a call to Sm_PolicyApi_SetUserPasswordState().

Sm_PolicyApi_Variable_t

Defines a variable object that can be used in a variable expression for a policy or a response. Variable objects are managed by the Variable Functions.

A variable is a dynamic object that is resolved to a value during an authorization request. The variables appear within an active expression defined for a policy or a response.

Variables are used as follows:

With policies, variables are used as authorization constraints. When a user requests access to a resource, and the resource contains an active expression that includes one or more variables, the variables are resolved to values that pertain to the user. The values are then evaluated and used in the decision on whether to authorize the user.
For example, suppose a policy that protects a bank's credit card application form contains an active expression with a Credit Rating variable and a Salary variable. When a user attempts to access the form, the user is authorized only if his credit rating and salary meet or exceed the minimum values for these variables.
With responses, variables are used as return values. For example, a response attribute might be configured to return a transaction's tracking number obtained from a remote Web Service.

Syntax

typedef struct Sm_PolicyApi_Variable_s
{
   int iStructId;
   char pszOid[BFSIZE];
   char pszName[BFSIZE];
   char pszDesc[BFSIZE];
   char pszVariableTypeOid[BFSIZE];
   char pszDefinition[BFSIZE];
   char pszMetaData[BFSIZE];
   int nReturnType;
   bool bPreFetchFlag;
   char pszDomainOid[BFSIZE];
   Sm_PolicyApi_Oid_t* pNestedVariableList;
   struct Sm_PolicyApi_Variable_s*   next;
} Sm_PolicyApi_Variable_t;

Field	Description
iStructId	Data structure ID, defined in Sm_PolicyApi_Structs_t.
pszOid	The unique object ID of the variable object.
pszName	The user-defined name of the variable object.
pszDesc	Optional text describing the variable object.
pszVariableTypeOid	The unique object ID of the variable type.
pszDefinition	Information needed to obtain the value of the variable at runtime.
pszMetaData	Reserved for use by the optional CA TransactionMinder product.
nReturnType	The data type of the variable value: Sm_PolicyApi_VarReturnTypes_Boolean Sm_PolicyApi_VarReturnTypes_Number Sm_PolicyApi_VarReturnTypes_String Sm_PolicyApi_VarReturnTypes_Date
bPreFetchFlag	Not currently used.
pszDomainOid	The unique object ID of the associated domain.
pNestedVariableList	A linked list of nested variable OIDs that are part of the definition of this variable.
next	Pointer to the next variable object structure.

Variable Definition

You define a variable by specifying where the variable's value can be found. You do so through the pszDefinition field.

The value of this field can be a simple string or a set of XML elements, depending on the variable type. Here are the SiteMinder variable types and a description of the pszDefinition field for each type:

Post
The pszDefinition field contains the name of a field on an HTML form. In a POST action, the variable value is derived from the value assigned to the field.
RequestContext
The pszDefinition field contains the following XML code:
```
<RequestContextVariableDef>
   <ItemName></ItemName>
</RequestContextVariableDef>
```
The variable value depends upon which of the following attribute names appears within the ItemName element:
- Action. With this item name, the variable value is the type of action specified in the request (for example, GET or POST).
- Resource. With this item name, the variable value is the target resource (for example, /directory_name/).
- Server. With this item name, the variable value is the full server name specified in the request (for example, server.company.com).
Static
The pszDefinition field contains the actual value that will be compared against the user-supplied data at runtime. For example, a Static variable of return type Sm_PolicyApi_VarReturnTypes_Date might be assigned the string value 2004-01-01. During authorization, this assigned date is compared against a user-supplied date.
UserContext
The pszDefinition field contains some or all of the following XML code:
```
<UserContextVariableDef>
   <ItemName></ItemName>
   <PropertyName></PropertyName>
   <DN></DN>
   <BufferSize></BufferSize>
</UserContextVariableDef>
```
The variable value is based on an attribute of a user directory connection (such as session ID) or on the contents of the user directory (such as user name). The name of the attribute upon which the variable value is based appears in the XML element ItemName.

The ItemName element can contain one of the following values:
- DirectoryEntryProperty
- DirectoryNameSpace
- DirectoryPath
- DirectoryServer
- IsUserContext
- SessionId
- UserPath
- UserProperty
- UserName
The elements PropertyName, DN, and BufferSize are only used as follows:
- When ItemName contains DirectoryEntryProperty, elements PropertyName, DN, and BufferSize are used.
- When ItemName contains UserProperty, elements PropertyName and BufferSize are used.

WebService

The pszDefinition field contains the following basic XML structure:

<WebServiceVariableDefn xmlns:NeteWS=
                       "http://www.netegrity.com/2003/SM6.0";>
   <NeteWS:RemoteURL></NeteWS:RemoteURL>
   <NeteWS:SSL/>
      <NeteWS:RemoteMethod></NeteWS:RemoteMethod>
      <NeteWS:ResultQuery></NeteWS:ResultQuery>
      <NeteWS:AuthCredentials>
         <NeteWS:Username></NeteWS:Username>
         <NeteWS:Password></NeteWS:Password>
         <NeteWS:Hash></NeteWS:Hash>
      </NeteWS:AuthCredentials>
      <NeteWS:Document>
         <SOAP:Envelope xmlns:SOAP=
                 "http://schemas.xmlsoap.org/soap/envelope/";>
            <SOAP:Header></SOAP:Header>
            <SOAP:Body></SOAP:Body>
         </SOAP:Envelope>
      </NeteWS:Document>
</WebServiceVariableDefn>

To retrieve a variable value from a Web Service, the Policy Server sends the Web Service a SOAP request document as specified in pszDefinition, and then extracts the variable value from the SOAP response.

The following table describes the XML elements used to configure a WebService variable:

Element	Description
RemoteURL	The URL to the Web Service that will resolve the WebService variable.
SSL	Specifies that the connection between the Policy Server and the Web Service should use SSL.
RemoteMethod	Set this element to POST.
ResultQuery	The return query, in XPath format. The Policy Server uses this information to search for the variable's value in the SOAP response document.
AuthCredentials	Optionally, specify the user's Web Service credentials through the following elements: Username Password (use either a SHA-1 password digest or a clear-text password) Optionally, use the Hash element to specify that a hash of the password is to be included in the WS‑Security password.
Document	Optionally, use this element to define a SOAP header and/or SOAP body through the following elements: Envelope. The SOAP namespace is: http://schemas.xmlsoap.org/soap/envelope Header. A user-defined SOAP header. A WS‑Security header is automatically added to it if the user's Web Service credentials are specified. Body. A user-defined SOAP body. Nested variables of type RequestContext, UserContext, Post, and Static can be used inside the header and body. Their values are resolved and substituted before the request document is sent to the remote Web Service. Specify a nested variable as follows: $variable-name$

Note: The XML element structures shown above are formatted for legibility. The XML string supplied through the pszDefinition field should not be formatted with spaces, tabs, and return characters. For example, a RequestContext variable for a Resource attribute would be passed in pszDefinition as follows:

<RequestContextVariableDef><ItemName>Resource</ItemName></RequestContextVariableDef>

Sm_PolicyApi_VariableType_t

Defines a supported variable object type. Variable types are read-only. They cannot be created or deleted through the Policy Management Variable Functions.

Syntax

typedef struct Sm_PolicyApi_VariableType_s
{
   int iStructId;
   char pszOid[BFSIZE];
   char pszName[BFSIZE];
   char pszDesc[BFSIZE];
   char pszFilter[BFSIZE];
   struct Sm_PolicyApi_VariableType_s*    next;
} Sm_PolicyApi_VariableType_t;

Field	Description
iStructId	Data structure ID defined in Sm_PolicyApi_Structs_t.
pszOid	The unique object ID of the variable type object.
pszName	One of the following object type names: Post RequestContext Static UserContext WebService If you have installed the optional CA SOA Security Manager product, the following variable types are also available: SAMLAssertion Transport XMLAgent XMLBody XMLEnvelopeHeader You cannot create these variables using the SDK; you must use the Administrative UI.
pszDesc	The description of the variable type object-for example, Form Post Variables.
pszFilter	Not currently used.
next	Pointer to the next variable type object structure.

Sm_PolicyApi_WSFEDProviderProp_t

Defines a linked list of WS-Federation Provider properties, that is, name/value pairs.

An Sm_PolicyApi_WSFEDProviderProp_t structure consists of a single name/value pair. You define a set of properties for a given WS-Federation object through a linked list of Sm_PolicyApi_WSFEDProviderProp_t structures.

Syntax

typedef struct Sm_PolicyApi_WSFEDProviderProp_s
{
	int iStructId;
	char pszName[BFSIZE];
	char pszValue[BFSIZE];
	Sm_PolicyApi_WSFEDProviderProp_t* next;
} Sm_PolicyApi_WSFEDProviderProp_t;

Parameters

iStructId: ID of the structure in Sm_PolicyAp_Structs_t. Should be set to Sm_PolicyApi_WSFEDProviderProp_ID.
pszName: Name of the WS-Federation Provider property.
pszValue: Value of the WS-Federation Provider property.
next: Pointer to the next WS-Federation Provider property data in the linked list.

Each Sm_PolicyApi_WSFEDProviderProp_t structure contains a WS-Federation metadata property defined as a name/value pair. A complete set of properties for a particular object is defined as a linked list of Sm_PolicyApi_WSFEDProviderProp_t structures.

The following metadata properties apply to WS-Federation objects types:

Common properties
Properties for defining a Resource Partner
Properties for defining an Account Partner

Optional properties are specified in square brackets.

For Boolean values, a value of 1 denotes true; any other value denotes false.

The Property Name column also includes the corresponidng C Policy Management API macro name.

Common Properties

The following table specifies the metadata properties that are common to defining a Resource Partner or an Account Partner:

Property Name	Type	Description

General
Name WSFED_NAME	String	Name of the provider.
[Description] WSFED_DESCRIPTION	String	Brief description of the provider.
[SkewTime] WSFED_SKEW_TIME	String	The skew time between consumer and producer sides in seconds. This value is used to calculate validity duration of assertions and of SLO requests. The default value is 30.
Versioning
[WSFEDMajorVersion] WSFED_MAJOR_VERSION	Int	Version of WSFED protocol supported by this provider. The value of this property has to be set to 1.
[WSFEDMinorVersion] WSFED_MINOR_VERSION	Int	Version of WSFED protocol supported by this provider. The value of this property has to be set to 0.
[WSFEDSAMLMajorVersion] WSFED_SAML_MAJOR_ VERSION	Int	Version of SAML protocol supported by this provider. The value of this property has to be set to 1.
[WSFEDSAMLMinorVersion] WSFED_SAML_MINOR_ VERSION	Int	Version of WSFED protocol supported by this provider. The value of this property has to be set to 1.

Resource Partner Properties

The following table lists the metadata properties used to define a Resource Partner:

Property Name	Type	Description

Domain WSFED_RP_DOMAIN	OID	The Domain OID where this Resource Partner is defined
[Enabled] WSFED_ENABLED	Bool	Boolean indicating if the provider is enabled. If not provided, defaults to true. This property does not get stored physically to the property collection but is used to enable underlying policy.
NetegrityAffiliateMinderAuthURL WSFED_RP_AUTHENTICATION_URL	String	The protected URL used to authenticate Resource Partner users.
NameID
[NameIdFormat] WSFED_RP_NAMEID_FORMAT	String	The URI for a WSFED name identifier.
[NameIdType] WSFED_RP_NAMEID_TYPE	Int	Represents the type of name identifier: 0 - Static Text 1 - User Attribute 2 - DN Attribute Defaults to 1
[NameIdStatic] WSFED_RP_NAMEID_STATIC	String	The static text to be used as the name identifier when the NameIdType == 0. The Policy Management API will return an error if no value is specified for this property and NameIdType==0.
[NameIdAttrName] WSFED_RP_NAMEID_ATTR_NAME	String	The attribute name (user or DN) which holds the name identifier when NameIdType == 1 or NameIdType == 2. If "NameIdType" is set to "1" or "2", "NameIdAttrName" property should have a value, otherwise the Policy Management API will return an error.
[NameIdDNSpec] WSFED_RP_NAMEID_DN_SPEC	String	The DN spec used when the NameIdType == 2. If "NameIdType" is set to "2", "NameIdDNSpec" property should have a value, otherwise the Policy Management API will return error.
[NameIdAllowNested] WSFED_RP_NAMEID_ALLOWED_ NESTED	Bool	Flag indicating whether nested groups are allowed when selecting a DN attribute for the name identifier. Defaults to zero.
General
KEY_RPID WSFED_KEY_RPID	String	The Resource Partner ID for WSFED Assertion Consumer. Must be a URI less than 1024 characters in length. Also this is the key using which properties associated to a provider can be looked up.
APID WSFED_APID	String	The Resource Partner ID of the WSFED Assertion Producer.
SSO
[AuthenticationMethod] WSFED_RP_AUTHENTICATION_METHOD	String	The authentication method to use in the assertion.
[ValidityDuration] WSFED_RP_VALIDITY_DURATION	Int	An integer number of seconds for which a generated assertion is valid. If not provided during Resource Partner creation, the default is 60 seconds.
AssertionConsumerDefaultURL WSFED_RP_ASSERTION_CONSUMER_ DEFAULT_URL	String	The default WSFED Assertion Consumer to use.
[AuthenticationLevel] WSFED_RP_AUTHENTICATION_LEVEL	Int	The principal must have authenticated in a realm by an authentication scheme of at least this level or greater. If not supplied during Resrource Partner creation, this will default to 5.
Signout
[SLOEnabled] WSFED_RP_SLO_ENABLED	Bool	Boolean indicating if Signout is enabled for the Resource Partner.
[SignOutCleanupURL] WSFED_RP_SIGNOUT_CLEANUP_URL	String	Sign-out cleanup URL of the Resource Partner. This property is mandatory if SLOEnabled is true.
[SignOutConfirmURL] WSFED_RP_SIGNOUT_CONFIRM_URL	String	URL where the user will be redirected once the Sign-out at Account Partner is complete. (If there are multiple Resource Partners available then Sign-out confirm URL of the last Resource Partner is applicable.)
Advanced
[AssertionPluginClass] WSFED_RP_ PLUGIN_CLASS	String	The fully qualified Java class name for the Assertion Generator Plugin class to be used.
[AssertionPluginParameters] WSFED_RP_ PLUGIN_PARAMS	String	The string containing parameters to be passed to the Assertion Generator Plugin.

Account Partner Properties

The following table lists the metadata properties used to define an Account Partner:

Property Name	Type	Description

General
KEY_APID WSFED_KEY_APID	String	Identifier for the account partner. Among other things this identifier is used to identify assertion issuer. Also this is the key using which properties associated to a Account Partner can be looked up.
RPID WSFED_RPID	String	Identifier of the Resource Partner.
Signing
[DisableSignatureProcessing] WSFED_DISABLE_SIGNATURE_ PROCESSING	Bool	Specifies whether signature processing is disabled. This setting is useful during initial setup of a Account Partner. When a provider is up and running, this setting will need to be set to false, to avoid security implications. Default value is zero.
[DsigVerInfoIssuerDN] WSFED _DSIG_VERINFO_ALIAS	String	Used to locate the certificate of the provider in the key store if it is not provided inline.
Users
[XPath] WSFED_AP_XPATH	String	XPath query for disambiguating the principal.
[LDAPSearchSpec] WSFED_AP_LDAP_SEARCH_SPEC	String	Search specification for LDAP directory.
[ODBCSearchSpec] WSFED_AP_ODBC_SEARCH_SPEC	String	Search specification for ODBC directory.
[WinNTSearchSpec] WSFED_AP_WINNT_SEARCH_SPEC	String	Search specification for WinNT directory.
[CustomSearchSpec] WSFED_AP_CUSTOM_SEARCH_SPEC	String	Search specification for a custom directory.
[ADSearchSpec] WSFED_AP_AD_SEARCH_SPEC	String	Search specification for AD directory.
SSO
[RedirectMode] WSFED_AP_SSO_REDIRECT_MODE	Int	Redirect mode for assertion attributes. The following values are valid: 0—302 No Data 1—302 Cookie Data 2—Server Redirect 3—Persist Attributes The default is zero.
[SSODefaultService] WSFED_AP_SSO_DEFAULT_SERVICE	String	The default location of the Single Sign-on service.
[Target] WSFED_AP_SSO_TARGET	String	Target resource at the destination site.
[EnforceSingleUsePolicy] ENFORCE_SINGLE_USE_POLICY	Bool	If 1, the single use policy for POST assertions will be enforced, if 0, single use policy for POST assertions will not be enforced. Default set to 1.
Signout
[SLOEnabled] WSFED_AP_SLO_ENABLED	Bool	Boolean indicating if Signout is enabled for the Account Partner. If not supplied during Account Partner creation, this will default to disabled.
[SignOutURL] WSFED_AP_SIGNOUT_URL	String	Sign-out URL of the Account Partner. This property is mandatory if SLOEnabled is true.
Message Consumer Plug-in
[APPluginClass] WSFED_AP_ PLUGIN_CLASS	String	Name of a Java class that implements customization of assertion consumption.
[APPluginParameters] WSFED_AP_ PLUGIN_PARAMS	String	Parameters of the Java class that implements customization of assertion consumption. All parameters are concatenated into one line.
Post Processing URL Support
[UserNotFoundRedirectURL] WSFED_AP_USER_NOT_FOUND_ REDIRECT_URL	String	Contains an optional redirect URL to be used when - Auth Scheme cannot obtain a LoginID from the federation Message, given the configured query string - Auth Scheme can not find a user in the specific user directory, given the configured user store search string.
[UserNotFoundRedirectMode] WSFED_AP_USER_NOT_FOUND_ REDIRECT_MODE	0/1	Default is 0. 0: Http 302 redirect without passing federation messages 1: Http Form Post Redirect
[FailureRedirectURL] WSFED_AP_FAILURE_REDIRECT_URL	String	Contains an optional redirect URL to be used when assertion processsing has failed.
[FailureRedirectMode] WSFED_AP_FAILURE_REDIRECT_MODE	0/1	Default is 0. 0: Http 302 redirect without passing federation messages 1: Http Form Post Redirect
[InvalidRedirectURL] WSFED_AP_INVALID_REDIRECT_URL	String	Contains an optional redirect URL to be used when the assertion is invalid.
[InvalidRedirectMode] WSFED_AP_INVALID_REDIRECT_MODE	0/1	Default is 0. 0: Http 302 redirect without passing federation messages 1: Http Form Post Redirect

Sm_PolicyApi_WSFEDResourcePartner_t

Defines WS-Federation Resource Partner data.

Syntax

typdef struct Sm_PolicyApi_WSFEDResourcePartner_s
{
	int iStructId;
	Sm_PolicyApi_WSFEDProviderProp_t* pProps;
	Sm_PolicyApi_WSFEDResourcePartner_t* next;
} Sm_PolicyApi_WSFEDResroucePartner_t;

Parameters

iStructId: ID of the structure in Sm_PolicyApi_Structs_t. Should be set to Sm_PolicyApi_WSFEDResourcePartner_ID.
pProp: Pointer to the linked list of Resource Partner properties.
next: Pointer to the next Resource Partner data in the linked list.

Exported Types

The Policy Management API includes various categories of exported data types, including:

Administrator Rights

Sm_PolicyApi_AdminRights_t enumerates the rights of the administrator. These values may be used individually or combined to set multiple rights. The resulting value is passed to Sm_PolicyApi_AddAdmin() as one of the attributes in a Sm_PolicyApi_Admin_t structure.

Name	Value
Sm_PolicyApi_AdminRights_ManageAllDomains	0x01
Sm_PolicyApi_AdminRights_ManageObjects	0x02
Sm_PolicyApi_AdminRights_ManageUsers	0x04
Sm_PolicyApi_AdminRights_ManageKeys	0x08
Sm_PolicyApi_AdminRights_ManagePasswordPolicy	0x08
Sm_PolicyApi_AdminRights_ManageReports	0x10

The following table shows how these values are used to set administrative privileges:

Scope	Task	Setting and Privilege(s)
System	Manage System & Domain Objects	To set the privileges below, set administrator rights to both of the following: Sm_PolicyApi_AdminRights_ManageAllDomains Sm_PolicyApi_AdminRights_ManageObjects Privileges: Create/edit/delete agents, agent groups, directories, policy domains, authentication schemes, agent types, ODBC setup, directory mappings, certificate mappings, and registration schemes. Create/delete parent realms in all domains. Create/edit/delete administrators. Flush all caches, including cached resources. Change global settings. All the privileges for Manage Domain Objects listed below.
Domains	Manage Domain Objects	To set the privileges below, set administrator rights to: Sm_PolicyApi_AdminRights_ManageObjects Privileges: In managed domains: create/edit/delete rules, rule groups, responses, response groups, policies. Edit top level realms in managed domains (not resource filters). Create/edit/delete nested realms in managed domains. Flush specific realms from the resource cache, and flush all resources (in privileged domains) from the cache.
System	View Reports	To set the privilege below, set administrator rights to both of the following: Sm_PolicyApi_AdminRights_ManageAllDomains Sm_PolicyApi_AdminRights_ManageUsers Privilege: View all system and domain reports.
Domains	View Reports	To set the privilege below, set administrator rights to: Sm_PolicyApi_AdminRights_ManageUsers Privilege: View reports for managed domains.
System	Manage Keys and Password Policies	To set the privileges below, set administrator rights to both of the following: Sm_PolicyApi_AdminRights_ManageAllDomains Sm_PolicyApi_AdminRights_ManageKeys Privileges: Create/edit/delete password policies. Manage keys.
Domains	Manage Password Policies	To set the privilege below, set administrator rights to: Sm_PolicyApi_AdminRights_ManagePasswordPolicy Privilege: Create/edit/delete password policies for users in directories attached to managed domains.
System	Manage Users	To set the privileges below, set administrator rights to both of the following: Sm_PolicyApi_AdminRights_ManageAllDomains Sm_PolicyApi_AdminRights_ManageReports Privileges: Flush all user session caches, or flush the user session cache of any individual user cache from any directory. Enable/disable users in any directory. Force password change on any user in any directory.
Domains	Manage Users	To set the privileges below, set administrator rights to: Sm_PolicyApi_AdminRights_ManageReports Privileges: Flush user session caches for individual users in directories attached to managed domains. Enable/disable users in directories attached to managed domains. Force password change on users in directories attached to managed domains.

Affiliate Attribute Types

Sm_PolicyApi_AffiliateAttrType_t enumerates the valid affiliate attribute types, for use in the affiliate functions to manipulate affiliate attributes.

Name	Value
Sm_PolicyApi_Affiliate_HTTP_Header_Variable	1
Sm_PolicyApi_Affiliate_HTTP_Cookie_Variable	2

Attribute Mode Types

Sm_PolicyApi_SAMLSPAttrMode_t enumerates the valid attribute retrieval types for use in SAML 2.0 Attribute Authority support:

Name	Value
Sm_PolicyApi_SAMLSP_SSO_Only	0
Sm_PolicyApi_SAMLSP_Attribute_Only	1

One of these values should be provided in the nMode element of the Sm_PolicyApi_SAMLSPAttr_t structure.

Authentication and Authorization Mapping Types

Sm_PolicyApi_AuthAzMapType_t enumerates the authentication and authorization mapping types.

Name	Value
Sm_PolicyApi_AuthAzMapType_DN	1
Sm_PolicyApi_AuthAzMapType_UniversalId	2
Sm_PolicyApi_AuthAzMapType_Attr	3

Certificate Mapping Attribute Types

Sm_PolicyApi_CertMapAttrType_t enumerates types of mapping that determine how an X.509 client certificate will map to the user information in the authentication directory.

Name	Value
Sm_PolicyApi_CertMapAttrType_Single	1
Sm_PolicyApi_CertMapAttrType_Custom	2
Sm_PolicyApi_CertMapAttrType_Exact	3

Certificate Mapping Directory Types

Sm_PolicyApi_DirType_t enumerates the types of directories that can be used to authenticate users.

Name	Value
Sm_PolicyApi_DirType_LDAP	1
Sm_PolicyApi_DirType_WinNT	2
Sm_PolicyApi_DirType_ODBC	3

Certificate Mapping Flags Definitions

Sm_PolicyApi_CertMapFlags_t enumerates flags that represent certificate mapping properties.

Flag	Value
Sm_PolicyApi_CertMapFlags_CertRequired Setting this flag causes SiteMinder to verify that the certificate presented by the user matches the certificate stored in the user's entry in the authentication directory. The authentication directory must be an LDAP user directory.	0x01
Sm_PolicyApi_CertMapFlags_UseDistributionPoints Set this flag if your Certificate Revocation List (CRL) uses distribution points. Large CRLs may contain multiple distribution points that can be used to locate a revoked user. Distribution points indicate a starting point in the CRL LDAP directory. The distribution point provides a starting point for a CRL check and saves the processing time that it would take to search the entire CRL for a particular user. When this flag is set, SiteMinder retrieves the distribution point from the user's certificate, then uses it to find the appropriate LDAP directory entry point for the CRL.	0x02
Sm_PolicyApi_CertMapFlags_VerifySignature Set this flag to enable signature verification, where the Policy Server checks the Certificate Authority's public certificate against a signature stored in the policy database.	0x04
Sm_PolicyApi_CertMapFlags_CRLCheck Set this flag to make SiteMinder perform a Certificate Revocation List check. A Certificate Revocation List (CRL) is a list of revoked X.509 client certificates published by the Certificate Authority. Comparing certificates against CRLs is one way to ensure that certificates are valid. When a user with such a certificate tries to access a protected resource, SiteMinder finds the user's certificate in the CRL and rejects the authentication.	0x08
Sm_PolicyApi_CertMapFlags_Cache Setting this flag causes SiteMinder to use cached CRL information until the date specified in the NextUpdate field in the CRL.	0x10

Directory Capabilities

Sm_PolicyApi_GetUserDirCapabilities() uses the values that are enumerated in Sm_DirectoryCapability_t, which is defined in SmApi.h.

Directory Capability	Value
Sm_DirCapability_CreatePasswordPolicy Capable of creating password policy. The following attributes are affected in the user directory (Sm_PolicyApi_UserDir_t): pszPasswordData, pszDisabledAttr, and pszPasswordAttribute.	0x00000001
Sm_DirCapability_CreateRegistrationPolicy Capable of creating registration policy. The following attributes are affected in the user directory (Sm_PolicyApi_UserDir_t): pszAnonymousId, pszEmailAddressAttr, pszChallengeRespAttr, and pszPasswordAttribute.	0x00000002
Sm_DirCapability_ResetUserPassword Capable of resetting the user password. This affects pszPasswordAttribute.	0x00000004
Sm_DirCapability_ChangeUserPassword Capable of changing the user password. This affects pszPasswordAttribute.	0x00000008
Sm_DirCapability_DisableUser Capable of disabling the user account. This affects pszDisabledAttr.	0x00000010
Sm_DirCapability_DmsCapable Capable of being written by the Delegated Management System (DMS).	0x00000020
Sm_DirCapability_Recursive Capable of supporting recursion.	0x00000040
Sm_DirCapability_DisabledAttr Read-Write disabled attribute. This attribute is configured for the user directory.	0x00100000
Sm_DirCapability_UniversalIdAttr Read-only Universal ID. This attribute is configured for the user directory.	0x00200000
Sm_DirCapability_AnonymousIdAttr Read-Write anonymous ID attribute. This attribute is configured for the user directory.	0x00400000
Sm_DirCapability_PasswordDataAttr Read-Write password data attribute. This attribute is configured for the user directory.	0x00800000
Sm_DirCapability_UserPasswordAttr Read-Write password attribute. This attribute is configured for the user directory.	0x01000000
Sm_DirCapability_EmailAddressAttr Read-only E-mail attribute. This attribute is configured for the user directory.	0x02000000
Sm_DirCapability_ChallengeRespAttr Read-Write Challenge and Response attribute. This attribute is configured for the user directory.	0x04000000

Note: Attribute masks are directory user profile attributes. They are available in the directory. Each attribute is read-only or read-write. Read-write attributes are not used by other applications.

Domain Flags

Sm_PolicyApi_DomainFlags_t enumerates flags pertaining to domain-wide influence.

Name	Value
Sm_PolicyApi_DomainFlags_GlobalPoliciesApply When this flag is set, the domain processes global policies for all realms in the domain. When this flag is not set, the domain does not process global policies.	0x02

Name

Value

Sm_PolicyApi_DomainFlags_GlobalPoliciesApply

When this flag is set, the domain processes global policies for all realms in the domain. When this flag is not set, the domain does not process global policies.

0x02

Group Types

Sm_PolicyApi_Groups_t enumerates the type of group for which you can perform group functions.

Name	Value
Sm_PolicyApi_NULL_Group_Prop	0
Sm_PolicyApi_Rule_Group_Prop	1
Sm_PolicyApi_Response_Group_Prop	2
Sm_PolicyApi_Agent_Group_Prop	3

IP Address Types

Sm_PolicyApi_IPAddressType_t enumerates the type of IP address restrictions that are defined for an object in Sm_PolicyApi_IPAddress_t.

IP Address Type	Value
Sm_PolicyApi_IPAddressType_SingleHost A single host IP address requires the following fields to be set: iStructId. IP Address data structure ID defined in Sm_PolicyApi_Structs_t. iIPAddressType. Set IP address type to be Sm_PolicyApi_IPAddressType_SingleHost. nIPAddress. The valid IP address. This IP address is specified in the long format.	1
Sm_PolicyApi_IPAddressType_HostName A host name IP address requires the following fields to be set: iStructId. IP Address data structure ID defined in Sm_PolicyApi_Structs_t. iIPAddressType. Set IP address type to be Sm_PolicyApi_IPAddressType_HostName. pszHostName[BFSIZE]. Host name of the machine that a user must be using for an action to occur-for example, for a policy to fire.	2
Sm_PolicyApi_IPAddressType_AddressAndSubNetMask A subnet mask requires the following fields to be set: iStructId. IP Address data structure ID defined in Sm_PolicyApi_Structs_t. iIPAddressType. Set IP address type to be Sm_PolicyApi_IPAddressType_AddressAndSubnetMask. nIPAddress. The valid IP address. This IP address is specified in the long format. nSubnetMask. Specify the subnet mask.	3
Sm_PolicyApi_IPAddressType_Range A range of IP addresses requires the following fields to be set: iStructId. IP Address data structure ID defined in Sm_PolicyApi_Structs_t. iIPAddressType. Set IP address type to be Sm_PolicyApi_IPAddressType_Range. nIPAddress. Starting IP address. This IP address is specified in the long format. nEndIPAddress. Ending IP address. This IP address is specified in the long format.	4

Management Commands

Sm_PolicyApi_ManagementCommands_t enumerates the values that can be passed to Sm_PolicyApi_ManagementCommand() for flushing caches, for managing agent encryption keys, and for shared secret rollover.

Initialize the structure to zero (memset) prior to setting any values. Use the symbolic enumerated values, rather than hard-coding integer command values.

The value is passed in the iCommand field of the structure Sm_PolicyApi_ManagementCommand_t.

Management Command	Value
Sm_PolicyApi_ManagementCommand_FlushAll Flushes all SiteMinder caches. Policy store cache, resource cache, and user information cache are flushed by this command. It does not require any data in the pszData field of Sm_PolicyApi_ManagementCommand_t.	1
Sm_PolicyApi_ManagementCommand_FlushUsers Flushes user information cache. It does not require any data in the pszData field of Sm_PolicyApi_ManagementCommand_t.	2
Sm_PolicyApi_ManagementCommand_FlushRealms Flushes resource cache. It does not require any data in the pszData field of Sm_PolicyApi_ManagementCommand_t.	3
Sm_PolicyApi_ManagementCommand_ChangeDynamicKeys Changes the dynamic agent key. It does not require any data in the pszData field of Sm_PolicyApi_ManagementCommand_t. Before you change a dynamic agent key through the C API, the Agent Key setting in the Policy Server Key Management dialog box must be set to Use dynamic Agent Key. To access this dialog box in the Policy Server UI, click Tools > Manage Keys. Then, in the Agent Key tab, select Use dynamic Agent Key.	4
Sm_PolicyApi_ManagementCommand_ChangePersistentKey Changes the persistent or static key. The data field pszData of Sm_PolicyApi_ManagementCommand_t structure may contain an optional key value. If pszData is empty, the persistent key is randomly generated.	5
Sm_PolicyApi_ManagementCommand_ChangeSessionKey Changes the session key. The data field pszData of Sm_PolicyApi_ManagementCommand_t structure may contain an optional key value. If pszData is empty, the session key is randomly generated.	6
Sm_PolicyApi_ManagementCommand_RolloverSharedSecrets Rolls over shared secrets for rollover-enabled trusted hosts.	7

Password Messages

Sm_PolicyApi_PasswordMsgId_t enumerates password message IDs.

Password messages describe the encoded error message returned to Sm_PolicyApi_SetPassword() when a new password does not satisfy the password policy requirements of the specified directory.

Password Message ID	Value
Sm_PolicyApi_PasswordMsgId_None	0
Sm_PolicyApi_PasswordMsgId_ChangePassword	1
Sm_PolicyApi_PasswordMsgId_PassswordGeneralFailure	1000
Sm_PolicyApi_PasswordMsgId_PasswordShort	1001
Sm_PolicyApi_PasswordMsgId_PasswordLong	1002
Sm_PolicyApi_PasswordMsgId_PasswordOldPasswordBad	1003
Sm_PolicyApi_PasswordMsgId_PasswordReuse	1004
Sm_PolicyApi_PasswordMsgId_PasswordSimilar	1005
Sm_PolicyApi_PasswordMsgId_PasswordRepeatingChars?	1006
Sm_PolicyApi_PasswordMsgId_PasswordDictionaryMatch	1007
Sm_PolicyApi_PasswordMsgId_PasswordContentLetters	1008
Sm_PolicyApi_PasswordMsgId_PasswordContentDigits	1009
Sm_PolicyApi_PasswordMsgId_PasswordContentAlphaNum	1010
Sm_PolicyApi_PasswordMsgId_PasswordContentPunctuation	1011
Sm_PolicyApi_PasswordMsgId_PasswordContentNonPrintable	1012
Sm_PolicyApi_PasswordMsgId_PasswordContentNonAlphaNum	1013
Sm_PolicyApi_PasswordMsgId_PasswordProfileMatch	1014
Sm_PolicyApi_PasswordMsgId_PasswordGraceDays	1015
Sm_PolicyApi_PasswordMsgId_PasswordSystemPIN	1016
Sm_PolicyApi_PasswordMsgId_PasswordUserMaxNumPIN	1017
Sm_PolicyApi_PasswordMsgId_PasswordUserMinMaxNumPIN	1018
Sm_PolicyApi_PasswordMsgId_PasswordUserMaxAlphaPIN	1019
Sm_PolicyApi_PasswordMsgId_PasswordUserMinMaxAlphaPIN	1020
Sm_PolicyApi_PasswordMsgId_PasswordAcceptPIN	1021
Sm_PolicyApi_PasswordMsgId_PasswordContentLowerAlpha	1022
Sm_PolicyApi_PasswordMsgId_PasswordContentUpperAlpha	1023
Sm_PolicyApi_PasswordMsgId_PasswordContentNoLowerAlpha	1024
Sm_PolicyApi_PasswordMsgId_PasswordContentNoUpperAlpha	1025
Sm_PolicyApi_PasswordMsgId_PasswordContentNoDigits	1026
Sm_PolicyApi_PasswordMsgId_PasswordContentNoPunctuation	1027
Sm_PolicyApi_PasswordMsgId_PasswordContentNoNonPrintable	1028
Sm_PolicyApi_PasswordMsgId_PasswordContentNoNonAlphaNum	1029
Sm_PolicyApi_PasswordMsgId_PasswordContentNoAlphaNum	1030
Sm_PolicyApi_PasswordMsgId_PasswordContentMatchRegExp	1031
Sm_PolicyApi_PasswordMsgId_PasswordContentNoMatchRegExp	1032
Sm_PolicyApi_PasswordMsgId_PasswordUserMinNumPIN	1033
Sm_PolicyApi_PasswordMsgId_PasswordUserDigitsPIN	1034
Sm_PolicyApi_PasswordMsgId_PasswordUserAlphaNumPIN	1035

Additional information about the error message is available in the password message field associated with the password message.

Password Message Fields

Sm_PolicyApi_PasswordMsgFieldId_t enumerates password message field IDs.

Password message fields contain additional information about the password messages described in the previous section. You can find this additional information in the structure Sm_PolicyApi_PasswordMsgField_t.

Password Message Field ID	Value
Sm_PolicyApi_PasswordMsgFieldId_None	0
Sm_PolicyApi_PasswordMsgFieldId_Min	1
Sm_PolicyApi_PasswordMsgFieldId_Max	2
Sm_PolicyApi_PasswordMsgFieldId_OldPW	3
Sm_PolicyApi_PasswordMsgFieldId_NewPW	4
Sm_PolicyApi_PasswordMsgFieldId_Days	5
Sm_PolicyApi_PasswordMsgFieldId_Token	6

Fields can be of type integer or string, or they can have no type.

Password Message Field Types

Sm_PolicyApi_FieldType_t enumerates the possible data types for the password message fields.

Password Message Field Type	Value
Sm_PolicyApi_FieldType_None	0
Sm_PolicyApi_FieldType_Int	1
Sm_PolicyApi_FieldType_String	2

Password Policy Behavior Flags

Sm_PasswordPolicyBehavior_t enumerates the behavioral characteristics of a password policy.

Password Policy Behavior Flag	Value
Sm_PasswordPolicy_DontTrackLogins This flag has been replaced in SiteMinder v6.0 SP3 by: Sm_PasswordPolicy_DontTrackSuccessLogins Sm_PasswordPolicy_DontTrackFailedLogins The new flags allow successful and failed logins to be tracked separately. Sm_PasswordPolicy_DontTrackLogins is currently maintained for backwards compatibility. If this flag is set, login tracking for successful and failed logins will not occur.	0x00000004
Sm_PasswordPolicy_AllowFailedWrites Allows users to log in even if password data cannot be written to the user directory.	0x00000008
Sm_PasswordPolicy_InactivityForcePWChange Forces a password change on the next login attempt after a user's password becomes invalid due to inactivity.	0x00000010
Sm_PasswordPolicy_PWExpiredForcePWChange Forces a password change on the next login attempt after a user's password expires.	0x00000020
Sm_PasswordPolicyBehavior_FullReenable If a user's account is disabled due to successive incorrect password entries, this flag re-enables the account after a given time period. Specify the time in the nReenablement field of Sm_PolicyApi_PasswordPolicy_t. If this flag is not set, the user is allowed another login attempt after the given nReenablement time period.	0x00000040
Sm_PasswordPolicy_StopPriorityChaining Prevents the evaluation of password policies with lower priority ratings than the current password policy.	0x00000080
Sm_PasswordPolicy_ExpireDisablePassword When the password expires, disable just the password and not the user account.	0x00000100
Sm_PasswordPolicy_FailuresDisablePassword When the maximum number of authentication failures are exceeded, disable just the password and not the user account.	0x00000200
Sm_PasswordPolicy_ForceCase Force the password's case that is specified through bit Sm_PasswordPolicy_CaseSelect.	0x00000400
Sm_PasswordPolicy_CaseSelect If Sm_PasswordPolicy_ForceCase is set, Sm_PasswordPolicy_ForceCase forces upper case passwords when set, and forces lower case passwords when cleared.	0x00000800
Sm_PasswordPolicy_CaseBits Sets both of the following bits (forces upper case passwords): Sm_PasswordPolicy_ForceCase Sm_PasswordPolicy_CaseSelect	0x00000c00
Sm_PasswordPolicy_StripLeadingWhiteSpace Removes any leading white space from the password.	0x00001000
Sm_PasswordPolicy_StripTrailingWhiteSpace Removes any trailing white space from the password.	0x00002000
Sm_PasswordPolicy_StripFlankingWhiteSpace Sets both of the following bits (strips leading and trailing white space): Sm_PasswordPolicy_StripLeadingWhiteSpace Sm_PasswordPolicy_StripTrailingWhiteSpace	0x00003000
Sm_PasswordPolicy_StripEmbeddedWhiteSpace Removes all white space within the password.	0x00004000
Sm_PasswordPolicy_WhiteSpaceBits Sets all of the following bits (strips leading, trailing, and embedded white space): Sm_PasswordPolicy_StripLeadingWhiteSpace Sm_PasswordPolicy_StripTrailingWhiteSpace Sm_PasswordPolicy_StripEmbeddedWhiteSpace	0x00007000
Sm_PasswordPolicy_PreProcessBits Sets all of the following bits (forces upper case passwords and strips leading, trailing, and embedded white space): Sm_PasswordPolicy_ForceCase Sm_PasswordPolicy_CaseSelect Sm_PasswordPolicy_StripLeadingWhiteSpace Sm_PasswordPolicy_StripTrailingWhiteSpace Sm_PasswordPolicy_StripEmbeddedWhiteSpace	0x00007c00
Sm_PasswordPolicy_DontTrackSuccessLogins Performs directory updates at login time. When this flag is not set, the password policy tracks successful user logins, including the time of the last login.	0x00008000
Sm_PasswordPolicy_DontTrackFailedLogins Performs directory updates at login time. When this flag is not set, the password policy tracks unsuccessful user login attempts.	0x00010000

Note: Values 0x00000400 through 0x00007c00 apply to password preprocessing. During preprocessing, the password is checked before it is processed or stored.

Policy Flags

Sm_PolicyApi_AddUsersToPolicy() uses the following values (which are defined in SmApi.h):

Flag	Value
Sm_PolicyBehavior_Exclude_Mask Bit 0x01 determines whether user policy excludes or includes 'users.'	0x01
Sm_PolicyBehavior_Exclude_No	0x00
Sm_PolicyBehavior_Exclude_Yes	0x01
Sm_PolicyBehavior_Recursive_Mask Bit 0x02 determines whether user policy is recursive. This is applicable to directory object classes that can be nested.	0x02
Sm_PolicyBehavior_Recursive_No	0x00
Sm_PolicyBehavior_Recursive_Yes	0x02
Sm_PolicyBehavior_AND_Mask Bit 0x04 determines whether the user policy has an AND relationship between user policies. This is applicable to user policies that are members of a particular user directory within the policy.	0x04
Sm_PolicyBehavior_AND_No	0x00
Sm_PolicyBehavior_AND_Yes	0x04

Policy Management API Initialization Flags

Sm_PolicyApi_InitFlags_t enumerates the initialization flags used by Sm_PolicyApi_Init(). These flags affect API behavior.

Flag	Value
Sm_PolicyApi_InitFlags_EnableCache Enables caching of policy store, resource, and user information to ensure that SiteMinder responds quickly to user requests.	0x01
Sm_PolicyApi_InitFlags_PreLoadCache Enables the Policy Management API to preload the SiteMinder caches. Note: By omitting this flag, you can reduce the time it takes for custom Policy Management applications to make policy store changes.	0x02
Sm_PolicyApi_InitFlags_LoadAgentTypeDictionary Enables the Policy Management API to preload the SiteMinder agent type dictionary.	0x04
Sm_PolicyApi_InitFlags_DisableValidation Disables validation of policy objects.	0x08
Sm_PolicyApi_InitFlags_DisableAudit Disables: Auditing of user activity, including authentication, authorization, and administration activities. (Administration activities include changes to the policy store.) Monitoring of user sessions.	0x10
Sm_PolicyApi_InitFlags_DisableCacheUpdates Disables cache updates. If cache updates are not disabled and Sm_PolicyApi_InitFlags_EnableCache is turned off, the Policy Management API will still issue the cache updates.	0x20
Sm_PolicyApi_InitFlags_DisableManagementWatchDog Disables the SiteMinder management watchdog. The watchdog is enabled by default. The watchdog is used internally and should not be disabled.	0x40

Policy Object IDs

Sm_PolicyApi_Objects_t describes the policy store properties that can be retrieved, set, and removed.

Note: Sm_PolicyApi_NULL_Domain_Props, value 0, is reserved.

The following table lists the domain object type values that can be passed to Sm_PolicyApi_GetDomainObjects():

Name	Value
Sm_PolicyApi_Rule_Prop	1
Sm_PolicyApi_RuleGroup_Prop	2
Sm_PolicyApi_Policy_Prop	3
Sm_PolicyApi_PolicyLink_Prop	4
Sm_PolicyApi_UserPolicy_Prop	5
Sm_PolicyApi_Realm_Prop	6
Sm_PolicyApi_ResponseGroup_Prop	7
Sm_PolicyApi_Response_Prop	8
Sm_PolicyApi_ResponseAttr_Prop	9
Sm_PolicyApi_UserDir_Prop	10
Sm_PolicyApi_Admins_Prop	17
Sm_PolicyApi_ActiveExpr_Prop	23
Sm_PolicyApi_Variable_Prop	25
Sm_PolicyApi_Affiliate_Prop	33
Sm_PolicyApi_SAMLSP_Prop	35

The following table lists the global object type names that can be passed to Sm_PolicyApi_GetGlobalObjects():

Name	Value
Sm_PolicyApi_Rule_Prop	1
Sm_PolicyApi_Policy_Prop	3
Sm_PolicyApi_Response_Prop	8
Sm_PolicyApi_UserDir_Prop	10
Sm_PolicyApi_Scheme_Prop Object ID for an authentication scheme.	11
Sm_PolicyApi_Agent_Prop	12
Sm_PolicyApi_AgentGroup_Prop	13
Sm_PolicyApi_AgentType_Prop	14
Sm_PolicyApi_AgentTypeAttr_Prop	15
Sm_PolicyApi_Domain_Prop	16
Sm_PolicyApi_Admins_Prop	17
Sm_PolicyApi_ODBCQueryScheme_Prop	18
Sm_PolicyApi_RegistrationScheme_Prop	19
Sm_PolicyApi_PasswordPolicy_Prop	20
Sm_PolicyApi_AuthAzMap_Prop Object ID for an authentication-authorization object.	21
Sm_PolicyApi_CertMap_Prop Object ID for a certification-mapping object.	22
Sm_PolicyApi_VariableType_Prop	24
Sm_PolicyApi_TrustedHost_Prop	26
Sm_PolicyApi_HostConfig_Prop	27
Sm_PolicyApi_AgentConfig_Prop	28
Sm_PolicyApi_Association_Prop Object ID for a configuration name/value pair in an agent configuration object.	29
Sm_PolicyApi_AffiliateDomain_Prop	32
Sm_PolicyApi_SharedSecretPolicy_Prop	34
Sm_PolicyApi_SAMLIdP_Prop	36
Sm_PolicyApi_SAMLAffiliation_Prop	37
Sm_PolicyApi_WSFEDResourcePartner_Prop	38

Policy Resolutions

Sm_PolicyResolution_t, defined in SmApi.h, enumerates the values that describe the relationship between two policy objects.

More Information:

Sm_PolicyResolution_t

Return Codes

The value codes that can be returned by the API are enumerated in Sm_PolicyApi_Status_t. The values have the following significance:

A zero return code indicates success.
Negative return codes indicate failure.

Most of the code names are self-explanatory. However, note that Sm_PolicyApi_BadArgument (-10) is returned when one or more of the required input parameters is not supplied. For example, if an argument such as a domain OID is null or represents a string of zero length, Sm_PolicyApi_BadArgument is returned to the caller.

Return codes with values less than -100 (except for Sm_PolicyApi_NotUnique, value -105) will rarely be returned by this API. They are included for completeness.

Return Code	Value
Sm_PolicyApi_Success	0
Sm_PolicyApi_Failure	-1
Sm_PolicyApi_InvalidHandle	-2
Sm_PolicyApi_ErrorLogin	-3
Sm_PolicyApi_NoPrivilege	-4
Sm_PolicyApi_InvalidPasswordSyntax	-5
Sm_PolicyApi_InvalidPassword	-6
Sm_PolicyApi_DuplicateEntry	-7
Sm_PolicyApi_DoesNotExist	-8
Sm_PolicyApi_NotFound	-9
Sm_PolicyApi_BadArgument	-10
Sm_PolicyApi_WrongNumberOfElements	-11
Sm_PolicyApi_UserDirNotPartOfDomain	-12
Sm_PolicyApi_UserDirNotValid	-13
Sm_PolicyApi_ErrorUserDir	-14
Sm_PolicyApi_AgentNotFound	-15
Sm_PolicyApi_AgentTypeNotFound	-16
Sm_PolicyApi_AgentTypeAttrNotFound	-17
Sm_PolicyApi_AgentTypeMismatch	-18
Sm_PolicyApi_ODBCQuerySchemeNotFound	-19
Sm_PolicyApi_UserDirNotFound	-20
Sm_PolicyApi_DomainNotFound	-21
Sm_PolicyApi_AdminNotFound	-22
Sm_PolicyApi_SchemeNotFound	-23
Sm_PolicyApi_RegistrationSchemeNotFound	-24
Sm_PolicyApi_PasswordPolicyNotFound	-25
Sm_PolicyApi_SchemeIsRequired	-26
Sm_PolicyApi_PasswordPolicyConfig	-27
Sm_PolicyApi_RealmNotFound	-28
Sm_PolicyApi_NoChildren	-29
Sm_PolicyApi_RuleNotFound	-30
Sm_PolicyApi_ResponseNotFound	-31
Sm_PolicyApi_ResponseAttrNotFound	-32
Sm_PolicyApi_PolicyNotFound	-33
Sm_PolicyApi_PolicyLinkNotFound	-34
Sm_PolicyApi_UserPolicyNotFound	-35
Sm_PolicyApi_BadGroup	-36
Sm_PolicyApi_GroupNotFound	-37
Sm_PolicyApi_Invalid	-38
Sm_PolicyApi_InvalidHandleVersion	-39
Sm_PolicyApi_DomainNotAffiliate	-41
Sm_PolicyApi_InvalidOid	-100
Sm_PolicyApi_NotImplemented	-101
Sm_PolicyApi_NotSearchable	-102
Sm_PolicyApi_NotStorable	-103
Sm_PolicyApi_NotCollection	-104
Sm_PolicyApi_NotUnique	-105
Sm_PolicyApi_InvalidProp	-106
Sm_PolicyApi_NotInitted	-107
Sm_PolicyApi_NoSession	-108
Sm_PolicyApi_OidInUseByRealm	-109
Sm_PolicyApi_OidInUseByRule	-110
Sm_PolicyApi_OidInUseByAdmin	-111
Sm_PolicyApi_MissingProperty	-112
Sm_PolicyApi_GroupMemberName	-113
Sm_PolicyApi_RadiusIpAddrNotUnique	-114
Sm_PolicyApi_GroupAgentType	-115
Sm_PolicyApi_RadiusRealmNotUnique	-116
Sm_PolicyApi_RealmFilterNotUnique	-117
Sm_PolicyApi_InvalidCharacters	-118
Sm_PolicyApi_AgentTypeCantBeDeleted	-119
Sm_PolicyApi_ProvNotImplemented	-120
Sm_PolicyApi_ProvNotUnique	-121
Sm_PolicyApi_RealmCantBeUsedInRule	-122
Sm_PolicyApi_OidInUserByCertMap	-123
Sm_PolicyApi_OidInUseBySelfReg	-124
Sm_PolicyApi_OidInUseByUserDirectory	-125
Sm_PolicyApi_SchemeCantBeDeleted	-126
Sm_PolicyApi_BasicSchemeUpdate	-127
Sm_PolicyApi_NonHtmlForm	-128
Sm_PolicyApi_IllegalRealmOperation	-129
Sm_PolicyApi_NameNotUnique	-130
Sm_PolicyApi_FeatureNotSupported	-132
Sm_PolicyApi_AssertionConsumerDefaultMissing	-133
Sm_PolicyApi_SAMLSP_AuthenticationURLMissing	-134
Sm_PolicyApi_SAMLSP_DomainOidMissing	-135
Sm_PolicyApi_SAMLSP_IdPIDMissing	-136
Sm_PolicyApi_SAMLSP_NameMissing	-137
Sm_PolicyApi_SAMLSP_NameIdFormatMissing	-138
Sm_PolicyApi_SAMLSP_NameIdTypeMissing	-139
Sm_PolicyApi_SAMLSP_NameIdStaticMissing	-140
Sm_PolicyApi_SAMLSP_NameIdAttrNameMissing	-141
Sm_PolicyApi_SAMLSP_NameIdDNSpecMissing	-142
Sm_PolicyApi_SAMLSP_ProviderIDMissing	-143
Sm_PolicyApi_SAMLSP_ProviderIDNotUnique	-144
Sm_PolicyApi_SAML_UnSupportedSAMLVersion	-145
Sm_PolicyApi_SAMLIDP_IncorrectParameters	-146
Sm_PolicyApi_SAMLIDP_ProviderIDNotUnique	-147
Sm_PolicyApi_SAMLAFF_NameMissing	-148
Sm_PolicyApi_SAMLAFF_NameIdFormatMissing	-149
Sm_PolicyApi_SAMLAFF_NameIdTypeMissing	-150
Sm_PolicyApi_SAMLAFF_NameIdStaticMissing	-151
Sm_PolicyApi_SAMLAFF_NameIdAttrNameMissing	-152
Sm_PolicyApi_SAMLAFF_NameIdDNSpecMissing	-153
Sm_PolicyApi_SAMLAFF_AffiliationIDMissing	-154
Sm_PolicyApi_SAMLAFF_AffiliationIDNotUnique	-155
Sm_PolicyApi_SAMLAFF_AffiliationHasMembers	-156
Sm_PolicyApi_SAML_UnknownProperty	-157
Sm_PolicyApi_WSFEDRP_AssertionConsumerDefaultMissing	-158
Sm_PolicyApi_WSFEDRP_AuthenticationURLMissing	-159
Sm_PolicyApi_WSFEDRP_DomainOidMissing	-160
Sm_PolicyApi_WSFEDRP_APIDMissing	-161
Sm_PolicyApi_WSFEDRP_NameMissing	-162
Sm_PolicyApi_WSFEDRP_NameIdFormatMissing	-163
Sm_PolicyApi_WSFEDRP_NameIdTypeMissing	-164
Sm_PolicyApi_WSFEDRP_NameIdStaticMissing	-165
Sm_PolicyApi_WSFEDRP_NameIdAttrNameMissing	-166
Sm_PolicyApi_WSFEDRP_NameIdDNSpecMissing	-167
Sm_PolicyApi_WSFEDRP_ProviderIdMissing	-168
Sm_PolicyApi_WSFEDRP_ProviderIdNotUnique	-169
Sm_PolicyApi_WSFEDRP_UnsupportedSAMLVersion	-170
Sm_PolicyApi_WSFEDRP_UnkownProperty	-171
Sm_PolicyApi_WSFEDAP_IncorrectParameters	-172
Sm_PolicyApi_WSFEDAP_ProviderIDNotUnique	-173
Sm_PolicyAPI_InsufficientRPData	-174
Sm_PolicyAPI_WSFED_UnSupportedWSFEDVersion	-175
Sm_PolicyAPI_DuplicateAttribute	-176
Sm_PolicyAPI_SAMLSP_ACSDuplicateIndex	-177
Sm_PolicyAPI_SAMLSP_ACSIndexedEndpointInUse	-178
Sm_PolicyAPI_SAMLSP_ACSIndexedEndpointNotFound	-179
Sm_PolicyAPI_SAMLSP_CantDeleteDefaultACSIndex	-180
Sm_PolicyAPI_SAMLSP_ACSMaxExceeded	-181
Sm_PolicyAPI_InConsistentANDBitMask	-182

SAML1x Redirect URL Types

Sm_PolicyApi_SAML1_STATUS_REDIRECT_URL_TYPE_t defines the type of redirection specified in Sm_PolicyApi_AddRedirectURLToSAML1xScheme() and Sm_PolicyApi_GetRedirectURLFromSAML1xScheme().

Sm_PolicyApi_SAML1_STATUS_REDIRECT_URL_TYPE_t is listed in SmPolicyApi45.h.

Name	Value
Sm_PolicyApi_SAML1_STATUS_REDIRECT_URL_USER_NOT_FOUND_TYPE	0
Sm_PolicyApi_SAML1_STATUS_REDIRECT_URL_INVALID_SSO	1
Sm_PolicyApi_SAML1_STATUS_REDIRECT_URL_UNACCEPTABLE_USER_ CREDENTIALS	2

SAML Assertion Consumer Service Bindings

The following values are the SAML Protocol Bindings that can be specified for each row of the Assertion Consumer Service:

Name	Value
Sm_PolicyApi_SAMLSP_HTTP_Post	0
Sm_PolicyApi_SAMLSP_HTTP_Artifact	1
Sm_PolicyApi_SAMLSP_PAOS	2

SAML Attribute Name Format Identifiers

Sm_PolicyApi_SAMLSPAttrNameFormat_t defines the format to use for specifying attributes that apply to a principal. The format specification is made within the structure Sm_PolicyApi_SAMLSPAttr_t.

The format identifiers are defined by the SAML 2.0 standard.

Sm_PolicyApi_SAMLSPAttrNameFormat_t is listed in SmPolicyApi45.h.

Name	Value
Sm_PolicyApi_SAMLSP_Unspecified	0
Sm_PolicyApi_SAMLSP_URI	1
Sm_PolicyApi_SAMLSP_Basic	2

SAML Profiles

Sm_PolicyApi_SAML_Profile_t specifies the communication profile used to send and receive a SAML assertion for a particular affiliate object. The profile is specified as one of the attributes of a Sm_PolicyApi_Affiliate_t structure. Sm_PolicyApi_SAML_Profile_t is listed in SmPolicyApi45.h.

Name	Value
Sm_PolicyApi_SAML_Profile_Artifact	1
Sm_PolicyApi_SAML_Profile_POST	2

Scheme Types

Sm_Api_SchemeType_t describes the values that may be passed to Sm_PolicyApi_AddScheme() as one of the attributes of a SmPolicyApi_Scheme_t structure. Sm_Api_SchemeType_t is listed in SmApi.h.

Scheme Type	Value
Sm_Api_SchemeType_Basic	1
Sm_Api_SchemeType_CryptoCard	2
Sm_Api_SchemeType_Encotone	3
Sm_Api_SchemeType_HTMLForm	4
Sm_Api_SchemeType_BasicOverSSL	5
Sm_Api_SchemeType_RadiusServer	6
Sm_Api_SchemeType_SafeWordServer	7
Sm_Api_SchemeType_ACEServer	8
Sm_Api_SchemeType_X509ClientCert	9
Sm_Api_SchemeType_X509ClientCertAndBasic	10
Sm_Api_SchemeType_X509ClientCertOrBasic	11
Sm_Api_SchemeType_RadiusChapPap	12
Sm_Api_SchemeType_Anonymous	13
Sm_Api_SchemeType_NTLM	14
Sm_Api_SchemeType_Custom	15
Sm_Api_SchemeType_ACEServerHTMLForm	16
Sm_Api_SchemeType_SafeWordHTMLForm	17
Sm_Api_SchemeType_XMLDsig	18
Sm_Api_SchemeType_X509ClientCertOrForm	19
Sm_Api_SchemeType_X509ClientCertAndForm	20
Sm_Api_SchemeType_MSPassport	21
Sm_Api_SchemeType_XMLDocumentCredentialCollector	22
Sm_Api_SchemeType_SAMLSessionTicket	25
Sm_Api_SchemeType_SAMLArtifact	26
Sm_Api_SchemeType_Impersonation	27
Sm_Api_SchemeType_SAMLPOST	28
Sm_Api_SchemeType_SAML2	29
Sm_Api-SchemeType_WSFED	30

Shared Secret Rollover Parameters

Sm_PolicyApi_SecretRolloverPeriod_t enumerates the units of time which, when combined with the rollover frequency setting, determines how often shared secret rollover occurs. For example a rollover period of RolloverHOURS and a frequency of 12 means that the shared secret is changed every 12 hours.

The rollover period is defined in the iRolloverPeriod field of structure Sm_PolicyApi_SharedSecretPolicy_t, and the frequency is defined in the iRolloverFrequency field of the structure.

Name	Value
RolloverNEVER	0
RolloverHOURS	1
RolloverDAYS	2
RolloverWEEKS	3
RolloverMONTHS	4

Structure IDs

Sm_PolicyApi_Structs_t enumerates the data structures that can be passed to and from the Policy Management API as follows:

Name	Value
Sm_PolicyApi_NULL_ID	0
Sm_PolicyApi_Rule_ID	1
Sm_PolicyApi_Policy_ID	2
Sm_PolicyApi_Realm_ID	3
Sm_PolicyApi_Response_ID	4
Sm_PolicyApi_UserDir_ID	5
Sm_PolicyApi_Agent_ID	6
Sm_PolicyApi_Domain_ID	7
Sm_PolicyApi_PolicyLink_ID	8
Sm_PolicyApi_ResponseAttr_ID	9
Sm_PolicyApi_User_ID	10
Sm_PolicyApi_Scheme_ID	11
Sm_PolicyApi_Admin_ID	12
Sm_PolicyApi_Group_ID	13
Sm_PolicyApi_ODBCQueryScheme_ID	14
Sm_PolicyApi_Object_ID	15
Sm_PolicyApi_AgentType_ID	16
Sm_PolicyApi_AgentTypeAttr_ID	17
Sm_PolicyApi_RegistrationScheme_ID	18
Sm_PolicyApi_PasswordPolicy_ID	19
Sm_PolicyApi_IPAddress_ID	20
Sm_PolicyApi_AuthAzMap_ID	21
Sm_PolicyApi_CertMap_ID	22
Sm_PolicyApi_PasswordMsgField_ID	23
Sm_PolicyApi_VariableType_ID	25
Sm_PolicyApi_Variable_ID	26
Sm_PolicyApi_TrustedHost_ID	27
Sm_PolicyApi_HostConfig_ID	28
Sm_PolicyApi_AgentConfig_ID	29
Sm_PolicyApi_Association_ID	30
Sm_PolicyApi_UserContext_ID	31
Sm_PolicyApi_Affiliate_ID	36
Sm_PolicyApi_AffiliateAttr_ID	37
Sm_PolicyApi_SharedSecretPolicy_ID	38
Sm_PolicyApi_UserContext_ID	40
Sm_PolicyApi_SAMLSP_ID	41
Sm_PolicyApi_SAMLProviderProp_ID	42
Sm_PolicyApi_SAMLAffiliation_ID	43
Sm_PolicyApi_SAMLSPAttr_ID	44
Sm_PolicyApi_WSFEDResourcePartner_ID	45
Sm_PolicyApi_WSFEDProviderProp_ID	46
Sm_PolicyApi_WSFEDRPAttr_ID	47
Sm_PolicyApi_SAMLRequesterAttr_ID	48
Sm_PolicyApi_SAMLSPAssertionConsumerService_ ID	49

Structure of a Policy Application

Policy applications must perform the following operations:

Initialization: Sm_PolicyApi_Init() or Sm_PolicyApi_InitEx() must be the first function called by the API client session. The function initializes the connection to the SiteMinder policy store and establishes the init handle. (The init handle is passed in calls to Sm_PolicyApi_Login() and Sm_PolicyApi_Release().)
Login: Sm_PolicyApi_Login() must be called after initialization and before making calls to the other functions in the API. This function can check the administrator's login credentials (username and password) or the administrator's validity.
If the administrator is authenticated, the function initializes internal data structures and resources. Once the administrator is logged in, the Policy Server initializes a handle that is used as an input parameter to subsequent Policy Management API functions. Sm_PolicyApi_Login() can be called more than once during the client session.
Logout: Sm_PolicyApi_Logout() logs out the administrator.
Release: Sm_PolicyApi_Release() must be the last function called by the API client session. It disconnects from the policy store and releases memory and resources held by the API. This function must be called once per client session. Failure to call this function will result in a memory leak.

Functions by Category in the Policy Management API

Most of the functions in the Policy Management API are categorized according to the SiteMinder policy store object (for example, an agent, policy, or rule) that a given function acts upon. There are additional categories-required functions, user state functions, and utility functions such as cache and agent encryption key management-that are categorized by the type of service that certain functions perform.

Use these categories to help you find a particular Policy Management API function to use in your custom policy management applications.

The categories of Policy Management API functions include:

Required Functions
Administrator Functions
Agent Functions
Agent Configuration Functions
Authentication/Authorization Map Functions
Authentication Scheme Functions
Certificate Mapping Functions
Domain Functions
Federation Functions
General Object Functions
Group Functions
ODBC Query Scheme Functions
Password Policy Functions
Policy Functions
Realm Functions
Registration Scheme Functions
Regular Expression Functions
Response Functions
Rule Functions
SAML 2.0 Attribute Authority Functions
SAML 2.0 Configuration Functions
SAML 2.0 Indexed Endpoint Functions
User Directory Functions
User and User State Functions
User Password State Functions
Utility Functions
Variable Functions
WS-Federation Functions

Required Functions

The following functions must be used in all policy management applications:

Function	Description
Sm_PolicyApi_Init()	Initializes the connection to the Policy Server.
Sm_PolicyApi_InitEx()	Initializes a connection to the SiteMinder policy store and establishes the init handle based on a supplied version. Required for clients starting at version SM_POLICY_API_VERSION_6_0.
Sm_PolicyApi_Login()	Authenticates the administrator.
Sm_PolicyApi_Logout()	Logs out the administrator.
Sm_PolicyApi_Release()	Disconnects from the Policy Server and releases memory and resources held by the API.

Administrator Functions

The following functions manage SiteMinder administrator objects:

Function	Description
Sm_PolicyApi_AddAdmin()	Creates or updates an administrator object.
Sm_PolicyApi_AddAdminToDomain()	Gives the administrator permission to administer the specified domain.
Sm_PolicyApi_DeleteAdmin()	Deletes an administrator.
Sm_PolicyApi_GetAdmin()	Gets the contents of an administrator by object identifier.
Sm_PolicyApi_GetAdminByName()	Gets the contents of an administrator by name.
Sm_PolicyApi_GetGlobalPolicyByName()	Gets a specified global policy by name.
Sm_PolicyApi_GetGlobalResponseByName()	Gets a specified global response by name.
Sm_PolicyApi_GetGlobalRuleByName()	Gets a specified global rule by name.
Sm_PolicyApi_RemoveAdminFromDomain()	Disassociates the administrator from the specified domain.

Agent Functions

The following functions manage SiteMinder agent objects.

Note: There is no facility for creating Agent Types or Agent Type attributes.

Function	Description
Sm_PolicyApi_AddAgent()	Creates or updates an agent object.
Sm_PolicyApi_ConvertFromLegacyAgent()	Converts a v4.x agent to a v5.x agent.
Sm_PolicyApi_ConvertToLegacyAgent()	Converts a v5.x agent to a v4.x agent.
Sm_PolicyApi_DeleteAgent()	Deletes an agent.
Sm_PolicyApi_GetAgent()	Gets the contents of an agent by OID.
Sm_PolicyApi_GetAgentByName()	Gets the contents of an agent by name.
Sm_PolicyApi_GetAgentType()	Gets the contents of an agent type object by OID.
Sm_PolicyApi_GetAgentTypeByName()	Gets the contents of an agent type object by name.
Sm_PolicyApi_GetAgentTypeAttr()	Returns one or all agent type attributes.
Sm_PolicyApi_GetAgentTypeAttrByName()	Returns named agent type attribute object.

Agent Configuration Functions

The following functions manage configuration objects (agent configuration objects, host configuration objects, and trusted host objects) for centrally configuring agents.

Trusted hosts are created in any of the following ways:

During agent installation
Through the command line using the smreghost tool. For information about using this tool, see Web Agent Installation Guide.
Through the Sm_PolicyApi_AddTrustedHost() function.

Function	Description
Sm_PolicyApi_AddAgentConfig()	Adds or modifies an agent configuration object.
Sm_PolicyApi_AddAgentConfigAssociation()	Adds or modifies a configuration parameter name and corresponding value in a specified agent configuration object.
Sm_PolicyApi_AddHostConfig()	Adds or modifies a host configuration object.
Sm_PolicyApi_AddTrustedHost()	Creates or modifies a trusted host object in the object store when there is no connection between the agent and the Policy Server.
Sm_PolicyApi_DeleteAgentConfig()	Deletes an agent configuration object.
Sm_PolicyApi_DeleteHostConfig()	Deletes a host configuration object.
Sm_PolicyApi_DeleteTrustedHost()	Deletes a trusted host object.
Sm_PolicyApi_GetAgentConfig()	Retrieves an agent configuration object.
Sm_PolicyApi_GetAgentConfigAssociations()	Retrieves a list of configuration parameters for an agent configuration object.
Sm_PolicyApi_GetAgentConfigByName()	Retrieves an agent configuration object by name.
Sm_PolicyApi_GetHostConfig()	Retrieves a host configuration object.
Sm_PolicyApi_GetHostConfigByName()	Retrieves a host configuration object by name.
Sm_PolicyApi_GetSharedSecretPolicy()	Retrieves the current shared secret policy.
Sm_PolicyApi_GetTrusted Host()	Retrieves a trusted host object by OID.
Sm_PolicyApi_GetTrustedHostByName()	Retrieves a trusted host object by name.
Sm_PolicyApi_RemoveAgentConfigAssociation()	Removes a configuration parameter name/value pair from a specified agent configuration object.
Sm_PolicyApi_SetSharedSecretPolicy()	Sets the current SharedSecretPolicy.

Authentication/Authorization Map Functions

The following functions manage SiteMinder authentication and authorization directory mapping objects:

Function	Description
Sm_PolicyApi_CreateAuthAzMap()	Creates or updates an authentication and authorization directory mapping object.
Sm_PolicyApi_DeleteAuthAzMap()	Deletes an authentication and authorization directory map.
Sm_PolicyApi_GetAuthAzMap()	Gets the contents of an authentication and authorization directory map.

Authentication Scheme Functions

The following functions manage SiteMinder authentication schemes:

Function	Description
Sm_PolicyApi_AddScheme()	Creates or updates an authentication scheme.
Sm_PolicyApi_DeleteScheme()	Deletes an authentication scheme.
Sm_PolicyApi_GetScheme()	Gets the contents of an authentication scheme by OID.
Sm_PolicyApi_GetSchemeByName()	Gets the contents of an authentication scheme by name.

Certificate Mapping Functions

The following functions manage SiteMinder certificate mapping objects:

Function	Description
Sm_PolicyApi_CreateCertMap()	Creates or updates a certificate mapping object.
Sm_PolicyApi_DeleteCertMap()	Deletes a certificate map.
Sm_PolicyApi_GetCertMap()	Gets the contents of a certificate map.

Domain Functions

The following functions manage SiteMinder domain objects:

Function	Description
Sm_PolicyApi_AddDomain()	Creates or updates a domain.
Sm_PolicyApi_DeleteDomain()	Deletes the domain and any domain children (rules, responses, realms, and policies).
Sm_PolicyApi_GetDomain()	Gets the contents of the domain by OID.
Sm_PolicyApi_GetDomainByName()	Gets the contents of a specified domain by name.
Sm_PolicyApi_GetDomainObjects()	Gets the OIDs of domain objects for a specified object type within the specified domain.

Federation Functions

The following functions support the manipulation of Policy Store data (Affiliate Domain and Affiliate objects) required to generate SAML assertions.

Function	Description
Sm_PolicyApi_AddAdminToAffiliateDomain()	Adds an administrator to an affiliate domain.
Sm_PolicyApi_AddAffiliate()	Creates a new or update an existing affiliate object.
Sm_PolicyApi_AddAffiliateDomain()	Creates a new or updates an existing affiliate domain.
Sm_PolicyApi_AddAttributeToAffiliate()	Adds a new attribute to an affiliate.
Sm_PolicyApi_AddUserDirToAffiliateDomain()	Adds a user directory to an affiliate domain.
Sm_PolicyApi_AddUsersToAffiliate()	Adds a user directory entry to an affiliate.
Sm_PolicyApi_DeleteAffiliate()	Deletes an affiliate.
Sm_PolicyApi_DeleteAffiliateDomain()	Deletes an affiliate domain.
Sm_PolicyApi_GetAffiliate()	Gets an affiliate by OID.
Sm_PolicyApi_GetAffiliateByName()	Gets and affiliate by name.
Sm_PolicyApi_GetAffiliateDomain()	Gets an affiliate domain by OID.
Sm_PolicyApi_GetAffiliateDomainByName()	Gets an affiliate domain by name
Sm_PolicyApi_GetAffiliateDomainObjects()	Gets the OIDs of domain objects for a given object type within the affiliate domain.
Sm_PolicyApi_GetAffiliateDomainUserDirSearchOrder()	Gets the user directory search order for an affiliate domain.
Sm_PolicyApi_GetAffiliateUsers()	Gets the user directory entries for an affiliate.
Sm_PolicyApi_GetAllAffiliateAttributes()	Gets all attributes for an affiliate.
Sm_PolicyApi_GetAllAffiliates()	Gets all affiliates for an affiliate domain.
Sm_PolicyApi_GetGlobalObjects()	Gets affiliate domains. (Not exclusively a Federation function.)
Sm_PolicyApi_InitEx()	See Required Functions.
Sm_PolicyApi_RemoveAdminFromAffiliateDomain()	Removes an administrator from an affiliate domain.
Sm_PolicyApi_RemoveAttributeFromAffiliate()	Removes an attribute from an affiliate.
Sm_PolicyApi_RemoveUserDirFromAffiliateDomain()	Removes a user directory from an affiliate domain.
Sm_PolicyApi_RemoveUsersFromAffiliate()	Removes a user directory entry from an affiliate.
Sm_PolicyApi_SetAffiliateDomainUserDirSearchOrder()	Sets the user directory search order for an affiliate domain.

General Object Functions

The following functions act on multiple types of SiteMinder objects:

Function	Description
Sm_PolicyApi_GetGlobalObjects()	Gets the OIDs of global objects for a specified object type.
Sm_PolicyApi_RenameObject()	Renames an object.

Group Functions

The following functions manage SiteMinder group objects. You can create agent groups, response groups, and rule groups, as enumerated in Sm_PolicyApi_Groups_t.

Note: Groups of global objects are not supported.

A group can contain individual items or groups of its own type. For example, a rule group can contain rules and/or groups of rules.

Function	Description
Sm_PolicyApi_AddGroup()	Creates or updates an agent, response, or rule group object.
Sm_PolicyApi_AddToGroup()	Adds an agent, response, or rule item to a group.
Sm_PolicyApi_DeleteGroup()	Deletes a group.
Sm_PolicyApi_GetGroup()	Gets the contents of a group by OID.
Sm_PolicyApi_GetGroupByName()	Gets the contents of a group by name.
Sm_PolicyApi_GetGroupOids()	Gets the OIDs contained with a group.
Sm_PolicyApi_IsGroup()	Determines whether a specified item is contained within the group.
Sm_PolicyApi_RemoveFromGroup()	Removes the specified item from the group.

ODBC Query Scheme Functions

The following functions manage SiteMinder ODBC query schemes:

Function	Description
Sm_PolicyApi_CreateODBCQueryScheme()	Creates or updates an ODBC query scheme.
Sm_PolicyApi_DeleteODBCQueryScheme()	Deletes an ODBC query scheme.
Sm_PolicyApi_GetODBCQueryScheme()	Gets the contents of an ODBC query scheme by OID.
Sm_PolicyApi_GetODBCQuerySchemeByName()	Gets the contents of an ODBC query scheme by name.

Password Policy Functions

The following functions manage SiteMinder password policy objects:

Function	Description
Sm_PolicyApi_AddPasswordPolicy()	Creates or updates a password policy object.
Sm_PolicyApi_DeletePasswordPolicy()	Deletes a password policy.
Sm_PolicyApi_GetPasswordPolicy()	Gets the contents of a password policy by OID.
Sm_PolicyApi_GetPasswordPolicyByName()	Gets the contents of a password policy by name.

Policy Functions

The following functions manage SiteMinder policy and policy link objects. A policy link is an association of a policy, a rule, and optionally, a response.

Function	Description
Sm_PolicyApi_AddGlobalPolicy()	Creates or updates a global policy object.
Sm_PolicyApi_AddPolicy()	Creates or updates a policy object.
Sm_PolicyApi_AddPolicyLink()	Creates a policy link for the specified policy.
Sm_PolicyApi_DeletePolicy()	Deletes a policy.
Sm_PolicyApi_GetPasswordPolicyByName()	Gets the contents of a password policy by name.
Sm_PolicyApi_GetPolicy()	Gets the contents of a policy by OID.
Sm_PolicyApi_GetPolicyLinks()	Gets a linked list of all policy links associated with the specified policy.
Sm_PolicyApi_RemovePolicyLinkFromPolicy()	Removes a policy link from the specified policy.

Realm Functions

The following functions manage SiteMinder realms objects:

Function	Description
Sm_PolicyApi_AddRealm()	Creates or updates a realm object.
Sm_PolicyApi_DeleteRealm()	Deletes a realm.
Sm_PolicyApi_GetChildren()	Builds a hierarchical realm and rule tree.
Sm_PolicyApi_GetRealm()	Gets the contents of a realm by OID.
Sm_PolicyApi_GetRealmByName()	Gets the contents of a realm by name.

Registration Scheme Functions

The following functions manage SiteMinder registration schemes:

Function	Description
Sm_PolicyApi_AddRegistrationScheme()	Creates or updates a registration scheme.
Sm_PolicyApi_DeleteRegistrationScheme()	Deletes a registration scheme.
Sm_PolicyApi_GetRegistrationScheme()	Gets the contents of a registration scheme by OID.
Sm_PolicyApi_GetRegistration SchemeByName()	Gets the contents of a registration scheme by name.

Regular Expression Functions

The following functions manage SiteMinder regular expressions:

Function	Description
Sm_PolicyApi_AddRegularExpressionToPasswordPolicy()	Creates or updates a regular expression.
Sm_PolicyApi_RemoveRegularExpressionFromPasswordPolicy()	Deletes a regular expression.
Sm_PolicyApi_GetRegularExpressions()	Gets the regular expressions belonging to a given password policy.

Response Functions

The following functions manage SiteMinder response objects:

Function	Description
Sm_PolicyApi_AddGlobalResponse()	Creates or updates a global response object.
Sm_PolicyApi_AddResponse()	Creates or updates a response object.
Sm_PolicyApi_AddResponseAttr()	Creates a response attribute for the specified response.
Sm_PolicyApi_DeleteResponse()	Deletes a response.
Sm_PolicyApi_GetResponse()	Gets the contents of a response by OID.
Sm_PolicyApi_GetResponseAttrs()	Gets a linked list of response attributes for the specified response.
Sm_PolicyApi_GetResponseByName()	Gets the contents of a response by name.
Sm_PolicyApi_RemoveResponseAttr()	Disassociates a response attribute from the specified response.
Sm_PolicyApi_SetResponseInPolicyLink()	Sets a response or response group to a rule or rule group, or removes a response or response group from a rule or rule group.

Rule Functions

The following functions manage SiteMinder rule objects:

Function	Description
Sm_PolicyApi_AddGlobalRule()	Creates or updates a global rule object.
Sm_PolicyApi_AddRule()	Creates or updates a rule object.
Sm_PolicyApi_DeleteRule()	Deletes a rule.
Sm_PolicyApi_GetRule()	Gets the contents of a rule by OID.
Sm_PolicyApi_GetRuleByName()	Gets the contents of a rule by name.

SAML1.x Configuration Functions

The following functions provide support for SAML 1.x configuration settings:

Function	Description
Sm_PolicyApi_AddMessageConsumerPluginTo SAML1Scheme()	Adds or updates a message consumer plugin setting to a SAML1.x authentication scheme.
Sm_PolicyApi_AddRedirectURLTo SAML1xScheme()	Adds or updates a redirect URL to a SAML1.x authentication scheme.
Sm_PolicyApi_GetMessageConsumerPluginFrom SAML1Scheme()	Retrieves a message consumer plugin setting from a SAML 1.x authentication scheme.
Sm_PolicyApi_GetRedirectURLFromSAML1Scheme()	Retrieves a redirect URL setting from a SAML 1.x authentication scheme.

SAML 2.0 Attribute Authority Functions

The following functions managed attributes for a SAML Requester:

Function	Description
Sm_PolicyApi_AddAttributeToSAMLScheme()	Adds an attribute to a SAML Requester defined in a SAML 2.0 authentication scheme.
Sm_PolicyApi_GetAllSAMLSchemeAttributes()	Retrieves all attributes defined for a SAML Requester.
Sm_PolicyApi_RemoveAttributeFromSAMLScheme()	Removes an attribute from a SAML Requester defined in a SAML 2.0 authentication scheme.

SAML 2.0 Configuration Functions

The following functions manage SAML 2.0 affiliations, Service Providers, and Identity Providers.

Function	Description
Sm_PolicyApi_AddAttributeToSAMLSP()	Defines a SAML 2.0 attribute for the Service Provider.
Sm_PolicyApi_AddSAMLAffiliation()	Adds a new SAML affiliation object or modifies an existing one.
Sm_PolicyApi_AddSAMLScheme()	Adds a new SAML 2.0 authentication scheme object or modifies an existing one.
Sm_PolicyApi_AddSAMLServiceProvider()	Adds a new SAML 2.0 Service Provider object or modifies an existing one.
Sm_PolicyApi_AddUsersToSAMLServiceProvider()	Associates a user directory entry with SAML 2.0 Service Provider.
Sm_PolicyApi_DeleteSAMLAffiliation()	Deletes the specified SAML affiliation.
Sm_PolicyApi_DeleteSAMLServiceProvider()	Deletes the specified Service Provider.
Sm_PolicyApi_GetAffiliatedSAMLAuthSchemes()	Retrieves all the SAML authentication schemes associated with the specified SAML affiliation.
Sm_PolicyApi_GetAffiliatedSAMLServiceProviders()	Retrieves all the Service Providers associated with the specified SAML affiliation.
Sm_PolicyApi_GetAllSAMLAffiliations()	Retrieves all existing SAML affiliation objects.
Sm_PolicyApi_GetAllSAMLServiceProviders()	Retrieves all the Service Providers in the specified affiliate domain.
Sm_PolicyApi_GetAllSAMLSPAttributes()	Retrieves all the attributes associated with the specified Service Provider.
Sm_PolicyApi_GetSAML Affiliation()	Retrieves the SAML affiliation specified by its OID in the policy store.
Sm_PolicyApi_GetSAMLAffiliationById()	Retrieves the SAML affiliation specified by its unique affiliation identifier (URI).
Sm_PolicyApi_GetSAMLScheme()	Retrieves information about a SAML 2.0 authentication scheme.
Sm_PolicyApi_GetSAMLServiceProvider()	Retrieves the Service Provider specified by its OID in the policy store.
Sm_PolicyApi_GetSAMLServiceProviderById()	Retrieves the Service Provider specified by its unique provider identifier.
Sm_PolicyApi_GetSAMLServiceProviderUsers()	Retrieves the user directory entries associated with the specified Service Provider.
Sm_PolicyApi_RemoveAttributeFromSAMLSP()	Removes the specified SAML attribute from the Service Provider.
Sm_PolicyApi_RemoveUsersFromSAMLServiceProvider()	Removes the specified users from the Service Provider.

SAML 2.0 Indexed Endpoint Functions

The following functions manage indexed endpoints in the Service Provider:

Function	Description
Sm_PolicyApi_AddAssertionConsumerServiceToSAMLSP()	Adds a new indexed endpoint reference (with index, binding, and Assertion Consumer URL) to a Service Provider.
Sm_PolicyApi_GetAllSAMLSPAssertionConsumerService()	Gets a list of all Assertion Consumer Services present in the policy store.
Sm_PolicyApi_RemoveAssertionConsumerService()	Removes an indexed endpoint reference to an Assertion Consumer Service.

User Directory Functions

The following functions manage SiteMinder user directory objects:

Function	Description
Sm_PolicyApi_AddUserDirToDomain()	Associates a directory object with the specified domain.
Sm_PolicyApi_CreateUserDir()	Creates or updates a user directory object.
Sm_PolicyApi_DeleteUserDir()	Deletes a user directory.
Sm_PolicyApi_GetDirectoryContents()	Gets a linked list of user structures for the specified user directory.
Sm_PolicyApi_GetUserContext()	Allows callers of the Policy Management API to access user context information.
Sm_PolicyApi_GetUserDir()	Gets the contents of a user directory by OID.
Sm_PolicyApi_GetUserDirByName()	Gets the contents of a user directory by name.
Sm_PolicyApi_GetUserDirCapabilities()	Gets the capabilities of the user directory.
Sm_PolicyApi_GetUserDirSearchOrder()	Gets the OIDs of the user directory associated with the specified domain.
Sm_PolicyApi_LookupDirectoryEntry()	Finds a user specification in a particular user directory and based on the specified search pattern.
Sm_PolicyApi_RemoveUserDirFromDomain()	Disassociates a user directory from the specified domain.
Sm_PolicyApi_SetUserDirSearchOrder()	Rearranges the search order of the user directories associated with the specified domain.
Sm_PolicyApi_ValidateDirectoryEntry()	Validates a user specification in a given path and user directory.

User and User State Functions

The following functions perform operations on user state and on user entries in a SiteMinder user directory:

Field	Description
Sm_PolicyApi_AddUsersToPolicy()	Adds a user to the specified policy.
Sm_PolicyApi_DisableUser()	Disables a user.
Sm_PolicyApi_EnableUser()	Enables a user.
Sm_PolicyApi_GetDisabledUserState()	Gets the disabled state of a user.
Sm_PolicyApi_GetPasswordMsg()	Gets information about an error that occurred during an attempt to validate a new password.
Sm_PolicyApi_GetPolicyUsers()	Gets a linked list of structures for the users associated with the specified policy and optionally, user directory.
Sm_PolicyApi_GetUserGroups()	Gets the list of groups that a user is member of.
Sm_PolicyApi_RemoveUsersFromPolicy()	Disassociates the user from the specified policy.
Sm_PolicyApi_SetDisabledUserState()	Sets the disabled state of a user.
Sm_PolicyApi_SetPassword()	Changes or validates a user password.

User Password State Functions

The following functions manage SiteMinder password state objects:

Function	Description
Sm_PolicyApi_GetUserPasswordState()	Returns a UserPasswordState object.
Sm_PolicyApi_SetUserPasswordState()	Adds/Updates a UserPasswordState object.

Utility Functions

The following functions provide a variety of services, including memory, cache, and agent encryption key management:

Function	Description
Sm_PolicyApi_FlushRealm()	Flushes the specified realm from the resource cache.
Sm_PolicyApi_FlushUser()	Flushes the specified user from user cache.
Sm_PolicyApi_FreeMemory()	Frees memory allocated by the Policy Management API.
Sm_PolicyApi_FreeMemoryEx()	Frees memory allocated by the Policy Management API. Required for clients starting at version SM_POLICY_API_VERSION_6_0.
Sm_PolicyApi_FreeString()	Frees a single string allocated by the Policy Management API.
Sm_PolicyApi_FreeStringArray()	Frees string arrays allocated by the Policy Management API.
Sm_PolicyApi_ManagementCommand()	Performs user, key, and resource management services.

Variable Functions

The following methods manage variables.

Function	Description
Sm_PolicyApi_AddVariable()	Adds a variable object.
Sm_PolicyApi_DeleteVariable()	Deletes a variable object.
Sm_PolicyApi_GetVariable()	Gets a specified variable by OID.
Sm_PolicyApi_GetVariableByName()	Gets a specified variable by name.
Sm_PolicyApi_GetVariableType()	Gets a specified variable type by OID.
Sm_PolicyApi_GetVariableTypeByName()	Gets a specified variable type by name.

WS-Federation Functions

The following table lists the supported functions for Resource Partners and Account Partners:

Function	Description
Sm_PolicyApi_AddWSFEDResourcePartner()	Creates or updates a WS-Federation Resource Partner object.
Sm_PolicyApi_GetWSFEDResourcePartner()	Gets a WS-Federation Resource Partner object
Sm_PolicyApi_GetAllWSFEDResourcePartners()	Gets all WS-Federation Resource Partner objects for a domain as a linked list
Sm_PolicyApi_DeleteWSFEDResourcePartner()	Deletes a WS-Federation Resource Partner. This will then delete the agent, realm, rule, policy, and policy link objects associated with the Resource Partner object
Sm_PolicyApi_AddUsersToWSFEDResourcePartner()	Associates a user directory entry with a WS-Federation Resource Partner.
Sm_PolicyApi_RemoveUsersFromWSFEDResourcePartner()	Disssociates a user directory entry from a WS-Federation Resource Partner
Sm_PolicyApi_GetUsersFromWSFEDResourcePartner()	Gets the user directory entries associated with a WS-Federation Resource Partner
Sm_PolicyApi_AddWSFEDScheme()	Creates or updates a WS-Federation authentication scheme
Sm_PolicyApi_GetWSFEDScheme()	Gets a WS-Federation authentication scheme.

Function Declarations for the Policy Management API

Function declarations include the syntax and return values for each function in the Policy Management API for reference.

Sm_PolicyApi_AddAdmin()

Creates a new SiteMinder administrator object at a global scope. The administrator's attributes are contained in the pstructAdmin structure.

If the administrator object exists and bUpdate is true, the item is updated.

Type

Administrator function, global scope.

Syntax

int SM_EXTERN Sm_PolicyApi_AddAdmin (
   void*                    pSessionHandle,
   Sm_PolicyApi_Admin_t*    pstructAdmin,
   const bool               bUpdate
);

Parameter	I/O	Description
pSessionHandle	I	A pointer to an internal Policy Management API data structure. The structure holds information about the administrator session and the client session.
pstructAdmin	I	A pointer to a completely filled-in administrator structure.
bUpdate	I	A flag to indicate that if an existing object is found, it should be updated.

Returns

Sm_PolicyApi_Success. The administrator object was created successfully.
Sm_PolicyApi_Failure. The administrator object was not created successfully.
Sm_PolicyApi_InvalidHandle. There was no valid initialization prior to this call.
Sm_PolicyApi_NoSession. There is no valid administrator session.
Sm_PolicyApi_NoPrivilege. The administrator does not have the privilege to create an administrator object.
Sm_PolicyApi_InvalidOid:
- The administrator object identifier was not found during an update.
- The user directory object identifier was not found.
- The scheme object identifier was not found.

Sm_PolicyApi_AddAdminToAffiliateDomain()

Adds an administrator to an affiliate domain.

Type

Federation function

Syntax

int SM_EXTERN Sm_PolicyApi_AddAdminToAffiliateDomain (
   void*        pSessionHandle,
   const char*  pszAdminOid,
   const char*  pszAffiliateDomainOid
);

Parameter	I/O	Description
pSessionHandle	I	A pointer to an internal Policy Management API data structure. The structure holds information about the administrator session and the client session.
pszAdminOid	I	A null-terminated string containing the object identifier of an existing administrator.
pszAffiliate DomainOid	I	A null-terminated string containing the object identifier of an existing affiliate domain.

Returns

Sm_PolicyApi_Success. The administrator was added to the affiliate domain.
Sm_PolicyApi_Failure. The administrator was not added to the affiliate domain.
Sm_PolicyApi_InvalidHandle. There was no valid initialization prior to this call.
Sm_PolicyApi_NoSession. There is no valid administrator session.
Sm_PolicyApi_NoPrivilege. The administrator does not have the privilege to delete an affiliate domain.
Sm_PolicyApi_InvalidOid. The affiliate domain OID was not found during an update.
Sm_PolicyApi_DuplicateEntry. The specified administrator object identifier already exists in the affiliate domain

Sm_PolicyApi_AddAdminToDomain()

Gives the specified administrator permission to administer the specified domain, and associates the administrator object identified by szAdminOid with the domain identified by szDomainOid.

Type

Administrator function, global scope.

Syntax

int SM_EXTERN Sm_PolicyApi_AddAdminToDomain (
   void*            pSessionHandle,
   const char*      pszAdminOid,
   const char*      pszDomainOid
);

Parameter	I/O	Description
pSessionHandle	I	A pointer to an internal Policy Management API data structure. The structure holds information about the administrator session and the client session.
pszAdminOid	I	A null-terminated string containing the object identifier of an existing administrator.
pszDomainOid	I	A null-terminated string containing the object identifier of an existing domain.

Returns

Sm_PolicyApi_Success. The administrator was added to the domain.
Sm_PolicyApi_InvalidHandle. There was no valid initialization prior to this call.
Sm_PolicyApi_NoSession. There is no valid administrator session.
Sm_PolicyApi_NoPrivilege. The administrator does not have the privilege to add an administrator to a domain.
Sm_PolicyApi_InvalidOid. The administrator object identifier or the domain object identifier was not found.
Sm_PolicyApi_DuplicateEntry. The specified administrator object identifier already exists in the domain.

Sm_PolicyApi_AddAffiliate()

Creates a new or updates an existing affiliate object. This function will also retrieve the PropertyCollection object based on the AffiliateDomain OID.

Type

Federation function

Syntax

int SM_EXTERN Sm_PolicyApi_AddAffiliate (
   void*                       pSessionHandle,
   Sm_PolicyApi_Affiliate_t*   pstructAffiliate,
   const bool                  bUpdate
);

Parameter

I/O

Description

pSessionHandle

A pointer to an internal Policy Management API data structure. The structure holds information about the administrator session and the client session.

pstructAffiliate

A pointer to a completely filled-in affiliate structure.

bUpdate

A flag to indicate that if an existing object is found, it should be updated.

Remarks

This function creates affiliate objects that are based on the artifact profile or the POST profile (see the Sm_PolicyApi_Affiliate_t field SAMLProfile). Creating an affiliate object based on the POST profile requires an API version of at least SM_POLICY_API_VERSION_6_0_2. If an earlier version is involved, the POST profile request is ignored (along with any POST-specific fields in Sm_PolicyApi_Affiliate_t) and an attempt is made to create an affiliate object based on the artifact profile.

Returns

Sm_PolicyApi_Success. The affiliate was created successfully.
Sm_PolicyApi_Failure. The affiliate was not created successfully.
Sm_PolicyApi_InvalidHandle. There was no valid initialization prior to this call.
Sm_PolicyApi_NoSession. There is no valid administrator session.
Sm_PolicyApi_NoPrivilege. The administrator does not have the privilege to create an affiliate.
Sm_PolicyApi_DomainNotFound. The affiliate domain OID was not found.
Sm_PolicyApi_DomainNotAffiliate. The domain is not an affiliate domain.

Sm_PolicyApi_AddAffiliateDomain()

Creates a new or updates an existing affiliate domain. Sets bIsAffiliate to TRUE.

Type

Federation function

Syntax

int SM_EXTERN Sm_PolicyApi_AddAffiliateDomain (
   void*                           pSessionHandle,
   Sm_PolicyApi_AffiliateDomain_t  *pstructAffiliateDomain,
   const bool                      bUpdate
);

Parameter	I/O	Description
pSessionHandle	I	A pointer to an internal Policy Management API data structure. The structure holds information about the administrator session and the client session.
pstructAffiliate Domain	I	A pointer to a completely filled-in affiliate domain structure.
bUpdate	I	A boolean flag to indicate that if an existing object is found, it should be updated.

Returns

Sm_PolicyApi_Success. The affiliate domain was created successfully.
Sm_PolicyApi_Failure. The affiliate domain was not created successfully.
Sm_PolicyApi_InvalidHandle. There was no valid initialization prior to this call.
Sm_PolicyApi_NoSession. There is no valid administrator session.
Sm_PolicyApi_NoPrivilege. The administrator does not have the privilege to create an affiliate domain.
Sm_PolicyApi_DomainNotFound. The affiliate domain OID was not found during an update.
Sm_PolicyApi_DomainNotAffiliate. The domain is not an affiliate domain.

Sm_PolicyApi_AddAgent()

Creates a new SiteMinder agent. The attributes of the agent are contained in the pstructAgent structure.

If the agent exists and the bUpdate flag is true, the item is updated.

You must specify an agent type with this call. To get the agent type OID for the agent, use Sm_PolicyApi_GetGlobalObjects().

Type

Agent function, global scope.

Syntax

int SM_EXTERN Sm_PolicyApi_AddAgent (
   void*                   pSessionHandle,
   Sm_PolicyApi_Agent_t*   pstructAgent,
   const bool              bUpdate
);

Parameter	I/O	Description
pSessionHandle	I	A pointer to an internal Policy Management API data structure. The structure holds information about the administrator session and the client session.
pstructAgent	I	A pointer to a completely filled-in agent structure.
bUpdate	I	A flag to indicate that if an existing object is found, it should be updated.

Returns

Sm_PolicyApi_Success. The agent was created successfully.
Sm_PolicyApi_Failure. The agent was not created successfully.
Sm_PolicyApi_InvalidHandle. There was no valid initialization prior to this call.
Sm_PolicyApi_NoSession. There is no valid administrator session.
Sm_PolicyApi_NoPrivilege. The administrator does not have the privilege to create an agent.
Sm_PolicyApi_InvalidOid:
- The agent type OID was not found or is not of the specified agent type.
- The agent OID was not found. This happens when this function is called with bUpdate set to true and the pszOid field of Sm_PolicyApi_Agent_t holds the OID of the agent being updated.
Sm_PolicyApi_NotUnique. An agent with the same name exists.
Sm_PolicyApi_RadiusIpAddrNotUnique. Another RADIUS IP address exists that is the same.
Sm_PolicyApi_MissingProperty. One of the required fields is not set.

Sm_PolicyApi_AddAgentConfig()

Creates or modifies an agent configuration object in the policy store.

Type

Agent configuration function, global scope.

Syntax

int SM_EXTERN Sm_PolicyApi_AddAgentConfig (
   void*                            pSessionHandle,
   Sm_PolicyApi_AgentConfig_t*      pstructAgentConfig,
   const bool                       bUpdate
);

Parameter	I/O	Description
pSessionHandle	I	A pointer to an internal Policy Management API data structure. The structure holds information about the administrator session and the client session.
pstructAgentConfig	I	Address of a structure that defines the agent configuration object.
bUpdate	I	If true, the object is being updated.

Returns

Sm_PolicyApi_Success. The operation was successful.
Sm_PolicyApi_Failure. Generalized failure.
Sm_PolicyApi_InvalidOid. The unique ID does not correspond to an agent configuration object.
Sm_PolicyApi_NoPrivilege. The caller does not have the privilege to add or modify an agent configuration object.
Sm_PolicyApi_InvalidHandle. The session pointer is not valid.
Sm_PolicyApi_NoSession. The API user is not properly logged in.

Sm_PolicyApi_AddAgentConfigAssociation()

Adds or modifies a configuration parameter name and corresponding value in a specified agent configuration object.

Type

Agent configuration function, global scope.

Syntax

int SM_EXTERN Sm_PolicyApi_AddAgentConfigAssociation (
   void*                            pSessionHandle,
   const char*                      pszAgentConfigOid,
   Sm_PolicyApi_Association_t*      pstructAssociation,
   bool                             bUpdate
);

Parameter	I/O	Description
pSessionHandle	I	A pointer to an internal Policy Management API data structure. The structure holds information about the administrator session and the client session.
pszAgentConfigOid	I	Unique identifier of the agent configuration object.
pstructAssociation	I	The name/value pair to add or modify in the agent configuration object.
bUpdate	I	If true, the object is being updated.

Returns

Sm_PolicyApi_Success. The operation was successful.
Sm_PolicyApi_Failure. Generalized failure.
Sm_PolicyApi_InvalidOid. The unique ID does not correspond to an agent configuration object.
Sm_PolicyApi_NoPrivilege. The caller does not have the privilege to add agent configuration object parameters.
Sm_PolicyApi_InvalidHandle. The session pointer is not valid.
Sm_PolicyApi_NoSession. The API user is not properly logged in.

Sm_PolicyApi_AddAssertionConsumerServiceToSAMLSP

Adds a new indexed endpoint, which includes an index, binding, and an Assertion Consumer Service URL, to the Service Provider.

Note: An existing indexed endpoint reference cannot be modified.

Type

Federation function

Syntax

int SM_EXTERN Sm_PolicyApi_AddAssertionConsumerServiceToSAMLSP (
   void*                               pSessionHandle,
   const Sm_PolicyApi_SAMLSPAssertionConsumerService_t* 
                pstructSAMLSPAssertionConsumerService,
   const char*                         pszSAMLSPOid
);

Parameter	I/O	Description
pSessionHandle	I	A pointer to an internal Policy Management API data structure. The structure holds information about the administrator session and the client session.
pstructSAMLSPAssertion ConsumerService	I	A pointer to an Assertion Consumer Service structure.
pszSAMLSPOid	I	A pointer to a string containing the OID of the Service Provider.

Returns

Sm_PolicyApi_Success. The Assertion Consumer Service was added successfully.
Sm_PolicyApi_Failure - The Assertion Consumer Service was not added successfully.
Sm_PolicyApi_ACSDuplicateIndex - There is already an Assertion Consumer Service assigned to thei Service Provider with the same index value.
Sm_PolicyApi_InvalidHandle - There was no valid initialization prior to this call.
Sm_PolicyApi_NoSession - There is no valid administrator session.
Sm_PolicyApi_NoPrivilege - The administrator does not have the privilege to add an Assertion Consumer Service.

Remarks

The following fields of the Sm_PolicyApi_SAMLSPAssertionConsumerService_t structure are evaluated:

The value of the index is a unique positive integer, less than 65535,
The Assertion Consumer URL starts with http:// or https://.
The binding is either HTTP-Post or HTTP_Artifact.

Sm_PolicyApi_AddAttributeToAffiliate()

Adds a new attribute to an affiliate.

Type

Federation function

Syntax

int SM_EXTERN Sm_PolicyApi_AddAttributeToAffiliate (
   void*                               pSessionHandle,
   const Sm_PolicyApi_AffiliateAttr_t* pstructAffiliateAttr,
   const char*                         pszAffiliateOid
);

Parameter	I/O	Description
pSessionHandle	I	A pointer to an internal Policy Management API data structure. The structure holds information about the administrator session and the client session.
pstructAffiliate Attr	I	A pointer to a completely filled-in affiliate attribute structure.
pszAffiliateOid	I	A null-terminated string containing the object identifier of an existing affiliate.

Returns

Sm_PolicyApi_Success. The affiliate attribute was created successfully.
Sm_PolicyApi_Failure - The affiliate attribute was not created successfully.
Sm_PolicyApi_InvalidHandle - There was no valid initialization prior to this call.
Sm_PolicyApi_NoSession - There is no valid administrator session.
Sm_PolicyApi_NoPrivilege - The administrator does not have the privilege to create an affiliate attribute.
Sm_PolicyApi_InvalidOid - The affiliate OID was not found.

Sm_PolicyApi_AddAttributeToSAMLScheme()

Adds an attribute, which can be requested from the configured Attribute Service, to a SAML 2.0 authentication scheme.

Syntax

int SM_EXTERN Sm_PolicyApi_AddAttributeToSAMLScheme(
   void*                                pHandle,
   const Sm_PolicyApi_Scheme_t*         pstructScheme,
   const Sm_PolicyApi_SAMLRequesterAttr_t*     pAttr
);

Parameter	I/O	Description
pHandle	I	A pointer to an internal Policy Management API data structure. The structure holds information about the administrator session and the client session.
pstructScheme	I	A pointer to a completely filled-in structure for a SAML 2.0 Scheme.
pAttr	I	A pointer to the Sm_PolicyApi_SAMLRequesterAttr_t structure containing the attribute to be added.

Returns

Sm_PolicyApi_Success. The attribute was added successfully.
Sm_PolicyApi_Failure. The attribute was not added successfully.
Sm_PolicyApi_InvalidHandle. There was no valid initialization prior to this call.
Sm_PolicyApi_NoSession. There is no valid administrator session.
Sm_PolicyApi_NoPrivilege. The administrator does not have the privilege to add an attribute to a SAML Requester.
Sm_PolicyApi_SAMLIDP_IncorrectParameters. Supplied SAML provided properties are incomplete or incorrect.
Sm_PolicyApi_DuplicateAttribute. An attribute already exists with the same Name and NameFormat.

Sm_PolicyApi_AddAttributeToSAMLSP()

Defines a SAML 2.0 attribute for the Service Provider.

A SAML 2.0 attribute contains information about a principal who is trying to access a resource on the Service Provider-for example, the principal's user DN.

The defined attribute is included in an attribute statement for all SAML 2.0 assertions that are produced for the Service Provider.

Type

SAML 2.0 Configuration function, domain scope.

Syntax

int SM_EXTERN Sm_PolicyApi_AddAttributeToSAMLSP (
   void*                                pHandle,
   const Sm_PolicyApi_SAMLSPAttr_t*     pstructSAMLSPAttr,
   const char*                          pszSAMLSPOid
);

Parameter	I/O	Description
pHandle	I	A pointer to an internal Policy Management API data structure. The structure holds information about the administrator session and the client session.
pstructSAMLSPAttr	I	A pointer to a completely filled-in attribute structure.
pszSAMLSPOid		A null-terminated string containing the object identifier of an existing Service Provider.

Returns

Sm_PolicyApi_Success. The attribute was added successfully.
Sm_PolicyApi_Failure. The attribute was not added successfully.
Sm_PolicyApi_InvalidHandle. There was no valid initialization prior to this call.
Sm_PolicyApi_NoSession. There is no valid administrator session.
Sm_PolicyApi_NoPrivilege. The administrator does not have the privilege to add an attribute to a SAML Service Provider.
Sm_PolicyApi_DuplicateAttribute. An attribute already exists with the same Name and NameFormat.

Sm_PolicyApi_AddDomain()

Creates a new SiteMinder domain. Attributes of the domain are contained in the pstructDomain structure.

If the domain exists and the bUpdate flag is true, the item is updated.

Type

Domain function, global scope.

Syntax

int SM_EXTERN Sm_PolicyApi_AddDomain (
   void*                    pSessionHandle,
   Sm_PolicyApi_Domain_t*   pstructDomain,
   const bool               bUpdate
);

Parameter	I/O	Description
pSessionHandle	I	A pointer to an internal Policy Management API data structure. The structure holds information about the administrator session and the client session.
pstructDomain	I	A pointer to a completely filled-in domain structure.
bUpdate	I	A flag to indicate that if an existing object is found, it should be updated.

Returns

Sm_PolicyApi_Success. The domain was created successfully.
Sm_PolicyApi_Failure. The domain was not created successfully.
Sm_PolicyApi_InvalidHandle. There was no valid initialization prior to this call.
Sm_PolicyApi_NoSession. There is no valid administrator session.
Sm_PolicyApi_NoPrivilege. The administrator does not have the privilege to create a domain.
Sm_PolicyApi_InvalidOid. The domain OID was not found during an update.

Sm_PolicyApi_AddGlobalPolicy()

Creates a new global policy in the object store. The policy attributes are contained in the pStructPolicy structure.

If the policy exists and the bUpdate flag is true, the item is updated.

Type

Policy function, global scope.

Syntax

int SM_EXTERN Sm_PolicyApi_AddGlobalPolicy (
   void*                    pSessionHandle,
   Sm_PolicyApi_Policy_t*   pStructPolicy,
   const bool               bUpdate
);

Parameter	I/O	Description
pSessionHandle	I	A pointer to an internal Policy Management API data structure. The structure holds information about the administrator session and the client session.
pStructPolicy	I	A pointer to a completely filled policy structure. The structure's domain OID is ignored.
bUpdate	I	A flag to indicate that if an existing object is found, it should be updated.

Returns

Sm_PolicyApi_Success. The global policy was created successfully.
Sm_PolicyApi_Failure. The global policy was not created successfully.
Sm_PolicyApi_InvalidHandle. There was no valid initialization prior to this call.
Sm_PolicyApi_NoSession. There is no valid administrator session.
Sm_PolicyApi_NoPrivilege. The administrator does not have the privilege to create a global policy.
Sm_PolicyApi_NotImplemented: The client who called this function initialized the API with a version less than SM_POLICY_API_VERSION_6_0.

Sm_PolicyApi_AddGlobalResponse()

Creates a new global response in the object store.

Type

Rule function, global scope.

Syntax

int SM_EXTERN Sm_PolicyApi_AddGlobalResponse (
   void*                      pSessionHandle,
   Sm_PolicyApi_Response_t*   pStructResponse,
   const bool                 bUpdate
);

Parameter	I/O	Description
pSessionHandle	I	A pointer to an internal Policy Management API data structure. The structure holds information about the administrator session and the client session.
pStructResponse	I	A pointer to a completely filled response structure. The structure's domain OID is ignored.
bUpdate	I	A flag to indicate that if an existing object is found, it should be updated.

Returns

Sm_PolicyApi_Success. The global response was created successfully.
Sm_PolicyApi_Failure. The global response was not created successfully.
Sm_PolicyApi_InvalidHandle. There was no valid initialization prior to this call.
Sm_PolicyApi_NoSession. There is no valid administrator session.
Sm_PolicyApi_NoPrivilege. The administrator does not have the privilege to create a global response.
Sm_PolicyApi_InvalidOid: A global response with a matching OID was not found during an update.
Sm_PolicyApi_NotImplemented: The client who called this function initialized the API with a version less than SM_POLICY_API_VERSION_6_0.

Sm_PolicyApi_AddGlobalRule()

Creates a new global rule in the object store.

Type

Rule function, global scope.

Syntax

int SM_EXTERN Sm_PolicyApi_AddGlobalRule (
   void*                   pSessionHandle,
   Sm_PolicyApi_Rule_t*    pStructRule,
   const bool              bUpdate
);

Parameter	I/O	Description
pSessionHandle	I	A pointer to an internal Policy Management API data structure. The structure holds information about the administrator session and the client session.
pStructRule	I	A pointer to a completely filled-in rule structure. The realm OID in the structure is ignored.
bUpdate	I	A flag to indicate that if an existing object is found, it should be updated.

Returns

Sm_PolicyApi_Success. The global rule was created successfully.
Sm_PolicyApi_Failure. The global rule was not created successfully.
Sm_PolicyApi_InvalidHandle. There was no valid initialization prior to this call.
Sm_PolicyApi_NoSession. There is no valid administrator session.
Sm_PolicyApi_NoPrivilege. The administrator does not have the privilege to create a global rule.
Sm_PolicyApi_InvalidOid:
- A global rule with a matching OID was not found during an update.
- An agent or agent group with matching OID was not found.
Sm_PolicyApi_NotImplemented: The client who called this function initialized the API with a version less than SM_POLICY_API_VERSION_6_0.

Sm_PolicyApi_AddGroup()

Adds a new group object to the Siteminder policy store. The attributes of the group are contained in the pStructGroup structure.

Note: Groups of global objects are not supported.

The pszDomainOid parameter is required by a rule group or response group. An agent group does not require a domain OID because it is not a domain-based object.

If the group object exists and the bUpdate flag is true, the item is updated.

Type

Group function, global scope (agents) or domain scope (responses, rules).

Syntax

int SM_EXTERN Sm_PolicyApi_AddGroup (
   void*                    pSessionHandle,
   Sm_PolicyApi_Groups_t    dwGroup,
   const char*              pszDomainOid,
   Sm_PolicyApi_Group_t*    pStructGroup,
   const bool               bUpdate
);

Parameter	I/O	Description
pSession Handle	I	A pointer to an internal Policy Management API data structure. The structure holds information about the administrator session and the client session.
dwGroup	I	Indicates the type of group to be added.
pszDomainOid	I	A null-terminated string containing the name of an existing domain. Required parameter for rule or response group. (Global rule or response groups are not supported.)
pStructGroup	I	A pointer to a completely filled-in group structure.
bUpdate	I	A flag to indicate that if an existing object is found, it should be updated.

Returns

Sm_PolicyApi_Success. The add was successful.
Sm_PolicyApi_Failure. The add was not successful.
Sm_PolicyApi_InvalidHandle. There was no valid initialization prior to this call.
Sm_PolicyApi_NoSession. There is no valid administrator session.
Sm_PolicyApi_NoPrivilege. The administrator does not have the privilege to add a group.
Sm_PolicyApi_InvalidOid. The domain OID was not found (for a domain-based group).
Sm_PolicyApi_BadGroup. The dwGroup parameter is not the rule, response, or agent group type.

Sm_PolicyApi_AddHostConfig()

Creates or updates a host configuration object in the policy store.

Type

Agent configuration function, global scope.

Syntax

int SM_EXTERN Sm_PolicyApi_AddHostConfig (
   void*                            pSessionHandle,
   Sm_PolicyApi_HostConfig_t*       pstructHostConfig,
   const bool                       bUpdate
);

Parameter	I/O	Description
pSessionHandle	I	A pointer to an internal Policy Management API data structure. The structure holds information about the administrator session and the client session.
pstructHostConfig	I	Address of structure that defines the host configuration object.
bUpdate	I	If true, the object is being updated.

Returns

Sm_PolicyApi_Success. The operation was successful.
Sm_PolicyApi_Failure. Generalized failure.
Sm_PolicyApi_InvalidOid. The unique ID does not correspond to a host configuration object.
Sm_PolicyApi_NoPrivilege. The caller does not have the privilege to create or modify a host configuration object.
Sm_PolicyApi_InvalidHandle. The session pointer is not valid.
Sm_PolicyApi_NoSession. The API user is not properly logged in.

Sm_PolicyApi_AddMessageConsumerPluginToSAML1xScheme()

Adds or updates a message consumer plugin setting to a SAML 1.x authentication scheme.

Syntax

int SM_EXTERN Sm_PolicyApi_AddMessageConsumerPluginToSAML1xScheme(
   void*    pHandle,
   char*    pszSchemeOID,
   char*    pluginClass,
   char*    pluginParam                        
);

Parameters

phandle: [in] A pointer to an internal Policy Management API data structure. The structure holds information about the administrator session and the client session.
pszSchemeOid: [in] A pointer to the OID of the authentication scheme that is being updated.
pluginClass: [in] A pointer to the name of the message consumer plugin class to be set.
pluginParam: [in] A pointer to the parameters of the message consumer plugin class to be set.

Returns

Sm_PolicyApi_Success. The action was completed successfully.
Sm_PolicyApi_Failure. The action was unsuccessful.
Sm_PolicyApi_InvalidHandle. There was no valid initialization prior to this call.
Sm_PolicyApi_SchemeNotFound. The authentication scheme corresponding to the OID was not found, or was not a SAML 1.x authentication scheme.
Sm_PolicyApi_InvalidOid. The OID of the authentication scheme is NULL.

Sm_PolicyApi_AddOneTimeUsePropToAffiliate()

Adds or updates the OneTimeUse property for an assertion in a SAML 1.x affiliate.

Syntax

int SM_EXTERN Sm_PolicyApi_AddOneTimeUsePropToAffiliate(
   void*    pHandle,
   char*    pszAffiliateOID,
   bool     bOneTimeUse
                           
);

Parameters

pHandle: [in] A pointer to an internal Policy Management API data structure. The structure holds information about the administrator session and the client session.
pszAffiliateOid: [in] A pointer to the OID of an existing SMAL 1.x affiliate.
bOneTimeUse: [in] A Boolean value that specifies whether an assertion is used only once in this affiliate.

Returns

Sm_PolicyApi_Success. The action was completed successfully.
Sm_PolicyApi_Failure. The action was unsuccessful.
Sm_PolicyApi_NoSession. There was no valid initialization prior to this call.
Sm_PolicyApi_NoPrivilege. The administrator did not have sufficient access privileges.

Sm_PolicyApi_AddPasswordPolicy()

Adds a password policy object.

Note the following about Sm_PolicyApi_PasswordPolicy_t:

When the password policy applies to an entire directory (bEntireDir is set to true), you must set pszPath and pszClass to an empty string. The Policy Management API returns Sm_PolicyAPI_BadArgument if these strings are not empty.
When the pszPasswordServicesRedirect field is set to an empty string, the Policy Management API sets it to a default URL:
```
/siteminderagent/forms/smpwservices.fcc
```

Type

Password policy function, global scope.

Syntax

int SM_EXTERN Sm_PolicyApi_AddPasswordPolicy (
   void*                            pSessionHandle,
   Sm_PolicyApi_PasswordPolicy_t*   pstructPasswordPolicy,
   const bool                       bUpdate
);

Parameter	I/O	Description
pSessionHandle	I	A pointer to an internal Policy Management API data structure. The structure holds information about the administrator session and the client session.
pstructPassword Policy	I	The address of a pointer to a Sm_PolicyApi_PasswordPolicy_t structure containing information about password policy.
bUpdate	I	A flag to indicate that if an existing object is found, it should be updated.

Returns

Sm_PolicyApi_Success. The create was successful.
Sm_PolicyApi_Failure. The create was not successful.
Sm_PolicyApi_InvalidHandle. There was no valid initialization prior to this call.
Sm_PolicyApi_NoSession. There is no valid administrator session.
Sm_PolicyApi_NoPrivilege. The administrator does not have the privilege to create a password policy.
Sm_PolicyApi_InvalidOid:
- The password policy OID was not found during an update.
- The user directory OID was not found.
Sm_PolicyApi_BadArgument. The path and class are empty.

Sm_PolicyApi_AddPolicy()

Creates a new SiteMinder policy. The policy attributes are contained in the pStructPolicy structure.

If the policy exists and the bUpdate flag is true, the item is updated.

Type

Policy function, domain scope.

Syntax

int SM_EXTERN Sm_PolicyApi_AddPolicy (
   void*                    pSessionHandle,
   Sm_PolicyApi_Policy_t*   pStructPolicy,
   const bool               bUpdate
);

Parameter	I/O	Description
pSessionHandle	I	A pointer to an internal Policy Management API data structure. The structure holds information about the administrator session and the client session.
pStructPolicy	I	A pointer to a completely filled-in policy structure.
bUpdate	I	A flag to indicate that if an existing object is found, it should be updated.

Returns

Sm_PolicyApi_Success. The policy was created successfully.
Sm_PolicyApi_Failure. The policy was not created successfully.
Sm_PolicyApi_InvalidHandle. There was no valid initialization prior to this call.
Sm_PolicyApi_NoSession. There is no valid administrator session.
Sm_PolicyApi_NoPrivilege. The administrator does not have the privilege to create a policy.
Sm_PolicyApi_InvalidOid:
- The policy OID was not found during an update.
- The domain OID was not found.

Sm_PolicyApi_AddPolicyLink()

Creates a new SiteMinder policy link for the policy identified by pszPolicyOid.

A policy link object binds a policy to a rule and, optionally, a response. The attributes of the new policy link are contained in the pstructPolicyLink structure.

If the policy link exists and the bUpdate flag is true, the item is updated.

Type

Policy function, domain scope.

Syntax

int SM_EXTERN Sm_PolicyApi_AddPolicyLink (
   void*                         pSessionHandle,
   const                         pszPolicyOid, 
   Sm_PolicyApi_PolicyLink_t*    pstructPolicyLink
);

Parameter	I/O	Description
pSessionHandle	I	A pointer to an internal Policy Management API data structure. The structure holds information about the administrator session and the client session.
pszPolicyOid	I	A null-terminated string containing the object identifier of an existing policy.
pstructPolicyLink	I	A pointer to a completely filled-in policy link structure.

Returns

Sm_PolicyApi_Success. The policy link was created successfully.
Sm_PolicyApi_Failure:
- The domain of a rule OID is not the same as the domain of the policy OID.
- The domain of a response OID is not the same as the domain of the policy OID.
Sm_PolicyApi_InvalidHandle. There was no valid initialization prior to this call.
Sm_PolicyApi_NoSession. There is no valid administrator session.
Sm_PolicyApi_NoPrivilege. The administrator does not have the privilege to create a policy link.
Sm_PolicyApi_InvalidOid:
- The policy OID was not found.
- The rule or rule group OID was not found.
- The response or response group OID was not found.

Sm_PolicyApi_AddRealm()

Creates a new SiteMinder realm within the domain specified in pStructRealm. The pStructRealm structure also contains other attributes of the realm, including the agent or agent group that protects the realm.

Sm_PolicyApi_AddRealm() fails if a protecting agent or agent group is not specified.

If the new realm is a top-level realm, set pszParentRealmOid (in Sm_PolicyApi_Realm_t) to the domain OID. Otherwise, set pszParentRealmOid to the OID of the new realm's parent realm.

If the realm exists and the bUpdate flag is true, the existing item is updated.

It is the responsibility of the client application to meet the following conditions in order to add an authorization directory to a realm successfully:

The directory mapping between the authorization user directory and authentication user directory should exist.
Note: The Policy Management API checks only to see if the authorization user directory exists. It does not validate if there is a directory mapping for the given authorization user directory.
The associated authentication user directory should be present in the user directory collection of the domain.

Type

Realm function, domain scope.

Syntax

int SM_EXTERN Sm_PolicyApi_AddRealm (
   void*                    pSessionHandle,
   Sm_PolicyApi_Realm_t*    pStructRealm,
   const bool               bUpdate
);

Parameter

I/O

Description

pSessionHandle

A pointer to an internal Policy Management API data structure. The structure holds information about the administrator session and the client session.

pStructRealm

A pointer to a completely filled-in structure.

bUpdate

A flag to indicate that if an existing object is found, it should be updated.

Returns

Sm_PolicyApi_Success. The realm was created successfully.
Sm_PolicyApi_Failure. The realm was not created successfully.
Sm_PolicyApi_NoSession. There is no valid administrator session.
Sm_PolicyApi_InvalidHandle. There was no valid initialization prior to this call.
Sm_PolicyApi_NoPrivilege. The administrator does not have the privilege to create a realm.
Sm_PolicyApi_InvalidOid:
- The realm OID was not found during an update.
- The domain OID was not found.
- The agent OID or agent group OID was not found.
- The scheme OID was not found.
- The parent OID could not be found. (The parent OID can be a realm OID or a domain OID.)

Sm_PolicyApi_AddRedirectURLToSAML1xScheme()

Adds or updates a redirect URL setting in a SAML 1.x authentication scheme.

Syntax

int SM_EXTERN Sm_PolicyApi_AddRedirectURLToSAML1xScheme(
        void*        pSessionHandle,
        const char*  pszSchemeOid,
        int          iTypeURL,
        char*        URL,
        int          redirectMode
);

Parameters

pSessionHandle

[in] A pointer to an internal Policy Management API data structure. The structure holds information about the administrator session and the client session.

pszSchemeOid

[in] A null-terminated string containing the object identifier of the authentication scheme being updated.

iTypeUrl

[in] An integer specifying the type of redirect URL, defined in Sm_PolicyAPI_SAML1_STATUS_REDIRECT_URL_TYPE_t as follows:

Sm_PolicyAPI_SAML1_STATUS_REDIRECT_URL_USER_NOT_FOUND_TYPE = 0
Sm_PolicyAPI_SAML1_STATUS_REDIRECT_URL_INVALID_SSO = 1
Sm_PolicyAPI_SAML1_STATUS_REDIRECT_URL_UNACCEPTABLE_USER_CREDENTIALS = 2

URL

[in] A pointer to the input redirect URL.

redirectMode

[in] An integer specifying the input redirect mode, which is either 0 for 302 No Data, or 1 for Http-Post.

Return Values

Sm_PolicyApi_Success. The action was completed successfully.
Sm_PolicyApi_Failure. The action was unsuccessful.
Sm_PolicyApi_InvalidHandle. There was no valid initialization prior to this call.
Sm_PolicyApi_SchemeNotFound. The authentication scheme corresponding to the OID was not found, or was not a SAML 1.x authentication scheme.
Sm_PolicyApi_InvalidOid. The OID of the authentication scheme is NULL.

Sm_PolicyApi_AddRegistrationScheme()

Adds a registration scheme.

Type

Registration scheme function, global scope.

Syntax

int SM_EXTERN Sm_PolicyApi_AddRegistrationScheme (
   void*                         pSessionHandle,
   Sm_PolicyApi_RegistrationScheme_t* 
                                 pstructRegistrationScheme,
   const bool                    bUpdate
);

Parameter	I/O	Description
pSessionHandle	I	A pointer to an internal Policy Management API data structure. The structure holds information about the administrator session and the client session.
pstruct Registration Scheme	I	The address of a pointer to Sm_PolicyApi_RegistrationScheme_t, which contains information about the registration scheme.
bUpdate	I	A flag to indicate that if an existing object is found, it should be updated.

Returns

Sm_PolicyApi_Success. The registration scheme was created successfully.
Sm_PolicyApi_Failure. The registration scheme was not created successfully.
Sm_PolicyApi_InvalidHandle. There was no valid initialization prior to this call.
Sm_PolicyApi_NoSession. There is no valid administrator session.
Sm_PolicyApi_NoPrivilege. The administrator does not have the privilege to create a registration scheme.
Sm_PolicyApi_InvalidOid:
- The registration scheme object identifier was not found during an update.
- The user directory object identifier was not found.

Sm_PolicyApi_AddRegularExpressionToPasswordPolicy()

Adds a regular expression to the referenced password policy. Implemented only if the session's version is set to SM_POLICY_API_VERSION_6_0.

Type

Regular Expression function.

Syntax

int SM_EXTERN    Sm_PolicyApi_AddRegularExpressionToPasswordPolicy (
   void*                              pSessionHandle,
   const char*                        pszPasswordPolicyOid,
   Sm_PolicyApi_RegularExpression_t*  pstructRegExpr
);

Parameter	I/O	Description
pSessionHandle	I	A pointer to an internal Policy Management API data structure. The structure holds information about the administrator session and the client session.
pszPassword PolicyOid	I	The OID of the password policy to add the regular expression to.
pstructRegExpr	I	A pointer to the regular expression structure to add.

Returns

Sm_PolicyApi_Success. The regular expression was added successfully.
Sm_PolicyApi_Failure. The regular expression was not added successfully.
Sm_PolicyApi_NoSession. There is no valid administrator session.
Sm_PolicyApi_InvalidHandle. There was no valid initialization prior to this call.
Sm_PolicyApi_NoPrivilege. The administrator does not have the privilege to add a regular expression.
Sm_PolicyApi_InvalidOid: The password policy OID was not found.

Sm_PolicyApi_AddResponse()

Creates a new SiteMinder response. The attributes of the response itself are contained in the pStructResponse structure.

If the response exists, and the bUpdate flag is true, the item is updated.

Type

Response function, domain scope.

Syntax

int SM_EXTERN Sm_PolicyApi_AddResponse (
   void*                      pSessionHandle,
   Sm_PolicyApi_Response_t*   pStructResponse,
   const bool                 bUpdate
);

Parameter	I/O	Description
pSessionHandle	I	A pointer to an internal Policy Management API data structure. The structure holds information about the administrator session and the client session.
pStructResponse	I	A pointer to a completely filled-in response structure.
bUpdate	I	A flag to indicate that if an existing object is found, it should be updated.

Returns

Sm_PolicyApi_Success. The response was created successfully.
Sm_PolicyApi_Failure. The response was not created successfully.
Sm_PolicyApi_NoSession. There is no valid administrator session.
Sm_PolicyApi_InvalidHandle. There was no valid initialization prior to this call.
Sm_PolicyApi_NoPrivilege. The administrator does not have the privilege to create a response.
Sm_PolicyApi_InvalidOid:
- The response OID was not found during an update.
- The domain OID was not found.
- The agent type OID was not found.

Sm_PolicyApi_AddResponseAttr()

Creates a new SiteMinder response attribute object within the response identified by pszResponseOid. The response attributes are contained in the pstructResponseAttr parameter.

Type

Response function, domain scope.

Syntax

int SM_EXTERN Sm_PolicyApi_AddResponseAttr (
   void*                         pSessionHandle,
   const char*                   pszResponseOid,
   Sm_PolicyApi_ResponseAttr_t*  pstructResponseAttr
);

Parameter	I/O	Description
pSessionHandle	I	A pointer to an internal Policy Management API data structure. The structure holds information about the administrator session and the client session.
pszResponseOid	I	A null-terminated string containing the object identifier of an existing response.
pstructResponseAttr	I	A pointer to a completely filled-in response structure.

Returns

Sm_PolicyApi_Success. The response attribute was added successfully.
Sm_PolicyApi_Failure. The response attribute was not added successfully.
Sm_PolicyApi_NoSession. There is no valid administrator session.
Sm_PolicyApi_InvalidHandle. There was no valid initialization prior to this call.
Sm_PolicyApi_NoPrivilege. The administrator does not have the privilege to add a response attribute.
Sm_PolicyApi_InvalidOid:

The response OID was not found.

The agent type attribute OID was not found.

Sm_PolicyApi_AddRule()

Creates a new SiteMinder rule. The attributes of the rule itself are contained in the structure referenced by pStructRule.

If the rule exists and the bUpdate flag is true, the item is updated.

Note: A rule is always associated with a realm. Rule names are unique within in a realm but not within a domain.

Type

Rule function, domain scope.

Syntax

int SM_EXTERN Sm_PolicyApi_AddRule (
   void*                   pSessionHandle,
   Sm_PolicyApi_Rule_t*    pStructRule,
   const bool              bUpdate
);

Parameter	I/O	Description
pSessionHandle	I	A pointer to an internal Policy Management API data structure. The structure holds information about the administrator session and the client session.
pStructRule	I	A pointer to a completed rule structure.
bUpdate	I	A flag to indicate that if an existing object is found, it should be updated.

Returns

Sm_PolicyApi_Success. The rule was created successfully.
Sm_PolicyApi_Failure. The rule was not created successfully.
Sm_PolicyApi_InvalidHandle. There was no valid initialization prior to this call.
Sm_PolicyApi_NoSession. There is no valid administrator session.
Sm_PolicyApi_NoPrivilege. The administrator does not have the privilege to create a rule.
Sm_PolicyApi_InvalidOid:
- The rule OID was not found during an update.
- The realm OID was not found.

Sm_PolicyApi_AddSAMLAffiliation()

Adds a new SAML affiliation object or modifies an existing one.

Type

SAML 2.0 Configuration function, global scope.

Syntax

int SM_EXTERN Sm_PolicyApi_AddSAMLAffiliation (
   void*                              pSessionHandle,
   Sm_PolicyApi_SAMLAffiliation_t*    pstructAffiliation,
   const bool                         bUpdate,
   char**                             pszErrMsg
);

Parameter	I/O	Description
pSessionHandle	I	A pointer to an internal Policy Management API data structure. The structure holds information about the administrator session and the client session.
pstructAffiliation	I	A pointer to a completed SAML affiliation structure.
bUpdate	I	Specifies whether an update operation should be performed on an existing object.
pszErrMsg	O	String containing an error message if the affiliation is not added or updated successfully. The Policy Management API allocates memory for this parameter dynamically. It is the responsibility of the custom application to free it using a call to Sm_PolicyApi_FreeString(). If Sm_PolicyApi_MissingProperty or Sm_PolicyApi_InvalidProp are returned, this field contains the name of the property that is missing or invalid.

Returns

Sm_PolicyApi_Success. The operation was successful.
Sm_PolicyApi_Failure. The operation was not successful.
Sm_PolicyApi_InvalidProp. A specified property is invalid. The property name is returned in pszErrMsg.
Sm_PolicyApi_MissingProperty. A required property was not specified. The property name is returned in pszErrMsg.
Sm_PolicyApi_InvalidHandle. There was no valid initialization prior to this call.
Sm_PolicyApi_NoSession. There is no valid administrator session.
Sm_PolicyApi_NoPrivilege. The administrator does not have the privilege to create a SAML affiliation.
Sm_PolicyApi_InsufficientData. Required properties for configuring the SAML affiliation were missing.

Sm_PolicyApi_AddSAMLScheme()

Adds a new SAML 2.0 authentication scheme object or modifies an existing one. This function also defines metadata properties for the associated Identity Provider. The metadata properties are stored with the authentication scheme.

Type

SAML 2.0 Configuration function, global scope.

Syntax

int SM_EXTERN Sm_PolicyApi_AddSAMLScheme

(
   void*                                     pHandle,
   Sm_PolicyApi_Scheme_t*                    pstructScheme,
   Sm_PolicyApi_SAMLProviderProp_t*          pProps,
   const bool                                bUpdate,
   char**                                    pszErrMsg
);

Parameter	I/O	Description
pHandle	I	A pointer to an internal Policy Management API data structure. The structure holds information about the administrator session and the client session.
pstructScheme	I	A pointer to a completed scheme structure.
pProps	I	SAML 2.0 metadata properties associated with the authentication scheme. If you do not assign a value to a property associated with a default value, the default will be assigned.
bUpdate	I	Specifies whether an update operation should be performed on an existing object.
pszErrMsg	O	String containing an error message if the authentication scheme is not added or updated successfully. The Policy Management API allocates memory for this parameter dynamically. It is the responsibility of the custom application to free it using a call to Sm_PolicyApi_FreeString().. If Sm_PolicyApi_MissingProperty or Sm_PolicyApi_InvalidProp are returned, this field contains the name of the property that is missing or invalid.

Returns

Sm_PolicyApi_Success. The SAML 2.0 authentication scheme operation was successful.
Sm_PolicyApi_Failure. The SAML 2.0 authentication operation was not successful
Sm_PolicyApi_InvalidProp. A specified property is invalid. The property name is returned in pszErrMsg.
Sm_PolicyApi_MissingProperty. A required property was not specified. The property name is returned in pszErrMsg.
Sm_PolicyApi_InvalidHandle. There was no valid initialization prior to this call.
Sm_PolicyApi_NoSession. There is no valid administrator session.
Sm_PolicyApi_NoPrivilege. The administrator does not have the privilege to create a SAML 2.0 authentication scheme.
Sm_PolicyApi_SAMLIDP_IncorrectParameters. The supplied SAML provider properties are incomplete or incorrect.
Sm_PolicyApi_SAMLIDP_ProviderIdNotUnique. The supplied SAML provider ID is not unique.

Sm_PolicyApi_AddSAMLServiceProvider()

Adds a new SAML 2.0 Service Provider object or modifies an existing one.

If a Service Provider cannot be created, any associated objects created in the policy store during the attempt will be rolled back.

Type

SAML 2.0 Configuration function, domain scope.

Syntax

int SM_EXTERN Sm_PolicyApi_AddSAMLServiceProvider
(
   void*                          pSessionHandle,
   Sm_PolicyApi_SAMLSP_t*         pstructSAMLSP,
   const bool                     bUpdate,
   char**                         pszErrMsg
);

Parameter	I/O	Description
pSessionHandle	I	A pointer to an internal Policy Management API data structure. The structure holds information about the administrator session and the client session.
pstructSAMLSP	I	A pointer to a completed Service Provider structure.
bUpdate	I	Specifies whether an update operation should be performed on an existing object.
pszErrMsg	O	String containing an error message if the Service Provider is not added or updated successfully. The Policy Management API allocates memory for this parameter dynamically. It is the responsibility of the custom application to free it using a call to Sm_PolicyApi_FreeString(). If Sm_PolicyApi_MissingProperty or Sm_PolicyApi_InvalidProp are returned, this field contains the name of the property that is missing or invalid.

Returns

Sm_PolicyApi_Success. The Service Provider operation was successful.
Sm_PolicyApi_Failure. The Service Provider operation was not successful.
Sm_PolicyApi_InvalidProp. A specified property is invalid. The property name is returned in pszErrMsg.
Sm_PolicyApi_MissingProperty. A required property was not specified. The property name is returned in pszErrMsg.
Sm_PolicyApi_InvalidHandle. There was no valid initialization prior to this call.
Sm_PolicyApi_NoSession. There is no valid administrator session.
Sm_PolicyApi_NoPrivilege. The administrator does not have the privilege to create a Service Provider.
Sm_PolicyApi_DomainNotFound. The affiliate domain OID was not found.
Sm_PolicyApi_DomainNotAffiliate. The domain is not an affiliate domain.
Sm_PolicyApi_InsufficientSPData. Required properties for configuring the Service Provider were missing.

Sm_PolicyApi_AddScheme()

Creates a new SiteMinder authentication scheme. Attributes of the scheme are contained in the pstructScheme structure.

If the scheme exists and the bUpdate flag is true, the item is updated.

Type

Authentication scheme function, global scope.

Syntax

int SM_EXTERN Sm_PolicyApi_AddScheme (
   void*                    pSessionHandle,
   Sm_PolicyApi_Scheme_t*   pstructScheme,
   const bool               bUpdate
);

Parameter	I/O	Description
pSessionHandle	I	A pointer to an internal Policy Management API data structure. The structure holds information about the administrator session and the client session.
pstructScheme	I	A pointer to a completely filled-in scheme structure.
bUpdate	I	A flag to indicate that if an existing object is found, it should be updated.

Returns

Sm_PolicyApi_Success. The scheme was created successfully.
Sm_PolicyApi_Failure. The scheme was not created successfully.
Sm_PolicyApi_InvalidHandle. There was no valid initialization prior to this call.
Sm_PolicyApi_NoSession. There is no valid administrator session.
Sm_PolicyApi_NoPrivilege. The administrator does not have the privilege to create a scheme.
Sm_PolicyApi_InvalidOid. The scheme object identifier was not found during an update.

Sm_PolicyAPI_AddTargetConfigToSAML1xScheme

Adds a default target configuration setting in a SAML 1.x authentication scheme.

Syntax

The Sm_PolicyApi_AddTargetConfigToSAML1xScheme function has the following syntax:

int SM_EXTERN Sm_PolicyApi_AddTargetConfigToSAML1xScheme(
        void*        pHandle,
        const char*  pszSchemeOid,
        const char*  pszURL,
        int         iQPOverridesTarget
);

Parameters

The Sm_PolicyApi_AddTargetConfigToSAML1xScheme function accepts the following parameters:

pHandle

[in] A pointer to an internal Policy Management API data structure. The structure holds information about the administrator session and the client session.

pszSchemeOid

[in] A null-terminated string containing the object identifier of the authentication scheme being updated.

pszURL

[in] A pointer to a valid default target configuration URL.

iQPOverrides Target

[in] An integer specifying the value specified in the 'Query parameter override Default Target' check box.

Valid values for iQPOverridesTarget are:

0 specifies that the query parameter does not override the target.
1 specifies that the query parameter overrides the target.

Return Values

The Sm_PolicyApi_AddTargetConfigToSAML1xScheme function returns one of the following values:

Sm_PolicyApi_Success. The action was completed successfully.
Sm_PolicyApi_Failure. The action was unsuccessful.
Sm_PolicyApi_InvalidHandle. There was no valid initialization prior to this call.
Sm_PolicyApi_SchemeNotFound. The authentication scheme corresponding to the OID was not found, or was not a SAML 1.x authentication scheme.
Sm_PolicyApi_InvalidOid. The OID of the authentication scheme is NULL.

Sm_PolicyApi_AddToGroup()

Adds an item to the group identified by pszGroupOid.

The item (which may be a group) and the group must exist and must be of the same type.

The pszDomainOid parameter is required by a rule group or response group. An agent group does not require a domain OID because it is not a domain-based object.

Type

Group function, global scope (agents) or domain scope (responses, rules).

Syntax

int SM_EXTERN Sm_PolicyApi_AddToGroup (
   void*                   pSessionHandle,
   Sm_PolicyApi_Groups_t   dwGroup,
   const char*             pszItemOid,
   const char*             pszGroupOid,
   const char*             pszDomainOid
);

Parameter	I/O	Description
pSessionHandle	I	A pointer to an internal Policy Management API data structure. The structure holds information about the administrator session and the client session.
dwGroup	I	The type of group.
pszItemOid	I	A null-terminated string containing the object identifier of an existing item of the same type as the group.
pszGroupOid	I	A null-terminated string containing the object identifier of a group of the type indicated by dwGroup.
pszDomainOid	I	A null-terminated string containing the object identifier of an existing domain. Required for rule and response objects.

Returns

Sm_PolicyApi_Success. The add was successful.
Sm_PolicyApi_Failure. The add was not successful.
Sm_PolicyApi_InvalidHandle. There was no valid initialization prior to this call.
Sm_PolicyApi_NoSession. There is no valid administrator session.
Sm_PolicyApi_NoPrivilege. The administrator does not have the privilege to add a rule, response, or agent OID to its respective group.
Sm_PolicyApi_InvalidOid:
- The domain OID was not found (for a domain-based group).
- The group OID was not found.
- The rule, response, or agent OID or group OID was not found.
Sm_PolicyApi_BadGroup. Parameter dwGroup is not the rule, response, or agent type.

Sm_PolicyApi_AddTrustedHost()

Creates or modifies a trusted host object in the object store.

Use this function to register the trusted host "offline"-that is, without a connection between the agent and the Policy Server. When you use this function, you must run the SiteMinder smreghost tool to define the shared secret in the host configuration file (default name SmHost.conf). You define the shared secret with the -sh option of the smreghost tool.

Type

Agent configuration function, global scope.

Syntax

int SM_EXTERN Sm_PolicyApi_AddTrustedHost (
     void*                            pSessionHandle,
     Sm_PolicyApi_TrustedHost_t*      pstructTrustedHost,
     bool                             bUpdate,
     bool                             bGenSharedSecret
);

Parameter	I/O	Description
pSessionHandle	I	Specifies the identifier of the session.
pstructTrustedHost	I/O	The address of a structure of type Sm_PolicyApi_TrustedHost_t. The structure is filled by a caller prior to a function call.
bUpdate	I	Specifies whether the function was called to update the existing object in the object store.
bGenSharedSecret	I	Indicates whether to generate the shared secret.

Remarks

If bGenSharedSecret is true, the function generates a 128-byte value and updates the pszSecret field of pstructTrustedHost. If bGenSharedSecret is false, the value of the shared secret for a new or updated trusted host object is taken from the pszSecret field of the pstructTrustedHost structure.

If both bGenSharedSecret and bUpdate are true, the function ignores the value specified in the pszSecret field of pstructTrustedHost, generates a new value, and updates the object in the object store and in the pszSecret field of pstructTrustedHost.

If the function generates the shared secret, you must retrieve the generated shared secret in clear text so that you can define it in the -sh option of the smreghost tool. To retrieve the shared secret, call Sm_PolicyApi_GetTrustedHost().

In past releases, agent registration with the Policy Server always used 128-byte random ASCII shared secrets. The new model makes it possible to use a user-defined string value as a shared secret. This is a potential security weakness. The administrator who chooses offline agent host configuration must create a strong shared secret and store it safely. It is strongly recommended that you call the function Sm_PolicyApi_AddTrustedHost() with the bGenSharedSecret parameter set to true. This enforces automatic generation of a hard-to-guess shared secret.

Use of this function is not required to either create a trusted host or to define the host configuration. SiteMinder automatically creates and configures the trusted host during installation, and also when you run smreghost without using the -sh option.

Returns

Sm_PolicyApi_Success. The trusted host object was created or modified.
Sm_PolicyApi_Failure. Generalized failure.
Sm_PolicyApi_InvalidOid. The unique ID does not correspond to a Trusted Host object.
Sm_PolicyApi_NoPrivilege. The caller does not have the proper privileges to add or modify a trusted host object.
Sm_PolicyApi_InvalidHandle. The session pointer is not valid.
Sm_PolicyApi_NotUnique. The shared secret already exists.
Sm_PolicyApi_NoSession. The API user is not properly logged in.
Sm_PolicyApi_InvalidProp. Invalid shared secret value specified.
Sm_PolicyApi_GenSharedSecretFailure. Failed to generate a 128‑byte shared secret value.

Sm_PolicyApi_AddUserDirToAffiliateDomain()

Adds a user directory to an existing affiliate domain.

Type

Federation function

Syntax

int SM_EXTERN Sm_PolicyApi_AddUserDirToAffiliateDomain (
   void*         pSessionHandle,
   const char*   pszUserDirOid,
   const char*   pszAffiliateDomainOid
);

Parameter	I/O	Description
pSessionHandle	I	A pointer to an internal Policy Management API data structure. The structure holds information about the administrator session and the client session.
pszUserDirOid	I	A null-terminated string containing the object identifier of an existing user directory.
pszAffiliate DomainOid	I	A null-terminated string containing the object identifier of an existing affiliate domain.

Returns

Sm_PolicyApi_Success. The user directory was added to the affiliate domain successfully.
Sm_PolicyApi_Failure. The user directory was not added to the affiliate domain.
Sm_PolicyApi_NoSession. There is no valid administrator session.
Sm_PolicyApi_InvalidHandle. There was no valid initialization prior to this call.
Sm_PolicyApi_NoPrivilege. The administrator does not have the privilege to add a user directory to an affiliate domain.
Sm_PolicyApi_InvalidOid. The affiliate domain OID or user directory OID was not found during an update.
Sm_PolicyApi_DuplicateEntry. The user directory exists in the user directory collection of the domain.

Sm_PolicyApi_AddUserDirToDomain()

Associates the directory object identified by pszUserDirOid with the domain identified by pszDomainOid. The directory object is appended to the end of the search order.

Type

User directory function, global scope.

Syntax

int SM_EXTERN Sm_PolicyApi_AddUserDirToDomain (
   void*          pSessionHandle,
   const char*    pszUserDirOid,
   const char*    pszDomainOid
);

Parameter	I/O	Description
pSessionHandle	I	A pointer to an internal Policy Management API data structure. The structure holds information about the administrator session and the client session.
pszUserDirOid	I	A null-terminated string containing the object identifier of an existing user directory.
pszDomainOid	I	A null-terminated string containing the object identifier of an existing domain.

Returns

Sm_PolicyApi_Success. The add operation was successful.
Sm_PolicyApi_Failure. The add operation was not successful.
Sm_PolicyApi_NoSession. There is no valid administrator session.
Sm_PolicyApi_InvalidHandle. There was no valid initialization prior to this call.
Sm_PolicyApi_NoPrivilege. The administrator does not have the privilege to add a user directory to a domain.
Sm_PolicyApi_InvalidOid. A user directory or domain OID was not found.
Sm_PolicyApi_DuplicateEntry. The user directory exists in the user directory collection of the domain.

Sm_PolicyApi_AddUseSecureAuthPropToAffiliate()

Adds or updates the UseSecureAuthURL property to a SAML 1.x affiliate.

Syntax

int SM_EXTERN Sm_PolicyApi_AddUseSecureAuthPropToAffiliate(
   void*    pHandle,
   char*    pszAffiliateOID,
   bool     bUseSecureAuthURL
                           
);

Parameters

pHandle: [in] A pointer to an internal Policy Management API data structure. The structure holds information about the administrator session and the client session.
pszAffiliateOid: [in] A pointer to the OID of an existing SMAL 1.x affiliate.
bUseSecureAuthURL: [in] A Boolean value that specifies whether to use a secure authentication URL for this affiliate.

Returns

Sm_PolicyApi_Success. The action was completed successfully.
Sm_PolicyApi_Failure. The action was unsuccessful.
Sm_PolicyApi_NoSession. There was no valid initialization prior to this call.
Sm_PolicyApi_NoPrivilege. The administrator did not have sufficient access privileges.

Sm_PolicyApi_AddUsersToAffiliate()

Adds a user directory entry to an affiliate.

Type

Federation function

Syntax

int SM_EXTERN Sm_PolicyApi_AddUsersToAffiliate (
   void*               pSessionHandle,
   const char*         pszAffiliateOid,
   Sm_PolicyApi_User_t *pStructUsers,
   int                 iPolicyFlags
);

Parameter	I/O	Description
pSessionHandle	I	A pointer to an internal Policy Management API data structure. The structure holds information about the administrator session and the client session.
pszAffiliateOid	I	A null-terminated string containing the object identifier of an existing affiliate.
pStructUsers	I	Pointer to a Sm_PolicyApi_User_t structure containing information about the user directory.
iPolicyFlags	I	A bit field that indicates whether the policy includes or excludes a user and whether the policy should be applied recursively. The bit definitions are listed in Figure 21 on page 112.

Returns

Sm_PolicyApi_Success. The user was added was successful.
Sm_PolicyApi_Failure. The user was not added successfully.
Sm_PolicyApi_InvalidHandle. There was no valid initialization prior to this call.
Sm_PolicyApi_NoSession. There is no valid administrator session.
Sm_PolicyApi_NoPrivilege. The administrator does not have the privilege to add a user.
Sm_PolicyApi_InvalidOid: The affiliate OID was not found.
Sm_PolicyApi_DuplicateEntry. The user is already part of the affiliate.

Sm_PolicyApi_AddUsersToPolicy()

Adds a user directory entry to the policy identified by pszPolicyOid. Only one user specification (which may be an aggregate) can be added at a time.

Type

User and user state function.

Syntax

int SM_EXTERN Sm_PolicyApi_AddUsersToPolicy (
   void*                 pSessionHandle,
   const char*           pszPolicyOid,
   Sm_PolicyApi_User_t*  pStructUsers,
   int                   iPolicyFlags
);

Parameter	I/O	Description
pSessionHandle	I	A pointer to an internal Policy Management API data structure. The structure holds information about the administrator session and the client session.
pszPolicyOid	I	A null-terminated string containing the object identifier of an existing policy to which a user is to be added.
pStructUsers	I	Pointer to a Sm_PolicyApi_User_t structure containing information about the user directory.
iPolicyFlags	I	A bit field that indicates whether the policy includes or excludes users, and whether the policy should be applied recursively. Bit definitions are listed in Policy Flags.

Returns

Sm_PolicyApi_Success. The add was successful.
Sm_PolicyApi_Failure. The user directory is not part of the domain user directory collection.
Sm_PolicyApi_InvalidHandle. There was no valid initialization prior to this call.
Sm_PolicyApi_NoSession. There is no valid administrator session.
Sm_PolicyApi_NoPrivilege. The administrator does not have the privilege to add users to the policy.
Sm_PolicyApi_InvalidOid:
- The policy OID was not found.
- The user directory OID was not found.
Sm_PolicyApi_DuplicateEntry. The user is already part of the policy.
Sm_PolicyApi_InConsistentANDBitMask. An existing user policy of this particular user directory under the policy has a different value of Sm_PolicyBehavior_AND_Mask set as against the one to be added.

Sm_PolicyApi_AddUsersToSAMLServiceProvider()

Associates a user directory entry with SAML 2.0 Service Provider.

Type

SAML 2.0 Configuration function, domain scope.

Syntax

int SM_EXTERN Sm_PolicyApi_AddUsersToSAMLServiceProvider

(
   void*                          pSessionHandle,
   const char*                    pszProviderOid,
   Sm_PolicyApi_User_t*           pStructUsers,
   int                            iPolicyFlags
);

Parameter	I/O	Description
pSessionHandle	I	A pointer to an internal Policy Management API data structure. The structure holds information about the administrator session and the client session.
pszProviderOid	I	A null-terminated string containing the object identifier of an existing SAML Service Provider.
pStructUsers	I	Pointer to a Sm_PolicyApi_User_t structure containing information about the user directory.
iPolicyFlags	I	A bit field that indicates whether: The policy created for the SAML Service Provider includes a user The policy should be applied recursively

Returns

Sm_PolicyApi_Success. The user was added successfully.
Sm_PolicyApi_Failure. The user was not added successfully.
Sm_PolicyApi_InvalidHandle. There was no valid initialization prior to this call.
Sm_PolicyApi_NoSession. There is no valid administrator session.
Sm_PolicyApi_NoPrivilege. The administrator does not have the privilege to add a user.
Sm_PolicyApi_InvalidOid. The Service Provider OID was not found.
Sm_PolicyApi_DuplicateEntry. The user is already part of the Service Provider.

Sm_PolicyApi_AddUsersToWSFEDResourcePartner()

Associates a user directory entry with WS-Federation Resource Partner.

Syntax

int SM_EXTERN Sm_PolicyApi_AddUsersToWSFEDResourcePartner (
        void* pSessionHandle,
        const char * pszProviderOid,
        Sm_PolicyApi_User_t *pStructUsers,
        int   iPolicyFlags
);

Parameters

pSessionHandle: [in] A pointer to an internal Policy Management API data structure. The structure holds information about the administrator session and the client session.
pszProviderOid: [in] A null-terminated string containing the object identifier of an existing WS-Federation Resource Partner.
pStructUsers: [in] A Pointer to a Sm_PolicyApi_User_t structure containing information about the user directory.
iPolicyFlags: [in] A bit field that indicates whether the policy created for WS-Federation Resource Partner includes or excludes a user and whether the policy should be applied recursively.

Return Values

Sm_PolicyApi_Success. The user was added successfully.
Sm_PolicyApi_Failure. The user was not added successfully.
Sm_PolicyApi_InvalidHandle. There was no valid initialization prior to this call.
Sm_PolicyApi_NoSession. There is no valid administrator session.
Sm_PolicyApi_NoPrivilege. The administrator does not have the privilege to add a user.
Sm_PolicyApi_InvalidOid. The Resource Partner OID was not found.
Sm_PolicyApi_DuplicateEntry. The user is already part of the Resource Partner.

Sm_PolicyApi_AddVariable()

Adds a variable object.

Type

Variable function.

Syntax

int SM_EXTERN Sm_PolicyApi_AddVariable (
   void*                      pSessionHandle,
   Sm_PolicyApi_Variable_t*   pstructVariable,
   const bool                 bUpdate
);

Parameter	I/O	Description
pSessionHandle	I	A pointer to an internal Policy Management API data structure. The structure holds information about the administrator session and the client session.
pstructVariable	I	A pointer to a Sm_PolicyApi_Variable_t structure containing information about the variable.
bUpdate	I	A flag to indicate that if an existing object is found, it should be updated.

Returns

Sm_PolicyApi_Success. The add operation was successful.
Sm_PolicyApi_Failure. The add operation was not successful.
Sm_PolicyApi_InvalidHandle. There was no valid initialization prior to this call.
Sm_PolicyApi_NoSession. There is no valid administrator session.
Sm_PolicyApi_NoPrivilege. The administrator does not have the privilege to add a variable.
Sm_PolicyApi_FeatureNotSupported. The client who called this function initialized the API with a version less than SM_POLICY_API_VERSION_6_0.

Sm_PolicyApi_AddWSFEDResourcePartner()

Creates a new or update an existing WS-Federation Resource Partner object. Validation of properties (values and dependencies on other properties) is performed.

Syntax

int SM_EXTERN Sm_PolicyApi_AddWSFEDResourcePartner (
        void* pSessionHandle,
        Sm_PolicyApi_WSFEDResourcePartner_t* structServiceProvider,
        const bool bUpdate,
        char **pszErrMsg
);

Parameters

pSessionHandle: [in] A pointer to an internal Policy Management API data structure. The structure holds information about the administrator session and the client session.
pstructServiceProvider: [in] A pointer to a completely filled-in WS-Federation Resource Partner structure.
bUpdate: [in] A flag to indicate that if an existing object is found, update it.
pszErrMsg: [out] When a call to this function returns a value of Sm_PolicyApi_SAML_UnknownProperty, Sm_PolicyApi_MissingProperty, or Sm_PolicyApi_InvalidProp, this variable contains the name of the property which produced the error. You release the memory allocated for this variable by using a call to Sm_PolicyApi_FreeString().

Return Values

Sm_PolicyApi_Success. The Resource Partner was created successfully.
Sm_PolicyApi_Failure. The Resource Partner was not created successfully.
Sm_PolicyApi_InvalidHandle. There was no valid initialization prior to this call.
Sm_PolicyApi_NoSession. There is no valid administrator session.
Sm_PolicyApi_NoPrivilege. The administrator does not have the privilege to create an affiliate.
Sm_PolicyApi_DomainNotFound. The affiliate domain OID was not found.
Sm_PolicyApi_DomainNotAffiliate. The domain is not an affiliate domain.
Sm_PolicyApi_InsufficientRPData. Required properties for configuring the Resource Partner were missing.
Sm_PolicyApi_WSFED_UnknownProperty. An unknown property name was provided.
Sm_PolicyApi_WSFEDRP_AssertionConsumerDefaultMissing. The property which is required, potentially due to a dependency, was not provided.
Sm_PolicyApi_WSFEDRP_AuthenticationURLMissing. The property which is required, potentially due to a dependency, was not provided.
Sm_PolicyApi_WSFEDRP_DomainOidMissing. The property which is required, potentially due to a dependency, was not provided.
Sm_PolicyApi_WSFEDRP_APIDMissing. The property which is required, potentially due to a dependency, was not provided.
Sm_PolicyApi_WSFEDRP_NameMissing. The property which is required, potentially due to a dependency, was not provided.
Sm_PolicyApi_WSFEDRP_NameIdFormatMissing. The property which is required, potentially due to a dependency, was not provided.
Sm_PolicyApi_WSFEDRP_NameIdTypeMissing. The property which is required, potentially due to a dependency, was not provided.
Sm_PolicyApi_WSFEDRP_NameIdStaticMissing. The property which is required, potentially due to a dependency, was not provided.
Sm_PolicyApi_WSFEDRP_NameIdAttrNameMissing. The property which is required, potentially due to a dependency, was not provided.
Sm_PolicyApi_WSFEDRP_NameIdDNSpecMissing. The property which is required, potentially due to a dependency, was not provided.
Sm_PolicyApi_WSFEDRP_ProviderIdMissing. The property which is required, potentially due to a dependency, was not provided.
Sm_PolicyApi_WSFEDRP_ProviderIdNotUnique. The property which is required, potentially due to a dependency, was not provided.
Sm_PolicyApi_WSFEDRP_UnSupportedSAMLVersion. The property which is required, potentially due to a dependency, was not provided.
Sm_PolicyApi_WSFEDRP_UnknownProperty. The property which is required, potentially due to a dependency, was not provided.
Sm_PolicyApi_MissingProperty. A property which is required, potentially due to a dependency, was not provided.
Sm_PolicyApi_InvalidProp.The value for a provided property is invalid.

Remarks

In the event that a Resource Partner cannot be created, any objects created in the policy store must be rolled back. In addition, the prefix string wsfed: will be used for the Name property to differentiate between affiliate: and samlsp:.

Sm_PolicyApi_AddWSFEDScheme()

Creates a new or updates an existing SiteMinder WSFED authentication scheme (WSFED auth scheme) object. Validation of properties (values and dependencies on other properties) is performed.

Syntax

int SM_EXTERN Sm_PolicyApi_AddWSFEDScheme(
        void* pSessionHandle,
        Sm_PolicyApi_Scheme_t* pstructScheme,
        Sm_PolicyApi_WSFEDProviderProp_t* pProps,
        const bool bUpdate,
        char **pszErrMsg
);

Parameters

pSessionHandle: [in] A pointer to an internal Policy Management API data structure. The structure holds information about the administrator session and the client session.
pstructScheme: [in] A pointer to a completely filled-in scheme structure.
pProps: [in] A pointer to a linked list of WSFED provider properties.
bUpdate: [in] A flag to indicate that if an existing object is found, it should be updated.
pszErrMsg: [out] When a call to this function returns a value of Sm_PolicyApi_WSFED_UnknownProperty, Sm_PolicyApi_MissingProperty or Sm_PolicyApi_InvalidProp, this variable contains the name of the property which produced the error. You release the memory allocated for this variable by using a call to SmPolicyApi_FreeString().

Return Values

Sm_PolicyApi_Success. The WSFED auth scheme was created successfully.
Sm_PolicyApi_Failure. The WSFED auth scheme was not created successfully.
Sm_PolicyApi_InvalidHandle. There was no valid initialization prior to this call.
Sm_PolicyApi_NoSession. There is no valid administrator session.
Sm_PolicyApi_NoPrivilege. The administrator does not have the privilege to create a WSFED auth scheme.
Sm_PolicyApi_WSFEDAP_IncorrectParameters. Supplied WSFED Account Partner properties are incomplete or incorrect.
Sm_PolicyApi_WSFEDAP_ProviderIdNotUnique. Supplied WSFED Account Partner ID is not unique.
Sm_PolicyApi_WSFED_UnknownProperty. An unknown property name was provided.
Sm_PolicyApi_MissingProperty. A property which is required, potentially due to a dependency, was not provided.
Sm_PolicyApi_InvalidProp. The value for a provided property is invalid.

Sm_PolicyApi_ConvertFromLegacyAgent()

Converts a v4.x agent to a v5.x agent.

Calling this function is the equivalent of clearing the Support 4.x agents check box on the Agent Properties dialog box.

Type

Agent function, global scope.

Syntax

int SM_EXTERN Sm_PolicyApi_ConvertFromLegacyAgent (
   void*                   pSessionHandle,
   Sm_PolicyApi_Agent_t*   pStructAgent
);

Parameter	I/O	Description
pSessionHandle	I	A pointer to an internal Policy Management API data structure. The structure holds information about the administrator session and the client session.
pStructAgent	I	A pointer to a completely filled-in agent structure.

Returns

Sm_PolicyApi_Success. The agent was converted successfully.
Sm_PolicyApi_Failure. The agent conversion failed.
Sm_PolicyApi_InvalidProp. One or more properties defined in pStructAgent are invalid.
Sm_PolicyApi_InvalidHandle. There was no valid initialization prior to this call.
Sm_PolicyApi_NoSession. There is no valid administrator session.
Sm_PolicyApi_NoPrivilege. The administrator does not have the privilege to modify an agent.

Sm_PolicyApi_ConvertToLegacyAgent()

Converts a v5.x agent to a v4.x agent.

Calling this function is the equivalent of checking the Support 4.x agents check box on the Agent Properties dialog box.

Type

Agent function, global scope.

Syntax

int SM_EXTERN Sm_PolicyApi_ConvertToLegacyAgent (
   void*                   pSessionHandle,
   Sm_PolicyApi_Agent_t*   pStructAgent
);

Parameter	I/O	Description
pSessionHandle	I	A pointer to an internal Policy Management API data structure. The structure holds information about the administrator session and the client session.
pStructAgent	I	A pointer to a completely filled-in agent structure.

Returns

Sm_PolicyApi_Success. The agent was converted successfully.
Sm_PolicyApi_Failure. The agent conversion failed.
Sm_PolicyApi_InvalidProp. One or more properties defined in pStructAgent are invalid.
Sm_PolicyApi_InvalidHandle. There was no valid initialization prior to this call.
Sm_PolicyApi_NoSession. There is no valid administrator session.
Sm_PolicyApi_NoPrivilege. The administrator does not have the privilege to modify an agent.

Sm_PolicyApi_CreateAuthAzMap()

Creates an authentication and authorization directory mapping object.

Type

Authentication/Authorization map function, global scope.

Syntax

int SM_EXTERN Sm_PolicyApi_CreateAuthAzMap (
   void*                       pSessionHandle,
   Sm_PolicyApi_AuthAzMap_t*   pAuthAzMap,
   const bool                  bUpdate
);

Parameter	I/O	Description
pSessionHandle	I	A pointer to an internal Policy Management API data structure. The structure holds information about the administrator session and the client session.
pAuthAzMap	I	The address of a pointer to information about authentication and authorization mapping.
bUpdate	I	A flag to indicate that if an existing object is found, it should be updated.

Returns

Sm_PolicyApi_Success. The directory mapping object was created successfully.
Sm_PolicyApi_InvalidHandle. There was no valid initialization prior to this call.
Sm_PolicyApi_NoSession. There is no valid administrator session.
Sm_PolicyApi_NoPrivilege. The administrator does not have the privilege to create a directory mapping object.
Sm_PolicyApi_InvalidOid:
- An authentication user directory OID was not found.
- An authorization user directory OID was not found.
- A directory-mapping object OID was not found.

Sm_PolicyApi_CreateCertMap()

Creates a certification mapping object.

Type

Certificate map function, global scope.

Syntax

int SM_EXTERN Sm_PolicyApi_CreateCertMap (
   void*                      pSessionHandle,
   Sm_PolicyApi_CertMap_t*    pCertMap,
   const bool                 bUpdate
);

Parameter	I/O	Description
pSessionHandle	I	A pointer to an internal Policy Management API data structure. The structure holds information about the administrator session and the client session.
pCertMap	I	The address of a pointer to Sm_PolicyApi_CertMap_t, which contains information about certificate mapping.
Update	I	A flag to indicate that if an existing object is found, it should be updated.

Returns

Sm_PolicyApi_Success. The certificate mapping object was created successfully.
Sm_PolicyApi_InvalidHandle. There was no valid initialization prior to this call.
Sm_PolicyApi_NoSession. There is no valid administrator session.
Sm_PolicyApi_NoPrivilege. The administrator does not have the privilege to create a certificate mapping object.
Sm_PolicyApi_InvalidOid. The user directory OID was not found or the certificate mapping object OID was not found during an update.
Sm_PolicyApi_Invalid. The directory type is not valid.

Sm_PolicyApi_CreateODBCQueryScheme()

Creates a new ODBC Query Scheme. An ODBC query scheme is used to create an ODBC directory. The attributes of the user directory are contained in the pstructODBCQueryScheme structure.

If the user ODBC query scheme object exists and the bUpdate flag is true, the item is updated.

Type

ODBC query scheme function, global scope.

Syntax

int SM_EXTERN Sm_PolicyApi_CreateODBCQueryScheme (
   void*                             pSessionHandle,
   Sm_PolicyApi_ODBCQueryScheme_t*   pstructODBCQueryScheme,
   const bool                        bUpdate
);

Parameter	I/O	Description
pSessionHandle	I	A pointer to an internal Policy Management API data structure. The structure holds information about the administrator session and the client session.
pstructODBCQueryScheme	I	A pointer to a completely filled-in ODBC query scheme.
bUpdate	I	A flag to indicate that if an existing object is found, it should be updated.

Returns

Sm_PolicyApi_Success. The ODBC Query Scheme was created successfully.
Sm_PolicyApi_Failure. The ODBC Query Scheme was not created successfully.
Sm_PolicyApi_InvalidHandle. There was no valid initialization prior to this call.
Sm_PolicyApi_NoSession. There is no valid administrator session.
Sm_PolicyApi_NoPrivilege. The administrator does not have the privilege to create an ODBC Query Scheme.
Sm_PolicyApi_InvalidOid. The ODBC Query Scheme OID was not found. This happens when this function is called with bUpdate set to true and the pszOid field of Sm_PolicyApi_ODBCQueryScheme_t holds the OID of the ODBC Query Scheme being updated.
Sm_PolicyApi_NotUnique. An ODBC Query Scheme with the same name exists.
Sm_PolicyApi_MissingProperty. One of the required fields is not set.

Sm_PolicyApi_CreateUserDir()

Creates a new SiteMinder user directory object at global scope. The attributes of the user directory are contained in the pstructUserDir structure.

If the user directory object exists and the bUpdate flag is true, the item is updated.

Type

User directory function, global scope.

Syntax

int SM_EXTERN Sm_PolicyApi_CreateUserDir (
   void*                     pSessionHandle,
   Sm_PolicyApi_UserDir_t*   pstructUserDir,
   const bool                bUpdate
);

Parameter	I/O	Description
pSessionHandle	I	A pointer to an internal Policy Management API data structure. The structure holds information about the administrator session and the client session.
pstructUserDir	I	A pointer to a completely filled-in user directory structure.
bUpdate	I	A flag to indicate that if an existing object is found, it should be updated.

SM_PolicyAPI_UserDir_t Field Usage

The following table shows the SM_PolicyAPI_UserDir_t field that Sm_PolicyApi_CreateUserDir() uses for different types of user directories:

Field	User Directory Type

Field	ODBC	LDAP	WinNT	Custom
pszOid Object Identifier of the user directory being updated	X	X	X	X
pszName Required field.	X	X	X	X
pszDesc	X	X	X	X
pszNamespace Required field.	ODBC	LDAP	WinNT	Custom
pszServer Required field.	ODBC data source	IP address	NT Domain name	Name of shared library
pszODBCQuerySchemeOid Required field.	X
pszSearchRoot		X		parameter string
pszUserLookupStart		X
pszUserLookupEnd		X
bRequireCredentials	X	X	X	X
pszUsername Required field if bRequireCredentials is true.	X	X	X	X
pszPassword Required field if bRequireCredentials is true.	X	X	X	X
nSearchResults		X		Max results
nSearchScope		X
nSearchTimeout		X		Max time out
bSecureConnection		X		X
pszDisabledAttr	X	X		(Varies)
pszUniversalIDAttr	X	X	X	(Varies)
pszAnonymousId		X		(Varies)
pszPasswordData	X	X		(Varies)
pszPasswordAttribute	X	X		(Varies)
pszEmailAddressAttr
pszChallengeRespAttr		X		(Varies)

Note: With custom directories, fields indicated by the word varies may or may not apply to the user directory object being created.

Returns

Sm_PolicyApi_Success. The user directory was created successfully.
Sm_PolicyApi_Failure. The user directory was not created successfully.
Sm_PolicyApi_NoSession. There is no valid administrator session.
Sm_PolicyApi_InvalidHandle. There was no valid initialization prior to this call.
Sm_PolicyApi_NoPrivilege. The administrator does not have the privilege to create a user directory.
Sm_PolicyApi_InvalidOid:
- A user directory type with the specified OID was not found.
- A user directory OID cannot be found. This happens when this function is called with bUpdate set to true and pszOid holds the OID of the user directory that is being updated.
- You are creating an ODBC user directory and the OCBC Query Scheme OID was not found.
Sm_PolicyApi_NotUnique. A user directory of the same name exists.
Sm_PolicyApi_MissingProperty. One of the required fields is not set.

Sm_PolicyApi_DeleteAdmin()

Deletes the administrator object identified by pszAdminOid.

Type

Administrator function, global scope.

Syntax

int SM_EXTERN Sm_PolicyApi_DeleteAdmin (
   void*          pSessionHandle,
   const char*    pszAdminOid
)

Parameter	I/O	Description
pSessionHandle	I	A pointer to an internal Policy Management API data structure. The structure holds information about the administrator session and the client session.
pszAdminOid	I	A null-terminated string containing the object identifier of an existing administrator.

Returns

Sm_PolicyApi_Success. The delete operation was successful.
Sm_PolicyApi_Failure. The delete operation was not successful.
Sm_PolicyApi_InvalidHandle. There was no valid initialization prior to this call.
Sm_PolicyApi_NoSession. There is no valid administrator session.
Sm_PolicyApi_NoPrivilege. The administrator does not have the privilege to delete an administrator object.
Sm_PolicyApi_InvalidOid. The administrator object identifier was not found.

Sm_PolicyApi_DeleteAffiliate()

Deletes an existing affiliate.

Type

Federation function

Syntax

int SM_EXTERN Sm_PolicyApi_DeleteAffiliate (
   void*          pSessionHandle,
   const char*    pszAffiliateOid
);

Parameter	I/O	Description
pSessionHandle	I	A pointer to an internal Policy Management API data structure. The structure holds information about the administrator session and the client session.
pszAffiliateOid	I	A null-terminated string containing the object identifier of an existing affiliate.

Remarks

This function deletes affiliate objects that are based on the artifact profile or the POST profile (see the Sm_PolicyApi_Affiliate_t field SAMLProfile). Deletion of an affiliate object based on the POST profile requires an API version of at least SM_POLICY_API_VERSION_6_0_2. If an earlier version is involved, and the function specifies an affiliate object based on a POST profile, the request fails.

Returns

Sm_PolicyApi_Success. The affiliate was deleted successfully.
Sm_PolicyApi_Failure. The affiliate was not deleted successfully.
Sm_PolicyApi_NoSession. There is no valid administrator session.
Sm_PolicyApi_InvalidHandle. There was no valid initialization prior to this call.
Sm_PolicyApi_NoPrivilege. The administrator does not have the privilege to delete an affiliate.
Sm_PolicyApi_InvalidOid. The affiliate OID was not found.

Sm_PolicyApi_DeleteAffiliateDomain()

Deletes an existing affiliate domain.

Type

Federation function

Syntax

int SM_EXTERN Sm_PolicyApi_DeleteAffiliateDomain (
   void*          pSessionHandle,
   const char*    pszAffiliateDomainOid
);

Parameter	I/O	Description
pSessionHandle	I	A pointer to an internal Policy Management API data structure. The structure holds information about the administrator session and the client session.
pszAffiliate DomainOid	I	A null-terminated string containing the object identifier of an existing affiliate domain.

Returns

Sm_PolicyApi_Success. The affiliate domain was deleted successfully.
Sm_PolicyApi_Failure. The affiliate domain was not deleted successfully.
Sm_PolicyApi_NoSession. There is no valid administrator session.
Sm_PolicyApi_InvalidHandle. There was no valid initialization prior to this call.
Sm_PolicyApi_NoPrivilege. The administrator does not have the privilege to delete an affiliate domain.
Sm_PolicyApi_InvalidOid. An affiliate with the specified OID was not found during an update.

Sm_PolicyApi_DeleteAgent()

Deletes the agent identified by pszAgentOid.

Type

Agent function, global scope.

Syntax

int SM_EXTERN Sm_PolicyApi_DeleteAgent (
   void*          pSessionHandle,
   const char*    pszAgentOid
);

Parameter	I/O	Description
pSessionHandle	I	A pointer to an internal Policy Management API data structure. The structure holds information about the administrator session and the client session.
pszAgentOid	I	A null-terminated string containing the object identifier of an existing agent.

Returns

Sm_PolicyApi_Success. The agent was deleted successfully.
Sm_PolicyApi_Failure. The agent was not deleted successfully.
Sm_PolicyApi_NoSession. There is no valid administrator session.
Sm_PolicyApi_InvalidHandle. There was no valid initialization prior to this call.
Sm_PolicyApi_NoPrivilege. The administrator does not have the privilege to delete an agent.
Sm_PolicyApi_InvalidOid. An agent with the specified OID was not found.

Sm_PolicyApi_DeleteAgentConfig()

Deletes an agent configuration object.

Type

Agent configuration function, global scope.

Syntax

int SM_EXTERN Sm_PolicyApi_DeleteAgentConfig (
   void*            pSessionHandle,
   const char*      pszAgentConfigOid
);

Parameter	I/O	Description
pSessionHandle	I	A pointer to an internal Policy Management API data structure. The structure holds information about the administrator session and the client session.
pszAgentConfigOid	I	Unique identifier of the agent configuration object to delete.

Returns

Sm_PolicyApi_Success. The delete operation was successful.
Sm_PolicyApi_Failure. Generalized failure.
Sm_PolicyApi_InvalidOid. The unique ID does not correspond to an agent configuration object.
Sm_PolicyApi_NoPrivilege. The caller does not have the privilege to delete an agent configuration object.
Sm_PolicyApi_InvalidHandle. The session pointer is not valid.
Sm_PolicyApi_NoSession. The API user is not properly logged in.

Sm_PolicyApi_DeleteAuthAzMap()

Deletes an authentication and authorization directory mapping object.

Type

Authentication/Authorization map function, global scope.

Syntax

int SM_EXTERN Sm_PolicyApi_DeleteAuthAzMap (
   void*          pSessionHandle,
   const char*    pszAuthAzMapOid
);

Parameter	I/O	Description
pSessionHandle	I	A pointer to an internal Policy Management API data structure. The structure holds information about the administrator session and the client session.
pszAuthAzMapOid	I	A null-terminated string containing the object identifier of the directory mapping object.

Returns

Sm_PolicyApi_Success. The delete operation was successful.
Sm_PolicyApi_Failure. The delete operation was unsuccessful.
Sm_PolicyApi_InvalidHandle. There was no valid initialization prior to this call.
Sm_PolicyApi_NoSession. There is no valid administrator session.
Sm_PolicyApi_NoPrivilege. The administrator does not have the privilege to delete a directory mapping object.
Sm_PolicyApi_InvalidOid. The directory-mapping object OID was not found.

Sm_PolicyApi_DeleteCertMap()

Deletes a certificate mapping object.

Type

Certificate map function, global scope.

Syntax

int SM_EXTERN Sm_PolicyApi_DeleteCertMap (
   void*         pSessionHandle,
   const char*   pszCertMapOid
);

Parameter	I/O	Description
pSessionHandle	I	A pointer to an internal Policy Management API data structure. The structure holds information about the administrator session and the client session.
pszCertMapOid	I	A null-terminated string containing the object identifier of the certificate mapping object.

Returns

Sm_PolicyApi_Success. The delete operation was successful.
Sm_PolicyApi_Failure. The delete operation was unsuccessful.
Sm_PolicyApi_InvalidHandle. There was no valid initialization prior to this call.
Sm_PolicyApi_NoSession. There is no valid administrator session.
Sm_PolicyApi_NoPrivilege. The administrator does not have the privilege to delete a certificate mapping object.
Sm_PolicyApi_InvalidOid. A certificate mapping object with the specified OID was not found.

Sm_PolicyApi_DeleteDomain()

Deletes the domain identified by pszDomainOid as well as the domain's children (rules, responses, realms, and policies).

Type

Domain function, global scope.

Syntax

int SM_EXTERN Sm_PolicyApi_DeleteDomain (
   void*          pSessionHandle,
   const char*    pszDomainOid
);

Parameter	I/O	Description
pSessionHandle	I	A pointer to an internal Policy Management API data structure. The structure holds information about the administrator session and the client session.
pszDomainOid	I	A null-terminated string containing the object identifier of an existing domain.

Returns

Sm_PolicyApi_Success. The domain was deleted successfully.
Sm_PolicyApi_Failure. The domain was not deleted successfully.
Sm_PolicyApi_InvalidHandle. There was no valid initialization prior to this call.
Sm_PolicyApi_NoSession. There is no valid administrator session.
Sm_PolicyApi_NoPrivilege. The administrator does not have the privilege to delete a domain.
Sm_PolicyApi_InvalidOid. The domain OID was not found.

Sm_PolicyApi_DeleteHostConfig()

Deletes a host configuration object from the policy store.

Type

Agent configuration function, global scope.

Syntax

int SM_EXTERN Sm_PolicyApi_DeleteHostConfig (
   void*                  pSessionHandle,
   const char*            pszHostConfigOid
);

Parameter	I/O	Description
pSessionHandle	I	A pointer to an internal Policy Management API data structure. The structure holds information about the administrator session and the client session.
pszHostConfigOid	I	Unique identifier of the host configuration object to delete.

Returns

Sm_PolicyApi_Success. The delete operation was successful.
Sm_PolicyApi_Failure. Generalized failure.
Sm_PolicyApi_InvalidOid. The unique ID does not correspond to a host configuration object.
Sm_PolicyApi_NoPrivilege. The caller does not have the privilege to delete a host configuration object.
Sm_PolicyApi_InvalidHandle. The session pointer is not valid.
Sm_PolicyApi_NoSession. The API user is not properly logged in.

Sm_PolicyApi_DeleteGroup()

Deletes the group object identified by pszGroupOid.

The pszDomainOid parameter is required by a rule group or response group. An agent group does not require a domain OID because it is not a domain-based object.

Type

Group function, global scope (agents) or domain scope (responses, rules).

Syntax

int SM_EXTERN Sm_PolicyApi_DeleteGroup (
   void*                  pSessionHandle,
   Sm_PolicyApi_Groups_t  dwGroup,
   const char*            pszGroupOid,
   const char*            pszDomainOid
);

Parameter	I/O	Description
pSessionHandle	I	A pointer to an internal Policy Management API data structure. The structure holds information about the administrator session and the client session.
dwGroup	I	Indicates the type of the group to be deleted.
pszGroupOid	I	A null-terminated string containing the object identifier of the group and the type indicated by dwGroup.
pszDomainOid	I	A null-terminated string containing the object identifier of an existing domain. Required parameter for rule or response group.

Returns

Sm_PolicyApi_Success. The delete was successful.
Sm_PolicyApi_Failure. The delete was not successful.
Sm_PolicyApi_InvalidHandle. There was no valid initialization prior to this call.
Sm_PolicyApi_NoSession. There is no valid administrator session.
Sm_PolicyApi_NoPrivilege. The administrator does not have the privilege to delete a rule group, response group, or agent group.
Sm_PolicyApi_InvalidOid:
- The group OID was not found.
- The domain OID was not found (for a domain-based group).
Sm_PolicyApi_BadGroup. The dwGroup parameter is not the rule, response, or agent type.

Sm_PolicyApi_DeleteODBCQueryScheme()

Deletes the ODBC query scheme identified by pszODBCQuerySchemeOid.

Type

ODBC query scheme function, global scope.

Syntax

int SM_EXTERN Sm_PolicyApi_DeleteODBCQueryScheme (
   void*          pSessionHandle,
   const char*    pszODBCQuerySchemeOid
);

Parameter	I/O	Description
pSessionHandle	I	A pointer to an internal Policy Management API data structure. The structure holds information about the administrator session and the client session.
pszODBCQuerySchemeOid	I	A null-terminated string containing the object identifier of an existing ODBC Query Scheme.

Returns

Sm_PolicyApi_Success. The delete operation was successful.
Sm_PolicyApi_Failure. The delete operation was not successful.
Sm_PolicyApi_InvalidHandle. There was no valid initialization prior to this call.
Sm_PolicyApi_NoSession. There is no valid administrator session.
Sm_PolicyApi_NoPrivilege. The administrator does not have the privilege to delete an ODBC Query Scheme.
Sm_PolicyApi_InvalidOid. The ODBC Query Scheme OID was not found.

Sm_PolicyApi_DeletePasswordPolicy()

Deletes a password policy.

Type

Password policy function, global scope.

Syntax

int SM_EXTERN Sm_PolicyApi_DeletePasswordPolicy (
   void*         pSessionHandle,
   const char*   pszPasswordPolicyOid
);

Parameter	I/O	Description
pSessionHandle	I	A pointer to an internal Policy Management API data structure. The structure holds information about the administrator session and the client session.
pszPasswordPolicyOid	I	A null-terminated string containing the object identifier of a password policy.

Returns

Sm_PolicyApi_Success. The delete operation was successful.
Sm_PolicyApi_Failure. The delete operation was not successful.
Sm_PolicyApi_InvalidHandle. There was no valid initialization prior to this call.
Sm_PolicyApi_NoSession. There is no valid administrator session.
Sm_PolicyApi_NoPrivilege. The administrator does not have the privilege to delete a password policy.
Sm_PolicyApi_InvalidOid. The password policy OID was not found.

Sm_PolicyApi_DeletePolicy()

Deletes the policy identified by pszPolicyOid.

Type

Policy function, domain scope.

Syntax

int SM_EXTERN Sm_PolicyApi_DeletePolicy (
   void*         pSessionHandle, 
   const char*   pszPolicyOid
);

Parameter	I/O	Description
pSessionHandle	I	A pointer to an internal Policy Management API data structure. The structure holds information about the administrator session and the client session.
pszPolicyOid	I	A null-terminated string containing the object identifier of an existing policy.

Returns

Sm_PolicyApi_Success. The policy was deleted successfully.
Sm_PolicyApi_Failure. The policy was not deleted successfully.
Sm_PolicyApi_InvalidHandle. There was no valid initialization prior to this call.
Sm_PolicyApi_NoSession.l There is no valid administrator session.
Sm_PolicyApi_NoPrivilege. The administrator does not have the privilege to delete a policy.
Sm_PolicyApi_InvalidOid. The policy OID was not found.

Sm_PolicyApi_DeleteRealm()

Deletes the realm identified by pszRealOid.

Note: You cannot delete a realm while it is inked to rules.

Type

Realm function, domain scope.

Syntax

int SM_EXTERN Sm_PolicyApi_DeleteRealm (
   void*          pSessionHandle,
   const char*    pszRealmOid
);

Parameter	I/O	Description
pSessionHandle	I	A pointer to an internal Policy Management API data structure. The structure holds information about the administrator session and the client session.
pszRealmOid	I	A null-terminated string containing the object identifier of an existing realm.

Returns

Sm_PolicyApi_Success. The realm was deleted successfully.
Sm_PolicyApi_Failure. The realm was not deleted successfully.
Sm_PolicyApi_NoSession. There is no valid administrator session.
Sm_PolicyApi_InvalidHandle. There was no valid initialization prior to this call.
Sm_PolicyApi_NoPrivilege. The administrator does not have the privilege to delete a realm.
Sm_PolicyApi_InvalidOid. The realm OID was not found.

Sm_PolicyApi_DeleteRegistrationScheme()

Deletes a registration scheme.

Type

Registration scheme function, global scope.

Syntax

int SM_EXTERN Sm_PolicyApi_DeleteRegistrationScheme (
   void*         pSessionHandle,
   const char*   pszRegistrationSchemeOid
);

Parameter	I/O	Description
pSessionHandle	I	A pointer to an internal Policy Management API data structure. The structure holds information about the administrator session and the client session.
pszRegistrationOid	I	A null-terminated string containing the object identifier of the registration scheme.

Returns

Sm_PolicyApi_Success. The registration scheme was deleted successfully.
Sm_PolicyApi_Failure. The registration scheme was not deleted successfully.
Sm_PolicyApi_InvalidHandle. There was no valid initialization prior to this call.
Sm_PolicyApi_NoSession. There is no valid administrator session.
Sm_PolicyApi_NoPrivilege. The administrator does not have the privilege to delete a registration scheme.
Sm_PolicyApi_InvalidOid. The registration scheme OID was not found.

Sm_PolicyApi_DeleteResponse()

Deletes the response identified by pszResponseOid and any related response attributes.

Type

Response function, domain scope.

Syntax

int SM_EXTERN Sm_PolicyApi_DeleteResponse (
   void*          pSessionHandle,
   const char*    pszResponseOid
);

Parameter	I/O	Description
pSessionHandle	I	A pointer to an internal Policy Management API data structure. The structure holds information about the administrator session and the client session.
pszResponseOid	I	A null-terminated string containing the object identifier of an existing response.

Returns

Sm_PolicyApi_Success. The response was deleted successfully.
Sm_PolicyApi_Failure. The response was not deleted successfully.
Sm_PolicyApi_NoSession. There is no valid administrator session.
Sm_PolicyApi_InvalidHandle. There was no valid initialization prior to this call.
Sm_PolicyApi_NoPrivilege. The administrator does not have the privilege to delete a response.
Sm_PolicyApi_InvalidOid. The response OID was not found.

Sm_PolicyApi_DeleteRule()

Deletes the rule identified by pszRuleOid.

Type

Rule function, domain scope.

Syntax

int SM_EXTERN Sm_PolicyApi_DeleteRule (
   void*          pSessionHandle,
   const char*    pszRuleOid
);

Parameter	I/O	Description
pSessionHandle	I	A pointer to an internal Policy Management API data structure. The structure holds information about the administrator session and the client session.
pszRuleOid	I	A null-terminated string containing the object identifier of an existing rule.

Returns

Sm_PolicyApi_Success. The rule was deleted successfully.
Sm_PolicyApi_Failure. The rule was not deleted successfully.
Sm_PolicyApi_InvalidHandle. There was no valid initialization prior to this call.
Sm_PolicyApi_NoSession. There is no valid administrator session.
Sm_PolicyApi_NoPrivilege. The administrator does not have the privilege to delete a rule.
Sm_PolicyApi_InvalidOid. The rule OID was not found.

Sm_PolicyApi_DeleteSAMLAffiliation()

Deletes the SAML affiliation identified by pszAffiliationOid.

Type

SAML 2.0 Configuration function, global scope.

Syntax

int SM_EXTERN Sm_PolicyApi_DeleteSAMLAffiliation
(
   void*            pSessionHandle,
   const char*      pszAffiliationOid
);

Parameter	I/O	Description
pSessionHandle	I	A pointer to an internal Policy Management API data structure. The structure holds information about the administrator session and the client session.
pszAffiliationOid	I	A null-terminated string containing the object identifier of an existing SAML affiliation.

Returns

Sm_PolicyApi_Success. The SAML affiliation was deleted successfully.
Sm_PolicyApi_Failure. The SAML affiliation was not deleted successfully.
Sm_PolicyApi_InvalidHandle. There was no valid initialization prior to this call.
Sm_PolicyApi_NoSession. There is no valid administrator session.
Sm_PolicyApi_NoPrivilege. The administrator does not have the privilege to delete a SAML affiliation.
Sm_PolicyApi_InvalidOID. The SAML affiliation's object identifier was not found.

Sm_PolicyApi_DeleteSAMLServiceProvider()

Deletes the Service Provider identified by pszProviderOid.

Type

SAML 2.0 Configuration function, domain scope.

Syntax

int SM_EXTERN Sm_PolicyApi_DeleteSAMLServiceProvider(
void*            pSessionHandle,
const char*      pszProviderOid
);

Parameter	I/O	Description
pSessionHandle	I	A pointer to an internal Policy Management API data structure. The structure holds information about the administrator session and the client session.
pszProviderOid	I	A null-terminated string containing the object identifier of an existing Service Provider.

Returns

Sm_PolicyApi_Success. The Service Provider was deleted successfully.
Sm_PolicyApi_Failure. The Service Provider was not deleted successfully.
Sm_PolicyApi_InvalidHandle. There was no valid initialization prior to this call.
Sm_PolicyApi_NoSession. There is no valid administrator session.
Sm_PolicyApi_NoPrivilege. The administrator does not have the privilege to delete a Service Provider.
Sm_PolicyApi_InvalidOID. The Service Provider's object identifier was not found.

Sm_PolicyApi_DeleteScheme()

Deletes the authentication scheme identified by pszSchemeOid.

Type

Authentication scheme function, global scope.

Syntax

int SM_EXTERN Sm_PolicyApi_DeleteScheme (
   void*         pSessionHandle,
   const char*   pszSchemeOid
);

Parameter	I/O	Description
pSessionHandle	I	A pointer to an internal Policy Management API data structure. The structure holds information about the administrator session and the client session.
pszSchemeOid	I	A null-terminated string containing the object identifier of an existing authentication scheme.

Returns

Sm_PolicyApi_Success. The scheme was deleted successfully.
Sm_PolicyApi_Failure. The scheme was not deleted successfully.
Sm_PolicyApi_InvalidHandle. There was no valid initialization prior to this call.
Sm_PolicyApi_NoSession. There is no valid administrator session.
Sm_PolicyApi_NoPrivilege. The administrator does not have the privilege to delete a scheme.
Sm_PolicyApi_InvalidOid. The scheme object identifier was not found.

Sm_PolicyApi_DeleteTrustedHost()

Deletes an existing trusted host object from the policy store.

Type

Agent configuration function, global scope.

Syntax

int SM_EXTERN Sm_PolicyApi_DeleteTrustedHost (
   void*            pSessionHandle,
   const char*      pszTrustedHostOid
);

Parameter	I/O	Description
pSessionHandle	I	A pointer to an internal Policy Management API data structure. The structure holds information about the administrator session and the client session.
pszTrustedHostOid	I	Unique identifier of the trusted host object to delete.

Returns

Sm_PolicyApi_Success. The delete operation was successful.
Sm_PolicyApi_Failure. Generalized failure.
Sm_PolicyApi_InvalidOid. The unique ID does not correspond to a trusted host object.
Sm_PolicyApi_NoPrivilege. The caller does not have the privilege to delete a trusted host object.
Sm_PolicyApi_InvalidHandle. The session pointer is not valid.
Sm_PolicyApi_NoSession. The API user is not properly logged in.

Sm_PolicyApi_DeleteUserDir()

Deletes the user directory identified by pszUserDirOid.

Type

User directory function, global scope.

Syntax

int SM_EXTERN Sm_PolicyApi_DeleteUserDir (
   void*          pSessionHandle,
   const char*    pszUserDirOid
);

Parameter	I/O	Description
pSessionHandle	I	A pointer to an internal Policy Management API data structure. The structure holds information about the administrator session and the client session.
pszUserDirOid	I	A null-terminated string containing the object identifier of an existing user directory.

Returns

Sm_PolicyApi_Success. The user directory was deleted successfully.
Sm_PolicyApi_Failure. The user directory was not deleted successfully.
Sm_PolicyApi_NoSession. There is no valid administrator session.
Sm_PolicyApi_InvalidHandle. There was no valid initialization prior to this call.
Sm_PolicyApi_NoPrivilege. The administrator does not have the privilege to delete a user directory.
Sm_PolicyApi_InvalidOid. The user directory OID was not found.

Sm_PolicyApi_DeleteVariable()

Deletes a variable object.

Type

Variable function.

Syntax

int SM_EXTERN Sm_PolicyApi_DeleteVariable (
   void*         pSessionHandle,
   const char*   pszVariableOid
);

Parameter	I/O	Description
pSessionHandle	I	A pointer to an internal Policy Management API data structure. The structure holds information about the administrator session and the client session.
pszVariableOid	I	A null-terminated string containing the object identifier of an existing variable.

Returns

Sm_PolicyApi_Success. The delete operation was successful.
Sm_PolicyApi_Failure. The delete operation was not successful.
Sm_PolicyApi_InvalidHandle. There was no valid initialization prior to this call.
Sm_PolicyApi_NoSession. There is no valid administrator session.
Sm_PolicyApi_NoPrivilege. The administrator does not have the privilege to delete a variable.
Sm_PolicyApi_InvalidOid. The variable object identifier was not found.
Sm_PolicyApi_FeatureNotSupported. The client who called this function initialized the API with a version less than SM_POLICY_API_VERSION_6_0.

Sm_PolicyApi_DeleteWSFEDResourcePartner()

Deletes an existing WS-Federation Resource Partner object.

Syntax

int SM_EXTERN Sm_PolicyApi_DeleteWSFEDResourcePartner (
        void* pSessionHandle,
        const char * pszProviderOid,
);

Parameters

pSessionHandle: [in] A pointer to an internal Policy Management API data structure. The structure holds information about the administrator session and the client session.
pszProviderOid: [in] A null-terminated string containing the object identifier of an existing WS-Federation Resource Partner.

Return Values

Sm_PolicyApi_Success. The Resource Partner was retrieved successfully.
Sm_PolicyApi_Failure. The Resource Partner was not retrieved successfully.
Sm_PolicyApi_InvalidHandle. There was no valid initialization prior to this call.
Sm_PolicyApi_NoSession. There is no valid administrator session.
Sm_PolicyApi_NoPrivilege. The administrator does not have the privilege to retrieve an affiliate.
Sm_PolicyApi_InvalidOID. The Resource Partner OID was not found.

Sm_PolicyApi_DisableUser()

Disables a user for the reason Sm_Api_Disabled_AdminDisabled. It does not change other concurrent disabling reasons.

To make this function work, the attribute for tracking disabled users must be set in the user directory (the pszDisabledAttr field of Sm_PolicyApi_UserDir_t). You can also set the attribute using the Policy Server UI.

Type

User and user state function.

Syntax

int SM_EXTERN Sm_PolicyApi_DisableUser (
   void*        pSessionHandle,
   const char*  pszUserDirOid,
   const char*  pszUserDN,
   char**       pszErrMsg
);

Parameter	I/O	Description
pSessionHandle	I	A pointer to an internal Policy Management API data structure. The structure holds information about the administrator session and the client session.
pszUserDirOid	I	A null-terminated string containing the object identifier of the user directory where the user may be found.
pszUserDN	I	The distinguished name of the user to be disabled.
pszErrMsg	O	String containing an error message if the user is not disabled successfully. You release the memory allocated for this variable by calling Sm_PolicyApi_FreeString().

Returns

Sm_PolicyApi_Success. The user was disabled successfully.
Sm_PolicyApi_Failure. The user was not disabled successfully or memory could not be allocated to the error message string.
Sm_PolicyApi_InvalidHandle. There was no valid initialization prior to this call.
Sm_PolicyApi_NoSession. There is no valid administrator session.
Sm_PolicyApi_NoPrivilege. The administrator does not have the privilege to disable a user.
Sm_PolicyApi_InvalidOid. The user directory OID was not found.

Sm_PolicyApi_EnableUser()

Enables a user by clearing all the disabled bits. It does not clear the qualifier bit Sm_Api_Disabled_PWMustChange.

Type

User and user state function.

Syntax

int SM_EXTERN Sm_PolicyApi_EnableUser (
   void*           pSessionHandle,
   const char*     pszUserDirOid,
   const char*     pszUserDN,
   char**          pszErrMsg
);

Parameter	I/O	Description
pSessionHandle	I	A pointer to an internal Policy Management API data structure. The structure holds information about the administrator session and the client session.
pszUserDirOid	I	A null-terminated string containing the object identifier of the user directory where the user may be found.
pszUserDN	I	The distinguished name of the user to be enabled.
pszErrMsg	O	String containing an error message if the user is not enabled successfully. You release the memory allocated for this variable by calling Sm_PolicyApi_FreeString().

Returns

Sm_PolicyApi_Success. The user was enabled successfully.
Sm_PolicyApi_Failure. The user was not enabled successfully or memory could not be allocated to the error message string.
Sm_PolicyApi_InvalidHandle. There was no valid initialization prior to this call.
Sm_PolicyApi_NoSession. There is no valid administrator session.
Sm_PolicyApi_NoPrivilege. The administrator does not have the privilege to enable a user.
Sm_PolicyApi_InvalidOid. The user directory OID was not found.

Sm_PolicyApi_FlushRealm()

Flushes the specified realm identified by pszRealmOid from a resource cache.

Type

Utility function.

Syntax

int SM_EXTERN Sm_PolicyApi_FlushRealm (
   void*         pSessionHandle,
   const char*   pszRealmOid
);

Parameter	I/O	Description
pSessionHandle	I	A pointer to an internal Policy Management API data structure. The structure holds information about the administrator session and the client session.
pszRealmOid	I	A null-terminated string containing the object identifier of a realm.

Returns

Sm_PolicyApi_Success. The flush operation was successful.
Sm_PolicyApi_Failure. The flush operation was not successful.
Sm_PolicyApi_NoSession. There is no valid administrator session.
Sm_PolicyApi_InvalidHandle. There was no valid initialization prior to this call.
Sm_PolicyApi_NoPrivilege. The administrator does not have the privilege to flush a realm.
Sm_PolicyApi_InvalidOid. The realm OID was not found.

Sm_PolicyApi_FlushUser()

Flushes a user from a User Cache.

Type

Utility function.

Syntax

int SM_EXTERN Sm_PolicyApi_FlushUser (
   void*         pSessionHandle,
   const char*   pszUserDirOid,
   const char*   pszUserDN,
   char**        pszErrMsg
);

Parameter	I/O	Description
pSessionHandle	I	A pointer to an internal Policy Management API data structure. The structure holds information about the administrator session and the client session.
pszUserDirOid	I	A null-terminated string containing the object identifier of an existing user directory.
pszUserDN	I	A null-terminated string containing the name of a user in an existing user directory who is to be flushed from the user cache.
pszErrMsg	O	Error message returned by the Policy Management API. You release the memory allocated for this variable by using a call to Sm_PolicyApi_FreeString().

Returns

Sm_PolicyApi_Success. The flush operation was successful.
Sm_PolicyApi_Failure. The flush operation was not successful or memory could not be allocated to the error message string.
Sm_PolicyApi_InvalidHandle. There was no valid initialization prior to this call.
Sm_PolicyApi_NoSession. There is no valid administrator session. There is no valid administrator session.
Sm_PolicyApi_NoPrivilege. The administrator does not have the privilege to flush a user.
Sm_PolicyApi_InvalidOid. The user directory OID was not found.

Sm_PolicyApi_FreeMemory()

Note: This function is deprecated for clients starting at SM_POLICY_API_VERSION_6_0. Instead, use Sm_PolicyApi_FreeMemoryEx().

Call Sm_PolicyApi_FreeMemory() to free memory that was allocated by the Policy Management API. This includes the Sm_PolicyApi_Server_t structures allocated as part of the Sm_PolicyApi_HostConfig_t structure.

Type

Utility function.

Syntax

int SM_EXTERN Sm_PolicyApi_FreeMemory (void* pMem);

Parameter	I/O	description
pMem	I	A void pointer to memory that was allocated by the Policy Management API.

Returns

Sm_PolicyApi_Success or Sm_PolicyApi_Failure.

Sm_PolicyApi_FreeMemoryEx()

Call Sm_PolicyApi_FreeMemoryEx() to free memory that was allocated by the Policy Management API. This includes the Sm_PolicyApi_Server_t structures allocated as part of the Sm_PolicyApi_HostConfig_t structure.

Note: Clients starting at version SM_POLICY_API_VERSION_6_0 must use this function instead of Sm_PolicyApi_FreeMemory().

Type

Utility function.

Syntax

int SM_EXTERN Sm_PolicyApi_FreeMemoryEx (
   void* pInitHandle
   void* pMem
);

Parameter	I/O	description
pInitHandle	I	A void pointer that points to memory that was allocated by the Policy Management API.
pMem	I	A void pointer that points to memory that was allocated by the Policy Management API.

Returns

Sm_PolicyApi_Success. The operation was successful.
Sm_PolicyApi_Failure. The operation failed.
Sm_PolicyApi_InvalidHandle. There was no valid initialization prior to this call.

Sm_PolicyApi_FreeStringArray()

Frees string arrays that were allocated by the Policy Management API.

Type

Utility function.

Syntax

int SM_EXTERN Sm_PolicyApi_FreeStringArray (
   char* pszStringArray[]
);

Parameter	I/O	Description
pszStringArray	I	A pointer to an array of pointers that point to null-terminated strings.

Returns

This function always returns Sm_PolicyApi_Success.

Sm_PolicyApi_GetAdmin()

Gets the contents of the administrator object identified by szAdminOid.

The results of this function are returned in a structure referenced by ppstructAdmin. Free the memory allocated for this structure by calling Sm_PolicyApi_FreeMemoryEx().

Type

Administrator function, global scope.

Syntax

int SM_EXTERN Sm_PolicyApi_GetAdmin (
   void*                    pSessionHandle,
   const char*              pszAdminOid,
   Sm_PolicyApi_Admin_t**   ppstructAdmin
);

Parameter	I/O	Description
pSessionHandle	I	A pointer to an internal Policy Management API data structure. The structure holds information about the administrator session and the client session.
pszAdminOid	I	A null-terminated string containing the object identifier of an existing administrator.
ppstructAdmin	O	The address of a pointer to an administrator structure.

Returns

Sm_PolicyApi_Success. The get operation was successful.
Sm_PolicyApi_Failure. Memory could not be allocated for Sm_PolicyApi_Admin_t.
Sm_PolicyApi_InvalidHandle. There was no valid initialization prior to this call.
Sm_PolicyApi_NoSession. There is no valid administrator session.
Sm_PolicyApi_NoPrivilege. The administrator does not have the privilege to get an administrator object.
Sm_PolicyApi_InvalidOid. The administrator object ID was not found.

Sm_PolicyApi_GetAdminByName()

Gets the contents of the administrator object identified by szAdminName.

The results of this function are returned in a structure referenced by ppstructAdmin. Free the memory allocated for this structure by calling Sm_PolicyApi_FreeMemoryEx().

Type

Administrator function, global scope.

Syntax

int SM_EXTERN Sm_PolicyApi_GetAdminByName (
   void*                    pSessionHandle,
   const char*              pszAdminName,
   Sm_PolicyApi_Admin_t**   ppstructAdmin
);

Parameter	I/O	Description
pSessionHandle	I	A pointer to an internal Policy Management API data structure. The structure holds information about the administrator session and the client session.
pszAdminName	I	A null-terminated string containing the name of an existing administrator.
ppstructAdmin	O	The address of a pointer to an administrator structure.

Returns

Sm_PolicyApi_Success. The get operation was successful.
Sm_PolicyApi_Failure. Memory could not be allocated for Sm_PolicyApi_Admin_t.
Sm_PolicyApi_InvalidHandle. There was no valid initialization prior to this call.
Sm_PolicyApi_NoSession. There is no valid administrator session.
Sm_PolicyApi_NoPrivilege. The administrator does not have the privilege to get an administrator object.
Sm_PolicyApi_NotFound. The administrator name was not found.

Sm_PolicyApi_GetAffiliate()

Gets an affiliate.

Type

Federation function

Syntax

int SM_EXTERN Sm_PolicyApi_GetAffiliate (
   void*                       pSessionHandle,
   const char*                 pszAffiliateOid,
   Sm_PolicyApi_Affiliate_t**  ppstructAffiliate
);

Parameter	I/O	Description
pSessionHandle	I	A pointer to an internal Policy Management API data structure. The structure holds information about the administrator session and the client session.
pszAffiliateOid	I	A null-terminated string containing the object identifier of an existing affiliate.
ppstruct Affiliate	O	The address of a pointer to an affiliate structure.

Remarks

This function retrieves affiliate objects that are based on the artifact profile or the POST profile (see the Sm_PolicyApi_Affiliate_t field SAMLProfile). Retrieval of an affiliate object based on the POST profile requires an API version of at least SM_POLICY_API_VERSION_6_0_2. If an earlier version is involved, and the function specifies an affiliate object based on a POST profile, the request fails.

Returns

Sm_PolicyApi_Success. The affiliate was retrieved successfully.
Sm_PolicyApi_Failure. The affiliate was not retrieved successfully.
Sm_PolicyApi_InvalidHandle. There was no valid initialization prior to this call.
Sm_PolicyApi_NoSession. There is no valid administrator session.
Sm_PolicyApi_NoPrivilege. The administrator does not have the privilege to retrieve an affiliate.
Sm_PolicyApi_InvalidOID. The affiliate OID was not found.

Sm_PolicyApi_GetAffiliateByName()

Gets an affiliate.

Type

Federation function

Syntax

int SM_EXTERN Sm_PolicyApi_GetAffiliateByName (
   void*                       pSessionHandle,
   const char*                 pszAffiliateOid,
   const char*                 pszAffiliateName,
   Sm_PolicyApi_Affiliate_t**  ppstructAffiliate
);

Parameter	I/O	Description
pSessionHandle	I	A pointer to an internal Policy Management API data structure. The structure holds information about the administrator session and the client session.
pszAffiliateOid	I	A null-terminated string containing the object identifier of an existing affiliate.
pszAffiliateName	I	A null-terminated string containing the name of an existing affiliate.
ppstruct Affiliate	O	The address of a pointer to an affiliate structure.

Remarks

Returns

Sm_PolicyApi_Success. The affiliate was retrieved successfully.
Sm_PolicyApi_Failure. The affiliate was not retrieved successfully.
Sm_PolicyApi_InvalidHandle. There was no valid initialization prior to this call.
Sm_PolicyApi_NoSession. There is no valid administrator session.
Sm_PolicyApi_NoPrivilege. The administrator does not have the privilege to retrieve an affiliate.
Sm_PolicyApi_InvalidOID. The affiliate OID was not found.
Sm_PolicyApi_NotFound. The affiliate name was not found.

Sm_PolicyApi_GetAffiliateDomain()

Gets an affiliate domain.

Type

Federation function

Syntax

int SM_EXTERN Sm_PolicyApi_GetAffiliateDomain (
   void*                            pSessionHandle,
   const char*                      pszAffiliateDomainOid,
   Sm_PolicyApi_AffiliateDomain_t** ppstructAffiliateDomain
);

Parameter	I/O	Description
pSessionHandle	I	A pointer to an internal Policy Management API data structure. The structure holds information about the administrator session and the client session.
pszAffiliate DomainOid	I	A null-terminated string containing the object identifier of an existing affiliate domain.
ppstruct AffiliateDomain	O	The address of a pointer to an affiliate domain structure.

Returns

Sm_PolicyApi_Success. The affiliate domain was retrieved successfully.
Sm_PolicyApi_Failure. The affiliate domain was not retrieved successfully.
Sm_PolicyApi_InvalidHandle. There was no valid initialization prior to this call.
Sm_PolicyApi_NoSession. There is no valid administrator session.
Sm_PolicyApi_NoPrivilege. The administrator does not have the privilege to get an affiliate domain.
Sm_PolicyApi_DomainNotFound. The affiliate domain OID was not found.
Sm_PolicyApi_DomainNotAffiliate. The domain is not an affiliate domain.

Sm_PolicyApi_GetAffiliateDomainByName()

Gets an affiliate domain.

Type

Federation function

Syntax

int SM_EXTERN Sm_PolicyApi_GetAffiliateDomainByName (
   void*                            pSessionHandle,
   const char*                      pszAffiliateDomainName,
   Sm_PolicyApi_AffiliateDomain_t** ppstructAffiliateDomain
);

Parameter	I/O	Description
pSessionHandle	I	A pointer to an internal Policy Management API data structure. The structure holds information about the administrator session and the client session.
pszAffiliate DomainName	I	A null-terminated string containing the name of an existing affiliate domain.
ppstruct AffiliateDomain	O	The address of a pointer to an affiliate domain structure.

Returns

Sm_PolicyApi_Success. The affiliate domain was retrieved successfully.
Sm_PolicyApi_Failure. The affiliate domain was not retrieved successfully.
Sm_PolicyApi_InvalidHandle. There was no valid initialization prior to this call.
Sm_PolicyApi_NoSession. There is no valid administrator session.
Sm_PolicyApi_NoPrivilege. The administrator does not have the privilege to get an affiliate domain.
Sm_PolicyApi_NotFound. The affiliate domain name was not found.
Sm_PolicyApi_DomainNotAffiliate. The domain is not an affiliate domain.

Sm_PolicyApi_GetAffiliateDomainObjects()

Gets affiliate domain objects.

Type

Federation function

Syntax

int SM_EXTERN Sm_PolicyApi_GetAffiliateDomainObjects (
   void*                         pSessionHandle,
   const char*                   pszAffiliateDomainOid,
   const Sm_PolicyApi_Objects_t  nObjectId,
   Sm_PolicyApi_Oid_t**          ppstructObject
);

Parameter	I/O	Description
pSessionHandle	I	A pointer to an internal Policy Management API data structure. The structure holds information about the administrator session and the client session.
pszAffiliate DomainOid	I	A null-terminated string containing the object identifier of an existing affiliate domain.
nObjectId	I	The type of domain object to retrieve. Valid types are for affiliate, admin, and user directory objects only.
ppstructObject	O	The address of a pointer to a Sm_PolicyApi_Oid_t structure

Returns

Sm_PolicyApi_Success. The get operation was successful.
Sm_PolicyApi_Failure. The get operation was not successful.
Sm_PolicyApi_InvalidHandle. There was no valid initialization prior to this call.
Sm_PolicyApi_NoSession. There is no valid administrator session.
Sm_PolicyApi_NoPrivilege. The administrator does not have the privilege to get affiliate domain objects.
Sm_PolicyApi_InvalidOID. The affiliate domain OID was not found.

Sm_PolicyApi_GetAffiliateDomainUserDirSearchOrder()

Gets the user directory search order for an affiliate domain.

Type

Federation function

Syntax

int SM_EXTERN Sm_PolicyApi_GetAffiliateDomainUserDirSearchOrder (
   void*        pSessionHandle,
   const char*  pszAffiliateDomainOid,
   char**       pszArray[]
);

Parameter	I/O	Description
pSessionHandle	I	A pointer to an internal Policy Management API data structure. The structure holds information about the administrator session and the client session.
pszAffiliate DomainOid	I	A null-terminated string containing the object identifier of an existing affiliate domain.
pszArray	O	The returned array of user directory OIDs of the requested objects.

Returns

Sm_PolicyApi_Success. The function successfully returned the user directory search order.
Sm_PolicyApi_Failure. The function did not successfully return the user directory search order.
Sm_PolicyApi_InvalidHandle. There was no valid initialization prior to this call.
Sm_PolicyApi_NoSession. There is no valid administrator session.
Sm_PolicyApi_NoPrivilege. The administrator does not have the privilege to get user directory search order in an affiliate domain.
Sm_PolicyApi_InvalidOID. The affiliate domain OID was not found.

Sm_PolicyApi_GetAffiliatedSAMLAuthSchemes()

Retrieves all the SAML authentication schemes associated with the specified SAML affiliation.

Type

SAML 2.0 Configuration function, global scope.

Syntax

int SM_EXTERN Sm_PolicyApi_GetAffiliatedSAMLAuthSchemes
(
   void*                         pSessionHandle,
   const char*                   pszAffiliationOid,
   Sm_PolicyApi_Scheme_t**       ppstructSchemes
);

Parameter	I/O	Description
pSessionHandle	I	A pointer to an internal Policy Management API data structure. The structure holds information about the administrator session and the client session.
pszAffiliationOid	I	A null-terminated string containing the object identifier of an existing SAML affiliation.
ppstructSchemes	O	The address of a pointer to SAML authentication scheme structures.

Returns

Sm_PolicyApi_Success. The SAML authentication schemes were retrieved successfully.
Sm_PolicyApi_Failure. The SAML authentication schemes were not retrieved successfully.
Sm_PolicyApi_InvalidHandle. There was no valid initialization prior to this call.
Sm_PolicyApi_NoSession. There is no valid administrator session.
Sm_PolicyApi_NoPrivilege. The administrator does not have the privilege to retrieve SAML authentication schemes.
Sm_PolicyApi_InvalidOID. The SAML affiliation object identifier was not found.

Sm_PolicyApi_GetAffiliatedSAMLServiceProviders()

Retrieves all the Service Providers associated with the specified SAML affiliation.

Type

SAML 2.0 Configuration function, global scope.

Syntax

int SM_EXTERN Sm_PolicyApi_GetAffiliatedSAMLServiceProviders
(
   void*                        pSessionHandle,
   const char*                  pszAffiliationOid,
   Sm_PolicyApi_SAMLSP_t**      ppstructSAMLSPs
);

Parameter	I/O	Description
pSessionHandle	I	A pointer to an internal Policy Management API data structure. The structure holds information about the administrator session and the client session.
pszAffiliationOid	I	A null-terminated string containing the object identifier of an existing SAML affiliation.
ppstructSAMLSPs	O	The address of a pointer to Service Provider structures.

Returns

Sm_PolicyApi_Success. Service Providers were retrieved successfully.
Sm_PolicyApi_Failure. Service Providers were not retrieved successfully.
Sm_PolicyApi_InvalidHandle. There was no valid initialization prior to this call.
Sm_PolicyApi_NoSession. There is no valid administrator session.
Sm_PolicyApi_NoPrivilege. The administrator does not have the privilege to retrieve Service Providers.
Sm_PolicyApi_InvalidOID. The SAML affiliation object identifier was not found.

Sm_PolicyApi_GetAffiliateUsers()

Gets the user directory entries for an affiliate.

Type

Federation function

Syntax

int SM_EXTERN Sm_PolicyApi_GetAffiliateUsers (
   void*               pSessionHandle,
   const char*         pszAffiliateOid,
   const char*         pszUserDirOid,
   Sm_PolicyApi_User_t **ppStructUsers
);

Parameter	I/O	Description
pSessionHandle	I	A pointer to an internal Policy Management API data structure. The structure holds information about the administrator session and the client session.
pszAffiliateOid	I	A null-terminated string containing the object identifier of an existing affiliate.
pszUserDirOid	I	A null-terminated string containing the object identifier of an existing user directory.
ppStructUsers	O	The address of a pointer to a linked list of user structures.

Returns

Sm_PolicyApi_Success. The user was retrieved successfully.
Sm_PolicyApi_Failure. The user was not retrieved successfully.
Sm_PolicyApi_InvalidHandle. There was no valid initialization prior to this call.
Sm_PolicyApi_NoSession. There is no valid administrator session.
Sm_PolicyApi_NoPrivilege. The administrator does not have the privilege to retrieve users.
Sm_PolicyApi_InvalidOID. The affiliate OID or user directory OID was not found.

Sm_PolicyApi_GetAgent()

Gets the contents of the agent identified by pszAgentOid. The results of this function are returned in a structure referenced by ppstructAgent.

Free the memory allocated for this structure by calling Sm_PolicyApi_FreeMemoryEx().

Type

Agent function, global scope.

Syntax

int SM_EXTERN Sm_PolicyApi_GetAgent (
   void*                    pSessionHandle,
   const char*              pszAgentOid,
   Sm_PolicyApi_Agent_t**   ppstructAgent
);

Parameter	I/O	Description
pSessionHandle	I	A pointer to an internal Policy Management API data structure. The structure holds information about the administrator session and the client session.
pszAgentOid	I	A null-terminated string containing the object identifier of an existing agent.
ppstructAgent	O	The address of a pointer to an agent structure.

Returns

Sm_PolicyApi_Success. The get operation was successful.
Sm_PolicyApi_Failure. Memory could not be allocated to Sm_PolicyApi_Agent_t.
Sm_PolicyApi_InvalidHandle. There was no valid initialization prior to this call.
Sm_PolicyApi_NoSession. There is no valid administrator session.
Sm_PolicyApi_NoPrivilege. The administrator does not have the privilege to get an agent.
Sm_PolicyApi_InvalidOid. An agent with the specified OID not found.

Sm_PolicyApi_GetAgentByName()

Gets the contents of the agent identified by szAgentName. The results of this function are returned in a structure referenced by ppstructAgent.

Free the memory allocated for this structure by calling Sm_PolicyApi_FreeMemoryEx().

Type

Agent function, global scope.

Syntax

int SM_EXTERN Sm_PolicyApi_GetAgentByName (
   void*                    pSessionHandle,
   const char*              pszAgentName,
   Sm_PolicyApi_Agent_t**   ppstructAgent
);

Parameter	I/O	Description
pSessionHandle	I	A pointer to an internal Policy Management API data structure. The structure holds information about the administrator session and the client session.
pszAgentName	I	A null-terminated string containing the name of an existing agent.
ppstructAgent	O	The address of a pointer to an agent structure.

Returns

Sm_PolicyApi_Success. The get operation was successful.
Sm_PolicyApi_Failure. Memory could not be allocated to Sm_PolicyApi_Agent_t.
Sm_PolicyApi_InvalidHandle. There was no valid initialization prior to this call.
Sm_PolicyApi_NoSession. There is no valid administrator session.
Sm_PolicyApi_NoPrivilege. The administrator does not have the privilege to get an agent.
Sm_PolicyApi_NotFound. An agent with the specified name not found.

Sm_PolicyApi_GetAgentConfig()

Retrieves an existing agent configuration object.

Type

Agent configuration function, global scope.

Syntax

int SM_EXTERN Sm_PolicyApi_GetAgentConfig (
   void*                            pSessionHandle,
   const char*                      pszAgentConfigOid,
   Sm_PolicyApi_AgentConfig_t**     ppstructAgentConfig
);

Parameter	I/O	Description
pSessionHandle	I	A pointer to an internal Policy Management API data structure. The structure holds information about the administrator session and the client session.
pszAgentConfigOid	I	Unique identifier of the agent configuration object to retrieve.
ppstructAgentConfig	O	Address of a pointer to a structure that defines the agent configuration object. The function allocates the structure.

Returns

Sm_PolicyApi_Success. The get operation was successful.
Sm_PolicyApi_Failure. Generalized failure.
Sm_PolicyApi_InvalidOid. The unique ID does not correspond to an agent configuration object.
Sm_PolicyApi_NoPrivilege. The caller does not have the privilege to retrieve an agent configuration object.
Sm_PolicyApi_InvalidHandle. The session pointer is not valid.

Sm_PolicyApi_GetAgentConfigByName()

Retrieves an existing agent configuration object by pszAgentConfigName.

Type

Agent configuration function, global scope.

Syntax

int SM_EXTERN Sm_PolicyApi_GetAgentConfigByName (

   void*                            pSessionHandle,
   const char*                      pszAgentConfigName,
   Sm_PolicyApi_AgentConfig_t**     ppstructAgentConfig
);

Parameter	I/O	Description
pSessionHandle	I	A pointer to an internal Policy Management API data structure. The structure holds information about the administrator session and the client session.
pszAgentConfigName	I	Unique name of the agent configuration object to retrieve.
ppstructAgentConfig	O	Address of a pointer to a structure that defines the agent configuration object. The function allocates the structure.

Returns

Sm_PolicyApi_Success. The get operation was successful.
Sm_PolicyApi_Failure. Generalized failure.
Sm_PolicyApi_NotFound. The unique name does not correspond to an agent configuration object.
Sm_PolicyApi_NoPrivilege. The caller does not have the privilege to retrieve an agent configuration object.
Sm_PolicyApi_InvalidHandle. The session pointer is not valid.
Sm_PolicyApi_NoSession. The API user is not properly logged in.

Sm_PolicyApi_GetAgentConfigAssociations()

Retrieves a list of configuration parameters for an agent configuration object.

Type

Agent configuration function, global scope.

Syntax

int SM_EXTERN Sm_PolicyApi_GetAgentConfigAssociations (
   void*                           pSessionHandle,
   const char*                     pszAgentConfigOid,
   Sm_PolicyApi_Association_t**    ppstructAssociations
);

Parameter	I/O	Description
pSessionHandle	I	A pointer to an internal Policy Management API data structure. The structure holds information about the administrator session and the client session.
pszAgentConfigOid	I	Unique identifier of the agent configuration object.
ppstructAssociations	O	A list of name/value pairs representing the configuration parameters for the agent configuration object.

Returns

Sm_PolicyApi_Success. The get operation was successful.
Sm_PolicyApi_Failure. Generalized failure.
Sm_PolicyApi_InvalidOid. The unique ID does not correspond to an agent configuration object.
Sm_PolicyApi_NoPrivilege. The caller does not have the privilege to retrieve configuration parameters for an agent configuration object.
Sm_PolicyApi_InvalidHandle. The session pointer is not valid.
Sm_PolicyApi_NoSession. The API user is not properly logged in.

Sm_PolicyApi_GetAgentType()

Gets the contents of the agent type object identified by pszAgentTypeOid. The results of this function will be returned in a structure referenced by ppstructAgentType.

Free the memory allocated for this structure by calling Sm_PolicyApi_FreeMemoryEx().

Type

Agent function, global scope.

Syntax

int SM_EXTERN Sm_PolicyApi_GetAgentType (
   void*                         pSessionHandle,
   const char*                   pszAgentTypeOid,
   Sm_PolicyApi_AgentType_t**    ppstructAgentType
);

Parameter	I/O	Description
pSessionHandle	I	A pointer to an internal Policy Management API data structure. The structure holds information about the administrator session and the client session.
pszAgentTypeOid	I	A null-terminated string containing the object identifier of an existing agent type.
ppstructAgentType	O	The address of a pointer to an agent type structure.

Returns

Sm_PolicyApi_Success. The get operation was successful.
Sm_PolicyApi_Failure. Memory could not be allocated for Sm_PolicyApi_AgentType_t.
Sm_PolicyApi_InvalidHandle. There was no valid initialization prior to this call.
Sm_PolicyApi_NoSession. There is no valid administrator session.
Sm_PolicyApi_NoPrivilege. The administrator does not have the privilege to get an agent type.
Sm_PolicyApi_InvalidOid. An agent type with the specified OID was not found.

Sm_PolicyApi_GetAgentTypeByName()

Gets the contents of the agent type object identified by pszAgentTypeName. The results of this function will be returned in a structure referenced by ppstructAgentType.

Free the memory allocated for this structure by calling Sm_PolicyApi_FreeMemoryEx().

Type

Agent function, global scope.

Syntax

int SM_EXTERN Sm_PolicyApi_GetAgentTypeByName (
   void*                         pSessionHandle,
   const char*                   pszAgentTypeName,
   Sm_PolicyApi_AgentType_t**    ppstructAgentType
);

Parameter	I/O	Description
pSessionHandle	I	A pointer to an internal Policy Management API data structure. The structure holds information about the administrator session and the client session.
pszAgentTypeName	I	A null-terminated string containing the name of an existing agent type.
ppstructAgentType	O	The address of a pointer to an agent type structure.

Returns

Sm_PolicyApi_Success. The get operation was successful.
Sm_PolicyApi_Failure. Memory could not be allocated for Sm_PolicyApi_AgentType_t.
Sm_PolicyApi_InvalidHandle. There was no valid initialization prior to this call.
Sm_PolicyApi_NoSession. There is no valid administrator session.
Sm_PolicyApi_NoPrivilege. The administrator does not have the privilege to get an agent type.
Sm_PolicyApi_NotFound.An agent type with the specified name was not found.

Sm_PolicyApi_GetAgentTypeAttr()

Returns one or all agent attributes:

If pszOid is of type Sm_PolicyApi_AgentType_Prop, the function returns all agent attributes.
If pszOid is of type Sm_PolicyApi_AgentTypeAttr_Prop, the function returns an agent type attribute object.

Type

Agent function, global scope.

Syntax

int SM_EXTERN Sm_PolicyApi_GetAgentTypeAttr (
   void*                            pSessionHandle,
   const char*                      pszOid,
   Sm_PolicyApi_AgentTypeAttr_t**   ppstructAgentTypeAttr
);

Parameter	I/O	Description
pSessionHandle	I	A pointer to an internal Policy Management API data structure. The structure holds information about the administrator session and the client session.
pszOid	I	A null-terminated string containing the object identifier of an existing agent type or agent type attribute.
ppstructAgentTypeAttr	O	The address of a pointer to an agent type attribute structure.

Returns

Sm_PolicyApi_Success. The get operation was successful.
Sm_PolicyApi_Failure. Memory could not be allocated for Sm_PolicyApi_AgentTypeAttr_t.
Sm_PolicyApi_InvalidHandle. There was no valid initialization prior to this call.
Sm_PolicyApi_NoSession. There is no valid administrator session.
Sm_PolicyApi_NoPrivilege. The administrator does not have the privilege to get an agent type or an agent type attribute.
Sm_PolicyApi_InvalidOid. An agent type or an agent type attribute with the specified OID was not found.

Sm_PolicyApi_GetAgentTypeAttrByName()

Returns an agent type attribute object by name.

Type

Agent function, global scope.

Syntax

int SM_EXTERN Sm_PolicyApi_GetAgentTypeAttrByName (
   void*                            pSessionHandle,
   const char*                      szAgentTypeName,
   Sm_PolicyApi_AgentTypeAttr_t**   ppstructAgentTypeAttr
);

Parameter	I/O	Description
pSessionHandle	I	A pointer to an internal Policy Management API data structure. The structure holds information about the administrator session and the client session.
szAgentTypeName	I	A null-terminated string containing the name of an existing agent type attribute.
ppstructAgentTypeAttr	O	The address of a pointer to an agent type attribute structure.

Returns

Sm_PolicyApi_Success. The get operation was successful.
Sm_PolicyApi_Failure. Memory could not be allocated for Sm_PolicyApi_AgentTypeAttr_t.
Sm_PolicyApi_InvalidHandle. There was no valid initialization prior to this call.
Sm_PolicyApi_NoSession. There is no valid administrator session.
Sm_PolicyApi_NoPrivilege. The administrator does not have the privilege to get an agent type or an agent type attribute.
Sm_PolicyApi_NotFound. An agent type attribute with the specified name was not found.

Sm_PolicyApi_GetAllAffiliateAttributes()

Gets all the attributes for an affiliate.

Type

Federation function

Syntax

int SM_EXTERN Sm_PolicyApi_GetAllAffiliateAttributes (
   void*                           pSessionHandle,
   const char*                     pszAffiliateOid,
   Sm_PolicyApi_AffiliateAttr_t**  ppstructAffiliateAttr
);

Parameter	I/O	Description
pSessionHandle	I	A pointer to an internal Policy Management API data structure. The structure holds information about the administrator session and the client session.
pszAffiliateOid	I	A null-terminated string containing the object identifier of an existing affiliate.
ppstruct AffiliateAttr	O	The address of a pointer to an affiliate attribute structure.

Returns

Sm_PolicyApi_Success. The affiliate attribute was retrieved successfully.
Sm_PolicyApi_Failure. The affiliate attribute was not retrieved successfully.
Sm_PolicyApi_InvalidHandle. There was no valid initialization prior to this call.
Sm_PolicyApi_NoSession. There is no valid administrator session.
Sm_PolicyApi_NoPrivilege. The administrator does not have the privilege to retrieve affiliate attributes.
Sm_PolicyApi_InvalidOID. The affiliate OID was not found.

Sm_PolicyApi_GetAllAffiliates()

Gets all affiliates in the specified affiliate domain.

Type

Federation function

Syntax

int SM_EXTERN Sm_PolicyApi_GetAllAffiliates (
   void*                        pSessionHandle,
   const char*                  pszAffiliateDomainOid,
   Sm_PolicyApi_Affiliate_t**   ppstructAffiliates
);

Parameter	I/O	Description
pSessionHandle	I	A pointer to an internal Policy Management API data structure. The structure holds information about the administrator session and the client session.
pszAffiliate DomainOid	I	A null-terminated string containing the object identifier of an existing affiliate domain.
ppstruct Affiliates	O	The address of a pointer to an affiliate structure.

Returns

Sm_PolicyApi_Success. The affiliates were retrieved successfully.
Sm_PolicyApi_Failure. The affiliates were not retrieved successfully.
Sm_PolicyApi_InvalidHandle. There was no valid initialization prior to this call.
Sm_PolicyApi_NoSession. There is no valid administrator session.
Sm_PolicyApi_NoPrivilege. The administrator does not have the privilege to retrieve affiliates.
Sm_PolicyApi_InvalidOID. The affiliate domain OID was not found.

Sm_PolicyApi_GetAllSAMLAffiliations()

Retrieves all existing SAML affiliation objects.

Type

SAML 2.0 Configuration function, global scope.

Syntax

int SM_EXTERN Sm_PolicyApi_GetAllSAMLAffiliations
(
   void*                              pSessionHandle,
   Sm_PolicyApi_SAMLAffiliation_t**   ppstructAffiliations
);

Parameter	I/O	Description
pSessionHandle	I	A pointer to an internal Policy Management API data structure. The structure holds information about the administrator session and the client session.
ppstruct Affiliations	O	The address of a pointer to SAML affiliation structures.

Returns

Sm_PolicyApi_Success. The SAML affiliations were retrieved successfully.
Sm_PolicyApi_Failure. The SAML affiliations were not retrieved successfully.
Sm_PolicyApi_InvalidHandle. There was no valid initialization prior to this call.
Sm_PolicyApi_NoSession. There is no valid administrator session.
Sm_PolicyApi_NoPrivilege. The administrator does not have the privilege to retrieve SAML affiliations.

Sm_PolicyApi_GetAllSAMLSchemeAttributes()

Returns a linked list of all attributes defined for a SAML Requester.

Syntax

int SM_EXTERN Sm_PolicyApi_AddAttributeToSAMLScheme(
   void*                                pHandle,
   const Sm_PolicyApi_Scheme_t*         pstructScheme,
   const Sm_PolicyApi_SAMLRequesterAttr_t*     pAttr
);

Parameter	I/O	Description
pHandle	I	A pointer to an internal Policy Management API data structure. The structure holds information about the administrator session and the client session.
pstructScheme	I	A pointer to a completely filled-in scheme structure.
pAttr	O	A pointer that will be assigned to the first Sm_PolicyApi_SAMLRequesterAttr_t structure in the returned list of attributes.

Returns

Sm_PolicyApi_Success. The SAML Requester attributes were returned successfully.
Sm_PolicyApi_Failure. The SAML Requester attributes were not returned successfully.
Sm_PolicyApi_InvalidHandle. There was no valid initialization prior to this call.
Sm_PolicyApi_NoSession. There is no valid administrator session.
Sm_PolicyApi_NoPrivilege. The administrator does not have the privilege to obtain SAML Requester attributes.
Sm_PolicyApi_SAMLIDP_IncorrectParameters. Supplied SAML provided properties are incomplete or incorrect.
Sm_PolicyApi_DuplicateAttribute. An attribute already exists with the same Name and NameFormat.

Sm_PolicyApi_GetAllSAMLServiceProviders()

Retrieves all the Service Providers in the specified affiliate domain.

Type

SAML 2.0 Configuration function, domain scope.

Syntax

int SM_EXTERN Sm_PolicyApi_GetAllSAMLServiceProviders
(
   void*                             pSessionHandle,
   const char*                       pszAffiliateDomainOid,
   Sm_PolicyApi_SAMLSP_t**           ppstructSAMLSPs
);

Parameter	I/O	Description
pSessionHandle	I	A pointer to an internal Policy Management API data structure. The structure holds information about the administrator session and the client session.
pszAffiliate DomainOid	I	A null-terminated string containing the object identifier of an existing affiliate domain.
ppstructSAMLSPs	O	The address of a pointer to Service Provider structures.

Returns

Sm_PolicyApi_Success. Service Providers were retrieved successfully.
Sm_PolicyApi_Failure. Service Providers were not retrieved successfully.
Sm_PolicyApi_InvalidHandle. There was no valid initialization prior
to this call.
Sm_PolicyApi_NoSession. There is no valid administrator session.
Sm_PolicyApi_NoPrivilege. The administrator does not have the privilege to retrieve Service Providers.
Sm_PolicyApi_InvalidOID. The affiliate domain object identifier was not found.

Sm_PolicyApi_GetAllSAMLSPAssertionConsumerService()

Retrieves a list of all the Assertion Consumer Services currently in the policy store.

Note: The list of Assertion Consumer Service structures that is returned by this function must be freed using the Sm_PolicyApi_FreeMemory function.

Type

Federation function

Syntax

int SM_EXTERN Sm_PolicyApi_GetAllSAMLSPAssertionConsumerService(
   void* pSessionHandle,
   const Sm_PolicyApi_SAMLSPAssertionConsumerService_t** 
                ppstructSAMLSPAssertionConsumerService,
   const char* pszSAMLSPOid
);

Parameter	I/O	Description
pSessionHandle	I	A pointer to an internal Policy Management API data structure. The structure holds information about the administrator session and the client session.
ppstructSAMLSPAssertion ConsumerServiceAttr	I	A pointer to an array of Assertion Consumer Service structures.
pszSAMLSPOid	I	A pointer to a string containing the OID of the Service Provider.

Returns

Sm_PolicyApi_Success. The array of Assertion Consumer Services was retrieved successfully.
Sm_PolicyApi_Failure - The array of Assertion Consumer Services was not retrieved successfully.
Sm_PolicyApi_InvalidHandle - There was no valid initialization prior to this call.
Sm_PolicyApi_NoSession - There is no valid administrator session.
Sm_PolicyApi_NoPrivilege - The administrator does not have the privilege to remove Attributes from a SAML Service Provider.

Sm_PolicyApi_GetAllSAMLSPAttributes()

Retrieves all the attributes associated with the specified Service Provider.

Type

SAML 2.0 Configuration function, domain scope.

Syntax

int SM_EXTERN Sm_PolicyApi_GetAllSAMLSPAttributes
(
   void*                              pHandle,
   const char*                        pszSAMLSPOid,
   Sm_PolicyApi_SAMLSPAttr_t**        ppstructSAMLSPAttr
);

Parameter	I/O	Description
pHandle	I	A pointer to an internal Policy Management API data structure. The structure holds information about the administrator session and the client session.
pszSAMLSPOid	I	A null-terminated string containing the object identifier of an existing Service Provider.
ppstructSAML SPAttr	O	The address of a pointer to attribute structures.

Returns

Sm_PolicyApi_Success. The attributes were retrieved successfully.
Sm_PolicyApi_Failure. The attributes were not retrieved successfully.
Sm_PolicyApi_InvalidHandle. There was no valid initialization prior to this call.
Sm_PolicyApi_NoSession. There is no valid administrator session.
Sm_PolicyApi_NoPrivilege. The administrator does not have the privilege to retrieve attributes from a SAML Service Provider.

Sm_PolicyApi_GetAllWSFEDResourcePartners()

Retrieves all existing Resource Partner objects.

Syntax

int SM_EXTERN Sm_PolicyApi_GetAllWSFEDResourcePartners (
        void* pSessionHandle,
        const char * pszAffiliateDomainOid,
        Sm_PolicyApi_WSFEDResourcePartner_t** ppResourcePartners
);

Parameters

pSessionHandle: [in] A pointer to an internal Policy Management API data structure. The structure holds information about the administrator session and the client session.
pszAffiliateDomainOid: [in] A null-terminated string containing the object identifier of an existing affiliate domain.
ppResourcePartners: [out] The address of the pointer to WS-Federation Resource Partner structures.

Return Values

Sm_PolicyApi_Success. The Resource Partner was retrieved successfully.
Sm_PolicyApi_Failure. The Resource Partner was not retrieved successfully.
Sm_PolicyApi_InvalidHandle. There was no valid initialization prior to this call.
Sm_PolicyApi_NoSession. There is no valid administrator session.
Sm_PolicyApi_NoPrivilege. The administrator does not have the privilege to retrieve an affiliate.
Sm_PolicyApi_InvalidOID. The affiliate domain OID was not found.

Sm_PolicyApi_GetAuthAzMap()

Gets the contents of an authentication and authorization directory mapping object.

Type

Authentication/Authorization map function, global scope.

Syntax

int SM_EXTERN Sm_PolicyApi_GetAuthAzMap (
   void*                         pSessionHandle,
   const char*                   pszAuthAzMapOid,
   Sm_PolicyApi_AuthAzMap_t**    ppAuthAzMap
);

Parameter	I/O	Description
pSessionHandle	I	A pointer to an internal Policy Management API data structure. The structure holds information about the administrator session and the client session.
pszAuthAzMapOid	I	A null-terminated string containing the object identifier of the directory mapping object.
pszAuthAzMap	O	The address of a pointer to an Sm_PolicyApi_AuthAzMap_t structure.

Returns

Sm_PolicyApi_Success. The get operation was successful.
Sm_PolicyApi_Failure. Memory could not be allocated for Sm_PolicyApi_AuthAzMap_t.
Sm_PolicyApi_InvalidHandle. There was no valid initialization prior to this call.
Sm_PolicyApi_NoSession. There is no valid administrator session.
Sm_PolicyApi_NoPrivilege. The administrator does not have the privilege to get a directory mapping object.
Sm_PolicyApi_InvalidOid. The directory-mapping OID was not found.

Sm_PolicyApi_GetCertMap()

Retrieves a certificate mapping object.

Type

Certificate map function, global scope.

Syntax

int SM_EXTERN Sm_PolicyApi_GetCertMap (
   void*                        pSessionHandle,
   const char*                  pszCertMapOid,
   Sm_PolicyApi_CertMap_t**     ppCertMap
);

Parameter	I/O	Description
pSessionHandle	I	A pointer to an internal Policy Management API data structure. The structure holds information about the administrator session and the client session.
pszCertMapOid	I	A null-terminated string containing the object identifier of the certificate mapping object.
ppCertMap	O	The address of a pointer to an Sm_PolicyApi_CertMap_t structure.

Returns

Sm_PolicyApi_Success. The get operation was successful.
Sm_PolicyApi_Failure. Memory could not be allocated for Sm_PolicyApi_CertMap_t.
Sm_PolicyApi_InvalidHandle. There was no valid initialization prior to this call.
Sm_PolicyApi_NoSession. There is no valid administrator session.
Sm_PolicyApi_NoPrivilege. The administrator does not have the privilege to get a certificate mapping object.
Sm_PolicyApi_InvalidOid. A certificate mapping object matching the specified OID was not found.

Sm_PolicyApi_GetChildren()

Builds the hierarchical realm and rule tree.

This function retrieves a list of OIDs. The OIDs are of type realms, or realms and rules. If the function is called with a domain OID, it retrieves a list of top-level realm OIDs. If the function is called with a realm OID, it retrieves a list of realm and rule OIDs under that realm. The iObjectId field in Sm_PolicyApi_Oid_t specifies the type of OID.

If there are no children for the domain or realm OID, the function returns an empty list.

Type

Realm function, domain scope.

Syntax

int SM_EXTERN Sm_PolicyApi_GetChildren (
   void*                  pSessionHandle,
   const char*            pszOid,
   Sm_PolicyApi_Oid_t**   ppStructObject
);

Parameter	I/O	Description
pSessionHandle	I	A pointer to an internal Policy Management API data structure. The structure holds information about the administrator session and the client session.
pszOid	I	A null-terminated string containing the object identifier of a domain or a realm.
ppStructObject	O	The address of a pointer to a Sm_PolicyApi_Oid_t structure.

Returns

Sm_PolicyApi_Success. The get was successful.
Sm_PolicyApi_Failure. Memory could not be allocated for Sm_PolicyApi_Oid_t.
Sm_PolicyApi_NoSession. There is no valid administrator session.
Sm_PolicyApi_InvalidHandle. There was no valid initialization prior to this call.
Sm_PolicyApi_NoPrivilege. The administrator does not have the privilege to get a list of realms and rules.
Sm_PolicyApi_InvalidOid. The domain or realm OID was not found.
Sm_PolicyApi_NoChildren. The domain has no realms or the realm has no realms or rules.

Sm_PolicyApi_GetDirectoryContents()

Retrieves a linked list of user structures (referenced by ppStructUsers) for a particular user directory.

The granularity of the response to this function is governed by the following registry entry:

HKLM\Software\Netegrity\SiteMinder\CurrentVersion\Ds\ClassFilters

Free the memory allocated for the returned structures by calling Sm_PolicyApi_FreeMemoryEx().

Type

User directory function, global scope.

Syntax

int SM_EXTERN Sm_PolicyApi_GetDirectoryContents (
   void*                     pSessionHandle,
   const char*               pszUserDirOid,
   Sm_PolicyApi_User_t**     ppStructUserSpec
);

Parameter	I/O	Description
pSessionHandle	I	A pointer to an internal Policy Management API data structure. The structure holds information about the administrator session and the client session.
pszUserDirOid	I	A null-terminated string containing the object identifier of an existing user directory.
ppStructUserSpec	O	The address of a pointer to a user structure.

Returns

Sm_PolicyApi_Success. The retrieve operation was successful.
Sm_PolicyApi_NoSession. There is no valid administrator session.
Sm_PolicyApi_InvalidHandle. There was no valid initialization prior to this call.
Sm_PolicyApi_InvalidOid. The user directory OID was not found.

Sm_PolicyApi_GetDisabledUserState()

Retrieves the disabled state of a user.

To make this function work successfully, you must specify a directory attribute to track disabled users. This attribute is specified in the disabled flag of the user directory. The disabled reasons are enumerated in Sm_Api_DisabledReason_t, which is defined in SmApi.h.

Type

User and user state function.

Syntax

int SM_EXTERN Sm_PolicyApi_GetDisabledUserState (
   void*                      pSessionHandle,
   const char*                pszUserDirOid,
   const char*                pszUserDN,
   Sm_Api_DisabledReason_t*   nDisabledReason,
   char**                     pszErrMsg
);

Parameter	I/O	Description
pSessionHandle	I	A pointer to an internal Policy Management API data structure. The structure holds information about the administrator session and the client session.
pszUserDirOid	I	A null-terminated string containing the object identifier of an existing user directory where the user may be found.
pszUserDN	I	A null-terminated string containing the distinguished name of a user whose disabled state is to be changed.
nDisabledReason	O	Reason for disabling or enabling a user. Reasons are enumerated in Sm_Api_DisabledReason_t, which is defined in SmApi.h.
pszErrMsg	O	The error message is held in this string if the retrieval was not successful. You release the memory allocated for this variable by calling Sm_PolicyApi_FreeString().

Returns

Sm_PolicyApi_Success. The get was successful.
Sm_PolicyApi_Failure:
- The disable state was not retrieved.
- Memory could not be allocated to pszErrMsg.
Sm_PolicyApi_InvalidHandle. There was no valid initialization prior to this call.
Sm_PolicyApi_NoSession. There is no valid administrator session.
Sm_PolicyApi_NoPrivilege. The administrator does not have the privilege to get disabled user state.
Sm_PolicyApi_InvalidOid. The user directory OID was not found.

Sm_PolicyApi_GetDomain()

Gets the contents of the domain identified by pszDomainOid. The results of this function are returned in a structure referenced by ppstructDomain.

Free the memory allocated for this structure by calling Sm_PolicyApi_FreeMemoryEx().

Type

Domain function, global scope.

Syntax

int SM_EXTERN Sm_PolicyApi_GetDomain (
   void*                      pSessionHandle,
   const char*                pszDomainOid,
   Sm_PolicyApi_Domain_t**    ppstructDomain
);

Parameter	I/O	Description
pSessionHandle	I	A pointer to an internal Policy Management API data structure. The structure holds information about the administrator session and the client session.
pszDomainOid	I	A null-terminated string containing the object identifier of an existing domain.
ppstructDomain	O	The address of a pointer to a domain structure.

Returns

Sm_PolicyApi_Success. The get operation was successful.
Sm_PolicyApi_Failure. Memory could not be allocated for Sm_PolicyApi_Domain_t.
Sm_PolicyApi_InvalidHandle. There was no valid initialization prior to this call.
Sm_PolicyApi_NoSession. There is no valid administrator session.
Sm_PolicyApi_NoPrivilege. The administrator does not have the privilege to get a domain.
Sm_PolicyApi_InvalidOid. The domain OID was not found.

Sm_PolicyApi_GetDomainByName()

Gets the contents of the domain identified by pszDomainName. The results of this function are returned in a structure referenced by ppstructDomain.

Free the memory allocated for this structure by calling Sm_PolicyApi_FreeMemoryEx().

Type

Domain function, global scope.

Syntax

int SM_EXTERN Sm_PolicyApi_GetDomainByName (
   void*                      pSessionHandle,
   const char*                pszDomainName,
   Sm_PolicyApi_Domain_t**    ppstructDomain
);

Parameter	I/O	Description
pSessionHandle	I	A pointer to an internal Policy Management API data structure. The structure holds information about the administrator session and the client session.
pszDomainName	I	A null-terminated string containing the name of an existing domain.
ppstructDomain	O	The address of a pointer to a domain structure.

Returns

Sm_PolicyApi_Success. The get operation was successful.
Sm_PolicyApi_Failure. Memory could not be allocated for Sm_PolicyApi_Domain_t.
Sm_PolicyApi_InvalidHandle. There was no valid initialization prior to this call.
Sm_PolicyApi_NoSession. There is no valid administrator session.
Sm_PolicyApi_NoPrivilege. The administrator does not have the privilege to get a domain.
Sm_PolicyApi_NotFound. The domain name was not found.

Sm_PolicyApi_GetDomainObjects()

Retrieves the OIDs of domain objects for a given object type within the domain identified by pszDomainOid. The returned values are contained in the Sm_PolicyApi_Oid_t structure.

Free the memory allocated for this structure by calling Sm_PolicyApi_FreeMemoryEx().

Type

Domain function, global scope.

Syntax

int SM_EXTERN Sm_PolicyApi_GetDomainObjects (
   void*                         pSessionHandle,
   const char*                   pszDomainOid,
   const Sm_PolicyApi_Objects_t  nObjectId,
   Sm_PolicyApi_Oid_t**          ppstructObject
);

Parameter	I/O	Description
pSessionHandle	I	A pointer to an internal Policy Management API data structure. The structure holds information about the administrator session and the client session.
pszDomainOid	I	A null-terminated string containing the object identifier of an existing domain.
nObjectId	I	The type of domain object to retrieve, as enumerated in Sm_PolicyApi_Objects_t.
ppstructObject	O	The address of a pointer to a Sm_PolicyApi_Oid_t structure.

Returns

Sm_PolicyApi_Success. The get operation was successful.
Sm_PolicyApi_Failure. Memory could not be allocated for Sm_PolicyApi_Oid_t.
Sm_PolicyApi_InvalidHandle. There was no valid initialization prior to this call.
Sm_PolicyApi_NoSession. There is no valid administrator session.
Sm_PolicyApi_NoPrivilege. The administrator does not have the privilege to get domain-based objects.
Sm_PolicyApi_InvalidOid. The domain OID was not found.

Sm_PolicyApi_GetGlobalObjects()

Retrieves the object identifiers of global objects of a specified type. Beginning at SiteMinder v6.0, this function will accept rule, policy, and response properties as global objects, and will return global rules, policies, and responses.

The returned values are contained in structure Sm_PolicyApi_Oid_t. Free the memory allocated for this structure by calling Sm_PolicyApi_FreeMemoryEx().

Note: In releases prior to SiteMinder v4.5, the functionality provided by Sm_PolicyApi_GetGlobalObjects() was provided by Sm_PolicyApi_GetGlobalObjectNames().

Type

General object function, global scope.

Syntax

int SM_EXTERN Sm_PolicyApi_GetGlobalObjects (
   void*                          pSessionHandle,
   const Sm_PolicyApi_Objects_t   nObjectId,
   Sm_PolicyApi_Oid_t**           ppstructObject
);

Parameter	I/O	Description
pSessionHandle	I	A pointer to an internal Policy Management API data structure. The structure holds information about the administrator session and the client session.
nObjectId	I	The type of global object to retrieve. Object types are enumerated in Sm_PolicyApi_Objects_t.
ppstructObject	O	The address of a pointer to a Sm_PolicyApi_Oid_t structure.

Returns

Sm_PolicyApi_Success. The get operation was successful.
Sm_PolicyApi_Failure. Memory could not be allocated to Sm_PolicyApi_Oid_t.
Sm_PolicyApi_NoSession. There is no valid administrator session.
Sm_PolicyApi_InvalidHandle. There was no valid initialization prior to this call.
Sm_PolicyApi_NoPrivilege. The administrator does not have the privilege to get global objects.
Sm_PolicyApi_Invalid. A non-global object identifier was specified.

Sm_PolicyApi_GetGlobalPolicyByName()

Gets a specified global policy.

The results of this function are returned in a structure referenced by ppstructPolicy. Free the memory allocated for this structure by calling Sm_PolicyApi_FreeMemoryEx().

Type

Administrator function, global scope.

Syntax

int SM_EXTERN Sm_PolicyApi_GetGlobalPolicyByName (
   void*                    pHandle,
   const char*              szPolicyName,
   Sm_PolicyApi_Policy_t**  ppstructPolicy
);

Parameter	I/O	Description
pHandle	I	A pointer to an internal Policy Management API data structure. The structure holds information about the administrator session and the client session.
szPolicyName	I	Unique name that corresponds to a global policy.
ppstructPolicy	O	The address of a pointer to a policy structure.

Returns

Sm_PolicyApi_Success. The get operation was successful.
Sm_PolicyApi_Failure. Memory could not be allocated to Sm_PolicyApi_Policy_t.
Sm_PolicyApi_InvalidHandle. There was no valid initialization prior to this call.
Sm_PolicyApi_NoSession. There is no valid administrator session.
Sm_PolicyApi_NoPrivilege. The administrator does not have the privilege to get a policy.
Sm_PolicyApi_NotFound. The policy name was not found.

Sm_PolicyApi_GetGlobalResponseByName()

Gets the specified global response.

The results of this function are returned in a structure referenced by ppstructResponse.

Free the memory allocated for this structure by calling Sm_PolicyApi_FreeMemoryEx().

Type

Administrator function, global scope.

Syntax

int SM_EXTERN Sm_PolicyApi_GetGlobalResponseByName (
   void*                     pHandle,
   const char*               szResponseName,
   Sm_PolicyApi_Response_t**   ppstructReponse
);

Parameter	I/O	Description
pHandle	I	A pointer to an internal Policy Management API data structure. The structure holds information about the administrator session and the client session.
szResponseName	I	Unique name that corresponds to a global response.
ppstructResponse	O	The address of a pointer to a response structure.

Returns

Sm_PolicyApi_Success. The get operation was successful.
Sm_PolicyApi_Failure. Memory could not be allocated to Sm_PolicyApi_Response_t.
Sm_PolicyApi_NoSession. There is no valid administrator session.
Sm_PolicyApi_InvalidHandle. There was no valid initialization prior to this call.
Sm_PolicyApi_NoPrivilege. The administrator does not have the privilege to get a scheme.
Sm_PolicyApi_NotFound. The global response name was not found.

Sm_PolicyApi_GetGlobalRuleByName()

Gets the specified global rule.

The results of this function are returned in a structure referenced by ppstructRule.

Free the memory allocated for this structure by calling Sm_PolicyApi_FreeMemoryEx().

Type

Administrator function, global scope.

Syntax

int SM_EXTERN Sm_PolicyApi_GetGlobalRuleByName (
   void*                     pHandle,
   const char*               szRuleName,
   Sm_PolicyApi_Rule_t**   ppstructRule
);

Parameter	I/O	Description
pHandle	I	A pointer to an internal Policy Management API data structure. The structure holds information about the administrator session and the client session.
szRuleName	I	Unique name that corresponds to a global rule.
ppstructRule	O	The address of a pointer to a response structure.

Returns

Sm_PolicyApi_Success. The get operation was successful.
Sm_PolicyApi_Failure. Memory could not be allocated to Sm_PolicyApi_Rule_t.
Sm_PolicyApi_InvalidHandle. There was no valid initialization prior to this call.
Sm_PolicyApi_NoSession. There is no valid administrator session.
Sm_PolicyApi_NoPrivilege. The administrator does not have the privilege to get a scheme.
Sm_PolicyApi_NotFound. The global rule name was not found.

Sm_PolicyApi_GetGroup()

Gets the contents of the group object identified by pszGroupOid. The results of this function are returned in a structure referenced by ppStructGroup.

The pszDomainOid parameter is required by a rule or response group. An agent group does not require a domain OID because it is not a domain-based object.

Free the memory allocated for this structure by calling Sm_PolicyApi_FreeMemoryEx().

Type

Group function, global scope (agents) or domain scope (responses, rules).

Syntax

int SM_EXTERN Sm_PolicyApi_GetGroup (
   void*                   pSessionHandle,
   Sm_PolicyApi_Groups_t   dwGroup,
   const char*             pszGroupOid,
   const char*             pszDomainOid,
   Sm_PolicyApi_Group_t**  ppStructGroup
);

Parameter	I/O	Description
pSessionHandle	I	A pointer to an internal Policy Management API data structure. The structure holds information about the administrator session and the client session.
dwGroup	I	The type of group to be retrieved.
pszGroupOid	I	A null-terminated string containing the object identifier of the group object being retrieved.
pszDomainOid	I	A null-terminated string containing the object identifier of an existing domain. Required parameter for rule or response groups.
ppStructGroup	O	The address of a pointer to a group structure.

Returns

Sm_PolicyApi_Success. The get was successful.
Sm_PolicyApi_Failure. The get was not successful.
Sm_PolicyApi_InvalidHandle. There was no valid initialization prior to this call.
Sm_PolicyApi_NoSession. There is no valid administrator session.
Sm_PolicyApi_NoPrivilege. The administrator does not have the privilege to get the contents of a group.
Sm_PolicyApi_InvalidOid:
- The group OID was not found.
- The domain OID was not found (for a domain-based group).
Sm_PolicyApi_BadGroup. The dwGroup parameter is not the rule, response, or agent type.

Sm_PolicyApi_GetGroupByName()

Gets the contents of the group object identified by pszGroupName. The results of this function are returned in a structure referenced by ppStructGroup.

The pszDomainOid parameter is required by a rule or response group. An agent group does not require a domain OID because it is not a domain-based object.

Free the memory allocated for this structure by calling Sm_PolicyApi_FreeMemoryEx().

Type

Group function, global scope (agents) or domain scope (responses, rules).

Syntax

int SM_EXTERN Sm_PolicyApi_GetGroupByName (
   void*                   pSessionHandle,
   Sm_PolicyApi_Groups_t   dwGroup,
   const char*             pszGroupName,
   const char*             pszDomainOid,
   Sm_PolicyApi_Group_t**  ppStructGroup
);

Parameter	I/O	Description
pSessionHandle	I	A pointer to an internal Policy Management API data structure. The structure holds information about the administrator session and the client session.
dwGroup	I	The type of group to be retrieved.
pszGroupOid	I	A null-terminated string containing the object identifier of the group object being retrieved.
pszDomainName	I	A null-terminated string containing the name of an existing domain. Required parameter for rule or response groups.
ppStructGroup	O	The address of a pointer to a group structure.

Returns

Sm_PolicyApi_Success. The get was successful.
Sm_PolicyApi_Failure. The get was not successful.
Sm_PolicyApi_InvalidHandle. There was no valid initialization prior to this call.
Sm_PolicyApi_NoSession. There is no valid administrator session.
Sm_PolicyApi_NoPrivilege. The administrator does not have the privilege to get the contents of a group.
Sm_PolicyApi_InvalidOid. The domain OID was not found (for a domain-based group).
SmPolicyApi_Notfound. The group name was not found.
Sm_PolicyApi_BadGroup. The dwGroup parameter is not the rule, response, or agent type.

Sm_PolicyApi_GetGroupOids()

Retrieves the object identifiers contained within a group object. The results of this function are returned in a structure referenced by ppStructObjects.

Free the memory allocated for this structure by calling Sm_PolicyApi_FreeMemoryEx().

pszDomainOid is required by a rule group or response group. An agent group does not require a domain OID because it is not a domain-based object.

Note: At releases prior to SiteMinder v4.5, the functionality provided by Sm_PolicyApi_GetGroupOids() was provided by Sm_PolicyApi_GetGroupNames().

Type

Group function, global scope (agents) or domain scope (responses, rules).

Syntax

int SM_EXTERN Sm_PolicyApi_GetGroupOids (
   void*                   pSessionHandle,
   Sm_PolicyApi_Groups_t   dwGroup,
   const char*             pszGroupOid,
   const char*             pszDomainOid,
   Sm_PolicyApi_Oid_t**    ppStructObjects
);

Parameter	I/O	Description
pSessionHandle	I	A pointer to an internal Policy Management API data structure. The structure holds information about the administrator session and the client session.
dwGroup	I	Indicates the type of the group from which to retrieve object identifiers.
pszGroupOid	I	A null-terminated string containing the object identifier of a group of the type indicated by dwGroup.
pszDomainOid	I	A null-terminated string containing the object identifier of an existing domain. Required parameter for rule or response group.
ppStructObjects	O	A pointer to the address of an object structure.

Returns

Sm_PolicyApi_Success. The get was successful.
Sm_PolicyApi_Failure. The get was not successful or memory could not be allocated to Sm_PolicyApi_Oid_t.
Sm_PolicyApi_InvalidHandle. There was no valid initialization prior to this call.
Sm_PolicyApi_NoSession. There is no valid administrator session.
Sm_PolicyApi_NoPrivilege. The administrator does not have the privilege to get group OIDs.
Sm_PolicyApi_InvalidOid:
- The group OID was not found.
- The domain OID was not found (for a domain-based group).
Sm_PolicyApi_BadGroup. Parameter dwGroup is not the rule, response, or agent type.

Sm_PolicyApi_GetHostConfig()

Retrieves an existing host configuration object.

Type

Agent configuration function, global scope.

Syntax

int SM_EXTERN Sm_PolicyApi_GetHostConfig (
   void*                              pSessionHandle,            
   const char*                        pszHostConfigOid,
   Sm_PolicyApi_HostConfig_t**        ppstructHostConfig
);

Parameter	I/O	Description
pSessionHandle	I	A pointer to an internal Policy Management API data structure. The structure holds information about the administrator session and the client session.
pszHostConfigOid	I	Unique identifier of the host configuration object to retrieve.
ppstructHostConfig	O	Address of a pointer to a structure that defines the host configuration object. The function allocates the structure.

Returns

Sm_PolicyApi_Success. The get operation was successful.
Sm_PolicyApi_Failure. Generalized failure.
Sm_PolicyApi_InvalidOid. The unique ID does not correspond to a host configuration object.
Sm_PolicyApi_NoPrivilege. The caller does not have the privilege to get a host configuration object.
Sm_PolicyApi_InvalidHandle. The session pointer is not valid.
Sm_PolicyApi_NoSession. The API user is not properly logged in.

Sm_PolicyApi_GetHostConfigByName()

Retrieves an existing host configuration object.

Type

Agent configuration function, global scope.

Syntax

int SM_EXTERN Sm_PolicyApi_GetHostConfigByName (
   void*                              pSessionHandle,            
   const char*                        pszHostConfigName,
   Sm_PolicyApi_HostConfig_t**        ppstructHostConfig
);

Parameter	I/O	Description
pSessionHandle	I	A pointer to an internal Policy Management API data structure. The structure holds information about the administrator session and the client session.
pszHostConfigName	I	Unique name of the host configuration object to retrieve.
ppstructHostConfig	O	Address of a pointer to a structure that defines the host configuration object. The function allocates the structure.

Returns

Sm_PolicyApi_Success. The get operation was successful.
Sm_PolicyApi_Failure. Generalized failure.
Sm_PolicyApi_NotFound. The unique name does not correspond to a host configuration object.
Sm_PolicyApi_NoPrivilege. The caller does not have the privilege to get a host configuration object.
Sm_PolicyApi_InvalidHandle. The session pointer is not valid.
Sm_PolicyApi_NoSession. The API user is not properly logged in.

Sm_PolicyAPI_GetMessageConsumerPluginFromSAML1xScheme()

Gets a message consumer plugin setting from a SAML 1.x authentication scheme.

Syntax

int SM_EXTERN Sm_PolicyApi_GetMessageConsumerPluginFromSAML1xScheme(
   void*    pHandle,
   char*    pszSchemeOID,
   char**   pluginClass,
   char**   pluginParam                        
);

Parameters

phandle: [in] A pointer to an internal Policy Management API data structure. The structure holds information about the administrator session and the client session.
pszSchemeOid: [in] A pointer to the OID of the authentication scheme that is being updated.
pluginClass: [out] A pointer to the name of the plugin class to be read in from the authentication scheme,
pluginParam: [out] A pointer to the parameters of the plugin class to be read in from the authentication scheme.

Returns

Sm_PolicyApi_Success. The action was completed successfully.
Sm_PolicyApi_Failure. The action was unsuccessful.
Sm_PolicyApi_InvalidHandle. There was no valid initialization prior to this call.
Sm_PolicyApi_SchemeNotFound. The authentication scheme corresponding to the OID was not found, or was not a SAML 1.x authentication scheme.
Sm_PolicyApi_InvalidOid. The OID of the authentication scheme is NULL.

Sm_PolicyApi_GetODBCQueryScheme()

Gets the contents of the ODBC Query Scheme object identified by pszODBCQuerySchemeOid.

The results of this function are returned in a structure referenced by pstructODBCQueryScheme. Free the memory allocated for this structure calling Sm_PolicyApi_FreeMemoryEx().

Type

ODBC query scheme function, global scope.

Syntax

int SM_EXTERN Sm_PolicyApi_GetODBCQueryScheme (
   void*                             pSessionHandle,
   const char*                       pszODBCQuerySchemeOid,
   Sm_PolicyApi_ODBCQueryScheme_t**  pstructODBCQueryScheme
);

Parameter	I/O	Description
pSessionHandle	I	A pointer to an internal Policy Management API data structure. The structure holds information about the administrator session and the client session.
pszODBCQuerySchemeOid	I	A null-terminated string containing the object identifier of an existing ODBC Query Scheme.
pstructODBCQueryScheme	O	The address of a pointer to a ODBC query scheme.

Returns

Sm_PolicyApi_Success. The get operation was successful.
Sm_PolicyApi_Failure. Memory could not be allocated for Sm_PolicyApi_ODBCQueryScheme_t.
Sm_PolicyApi_InvalidHandle. There was no valid initialization prior to this call.
Sm_PolicyApi_NoSession. There is no valid administrator session.
Sm_PolicyApi_NoPrivilege. The administrator does not have the privilege to get an ODBC Query Scheme.
Sm_PolicyApi_InvalidOid. The ODBC Query Scheme OID was not found.

Sm_PolicyApi_GetODBCQuerySchemeByName()

Gets the contents of the ODBC Query Scheme object identified by pszODBCQuerySchemeName.

The results of this function are returned in a structure referenced by pstructODBCQueryScheme. Free the memory allocated for this structure calling Sm_PolicyApi_FreeMemoryEx().

Type

ODBC query scheme function, global scope.

Syntax

int SM_EXTERN Sm_PolicyApi_GetODBCQuerySchemeByName (
   void*                             pSessionHandle,
   const char*                       pszODBCQuerySchemeName,
   Sm_PolicyApi_ODBCQueryScheme_t**  pstructODBCQueryScheme
);

Parameter	I/O	Description
pSessionHandle	I	A pointer to an internal Policy Management API data structure. The structure holds information about the administrator session and the client session.
pszODBCQuerySchemeName	I	A null-terminated string containing the name of an existing ODBC Query Scheme.
pstructODBCQueryScheme	O	The address of a pointer to a ODBC query scheme.

Returns

Sm_PolicyApi_Success. The get operation was successful.
Sm_PolicyApi_Failure. Memory could not be allocated for Sm_PolicyApi_ODBCQueryScheme_t.
Sm_PolicyApi_InvalidHandle. There was no valid initialization prior to this call.
Sm_PolicyApi_NoSession. There is no valid administrator session.
Sm_PolicyApi_NoPrivilege. The administrator does not have the privilege to get an ODBC Query Scheme.
Sm_PolicyApi_NotFound. The ODBC Query Scheme name was not found.

Sm_PolicyApi_GetOneTimeUsePropFromAffiliate()

Retrieves the value of the OneTimeUse property for an assertion in a SAML 1.x affiliate.

Syntax

int SM_EXTERN Sm_PolicyApi_GetOneTimeUsePropFromAffiliate(
   void*    pHandle,
   char*    pszAffiliateOID,
   bool     &bOneTimeUse
                           
);

Parameters

pHandle: [in] A pointer to an internal Policy Management API data structure. The structure holds information about the administrator session and the client session.
pszAffiliateOid: [in] A pointer to the OID of an existing SMAL 1.x affiliate.
bOneTimeUse: [in] A Boolean value that specifies whether an assertion is used only once in this affiliate.

Returns

Sm_PolicyApi_Success. The action was completed successfully.
Sm_PolicyApi_Failure. The action was unsuccessful.
Sm_PolicyApi_NoSession. There was no valid initialization prior to this call.
Sm_PolicyApi_NoPrivilege. The administrator did not have sufficient access privileges.

Sm_PolicyApi_GetPasswordMsg()

Gets information about an error that occurred during an attempt to validate a new password.

Call this function when Sm_PolicyApi_SetPassword() returns the error code Sm_PolicyApi_InvalidPasswordSyntax.

Type

User and user state function.

Syntax

int SM_EXTERN Sm_PolicyApi_GetPasswordMsg (
   void*                              pSessionHandle,
   const char*                        pszPasswordMsg,
   unsigned int*                      nVersion,
   unsigned int*                      nMsgId,
   unsigned int*                      nArgs,
   Sm_PolicyApi_PasswordMsgField_t**  ppStructMsgField
);

Parameter	I/O	Description
pSessionHandle	I	A pointer to an internal Policy Management API data structure. The structure holds information about the administrator session and the client session.
pszPasswordMsg	I	Encoded error message returned in the pszErrMsg parameter of the function Sm_PolicyApi_SetPassword().
nVersion	O	The version of the SiteMinder password services.
nMsgId	O	The password services message identifier retrieved for the encoded error message. Message identifiers are enumerated in Sm_PolicyApi_PasswordMsgId_t.
nArgs	O	The number of fields in the Sm_PolicyApi_PasswordMsgField_t structure referenced by ppStructMsgField.
ppStructMsgField	O	The address of a pointer to an Sm_PolicyApi_PasswordMsgField_t structure containing the password error message information.

Remarks

SiteMinder password services errors contain a unique message identifier. A message identifier (enumerated in Sm_PolicyApi_PasswordMsgId_t) is returned in the nMsgId parameter of the function Sm_PolicyApi_GetPasswordMsg().

Further, each message identifier is associated with additional information about the error. This additional information is referenced by a field identifier (enumerated in Sm_PolicyApi_PasswordMsgFieldId_t).

For example, suppose an administrator sets the minimum length of a password to seven characters. If a user tries to validate a new password containing just six characters, the following events can occur:

As a result of the failed password validation attempt, Sm_PolicyApi_SetPassword() returns Sm_PolicyApi_InvalidPasswordSyntax.
The Policy Management application responds by calling Sm_PolicyApi_GetPasswordMsg(), passing the encoded error message returned from Sm_PolicyApi_SetPassword() in the pszPasswordMsg parameter.
When Sm_PolicyApi_GetPasswordMsg() returns:
- nMsgId contains Sm_PolicyApi_PasswordMsgId_PasswordShort
- ppStructMsgField points to an Sm_PolicyApi_PasswordMsgField_t structure containing the following additional information about the password error:

Field	Value and Meaning
iStructId	Sm_PolicyApi_PasswordMsgField_ID. The error information relates to a password policy.
nId	Sm_PolicyApi_PasswordMsgField_Id_Min. The error violates a minimum character requirement for the password (the minimum password length).
nType	Sm_PolicyApi_FieldType_Int. The error description is an integer, so nValue is filled and pszMsg is not.
pszMsg	"". Not applicable to this error.
nValue	7. The minimum password length. The length of the requested password was less than this value.

Sm_PolicyApi_GetPasswordPolicy()

Gets the contents of a password policy object.

Type

Password policy function, global scope.

Syntax

int SM_EXTERN Sm_PolicyApi_GetPasswordPolicy (
   void*                           pSessionHandle,
   const char*                     pszPasswordPolicyOid,
   Sm_PolicyApi_PasswordPolicy_t** ppstructPasswordPolicy
);

Parameter	I/O	Description
pSessionHandle	I	A pointer to an internal Policy Management API data structure. The structure holds information about the administrator session and the client session.
pszPassword PolicyOid	I	A null-terminated string containing the object identifier of the password policy.
ppstruct PasswordPolicy	O	The address of a pointer to Sm_PolicyApi_PasswordPolicy_t.

Returns

Sm_PolicyApi_Success. The get was successful.
Sm_PolicyApi_Failure. Memory could not be allocated to Sm_PolicyApi_PasswordPolicy_t.
Sm_PolicyApi_InvalidHandle. There was no valid initialization prior to this call.
Sm_PolicyApi_NoSession. There is no valid administrator session.
Sm_PolicyApi_NoPrivilege. The administrator does not have the privilege to get a password policy.
Sm_PolicyApi_InvalidOid. The password policy OID was not found.

Sm_PolicyApi_GetPasswordPolicyByName()

Gets the contents of a password policy object.

Type

Password policy function, global scope.

Syntax

int SM_EXTERN Sm_PolicyApi_GetPasswordPolicyByName (
   void*                           pSessionHandle,
   const char*                     pszPasswordPolicyName,
   Sm_PolicyApi_PasswordPolicy_t** ppstructPasswordPolicy
);

Parameter	I/O	Description
pSessionHandle	I	A pointer to an internal Policy Management API data structure. The structure holds information about the administrator session and the client session.
pszPassword PolicyName	I	A null-terminated string containing the name of the password policy.
ppstruct PasswordPolicy	O	The address of a pointer to Sm_PolicyApi_PasswordPolicy_t.

Returns

Sm_PolicyApi_Success. The get was successful.
Sm_PolicyApi_Failure. Memory could not be allocated to Sm_PolicyApi_PasswordPolicy_t.
Sm_PolicyApi_InvalidHandle. There was no valid initialization prior to this call.
Sm_PolicyApi_NoSession. There is no valid administrator session.
Sm_PolicyApi_NoPrivilege. The administrator does not have the privilege to get a password policy.
Sm_PolicyApi_NotFound. The password policy name was not found.

Sm_PolicyApi_GetPolicy()

Gets the contents of the policy identified by pszPolicyOid.

The results of this function are returned in a structure referenced by ppstructPolicy. Free the memory allocated for this structure by calling Sm_PolicyApi_FreeMemoryEx().

Type

Policy function, domain scope.

Syntax

int SM_EXTERN Sm_PolicyApi_GetPolicy (
   void*                    pSessionHandle,
   const char*              pszPolicyOid,
   Sm_PolicyApi_Policy_t**  ppstructPolicy
);

Parameter	I/O	Description
pSessionHandle	I	A pointer to an internal Policy Management API data structure. The structure holds information about the administrator session and the client session.
pszPolicyOid	I	A null-terminated string containing the object identifier of an existing policy.
ppstructPolicy	O	The address of a pointer to a policy structure.

Returns

Sm_PolicyApi_Success. The get operation was successful.
Sm_PolicyApi_Failure. Memory could not be allocated to Sm_PolicyApi_Policy_t.
Sm_PolicyApi_InvalidHandle. There was no valid initialization prior to this call.
Sm_PolicyApi_NoSession. There is no valid administrator session.
Sm_PolicyApi_NoPrivilege. The administrator does not have the privilege to get a policy.
Sm_PolicyApi_InvalidOid. The policy OID was not found.

Sm_PolicyApi_GetPolicyByName()

Gets the contents of the policy identified by pszPolicyName and the corresponding pszDomainOid of the Domain in which the policy exists.

The results of this function are returned in a structure referenced by ppstructPolicy. Free the memory allocated for this structure by calling Sm_PolicyApi_FreeMemoryEx().

Type

Policy function, domain scope.

Syntax

int SM_EXTERN Sm_PolicyApi_GetPolicyByName (
   void*                    pSessionHandle,
   const char*              szDomainOid,
   const char*              pszPolicyName,
   Sm_PolicyApi_Policy_t**  ppstructPolicy
);

Parameter	I/O	Description
pSessionHandle	I	A pointer to an internal Policy Management API data structure. The structure holds information about the administrator session and the client session.
szDomainOid	I	A null-terminated string containing the object identifier of an existing domain.
pszPolicyName	I	A null-terminated string containing the name of an existing policy.
ppstructPolicy	O	The address of a pointer to a policy structure.

Returns

Sm_PolicyApi_Success. The get operation was successful.
Sm_PolicyApi_Failure. Memory could not be allocated to Sm_PolicyApi_Policy_t.
Sm_PolicyApi_InvalidHandle. There was no valid initialization prior to this call.
Sm_PolicyApi_NoSession. There is no valid administrator session.
Sm_PolicyApi_NoPrivilege. The administrator does not have the privilege to get a policy.
Sm_PolicyApi_InvalidOid. The Domain OID was not found.
Sm_PolicyApi_NotFound. The policy name was not found.

Sm_PolicyApi_GetPolicyLinks()

Returns a linked list of all of the policy links that are associated with the policy identified by pszPolicyOid.

The linked list returned is referenced by the ppstructPolicyLink structure. Free the memory allocated to these structures by calling Sm_PolicyApi_FreeMemoryEx().

Type

Policy function, domain scope.

Syntax

int SM_EXTERN Sm_PolicyApi_GetPolicyLinks (
   void*                        pSessionHandle,
   const char*                  pszPolicyOid,
   Sm_PolicyApi_PolicyLink_t**  ppstructPolicyLink
);

Parameter	I/O	Description
pSessionHandle	I	A pointer to an internal Policy Management API data structure. The structure holds information about the administrator session and the client session.
pszPolicyOid	I	A null-terminated string containing the object identifier of an existing policy.
ppstructPolicyLink	O	The address of a policy link structure.

Returns

Sm_PolicyApi_Success. The get operation was successful.
Sm_PolicyApi_Failure. Memory is not allocated to Sm_PolicyApi_PolicyLink_t.
Sm_PolicyApi_InvalidHandle. There was no valid initialization prior to this call.
Sm_PolicyApi_NoSession. There is no valid administrator session.
Sm_PolicyApi_NoPrivilege. The administrator does not have the privilege to get a list of policy links.
Sm_PolicyApi_InvalidOid. The policy OID was not found.

Sm_PolicyApi_GetPolicyUsers()

Returns a linked list of Sm_PolicyApi_User_t structures corresponding to the users who are associated with the policy identified by pszPolicyOid and who optionally belong to the user directory identified by pszUserDirOid. Free the memory allocated for this structure by calling Sm_PolicyApi_FreeMemoryEx().

Type

User and user state function.

Syntax

int SM_EXTERN Sm_PolicyApi_GetPolicyUsers (
   void*                   pSessionHandle,
   const char*             pszPolicyOid,
   const char*             pszUserDirOid,
   Sm_PolicyApi_User_t**   ppStructUsers
);

Parameter	I/O	Description
pSessionHandle	I	A pointer to an internal Policy Management API data structure. The structure holds information about the administrator session and the client session.
pszPolicyOid	I	A null-terminated string containing the object identifier of an existing policy.
pszUserDirOid	I	A null-terminated string containing the object identifier of an existing user directory. This parameter is optional. If it is empty, the function returns all the policy users under the specified policy. If it is specified, the function returns policy users who belong to this directory under the specified policy.
ppStructUsers	O	The address of a pointer to a linked list of user structures.

Returns

Sm_PolicyApi_Success. The get operation was successful.
Sm_PolicyApi_Failure. Memory could not be allocated to Sm_PolicyApi_User_t.
Sm_PolicyApi_InvalidHandle. There was no valid initialization prior to this call.
Sm_PolicyApi_NoSession. There is no valid administrator session.
Sm_PolicyApi_NoPrivilege. The administrator does not have the privilege to get users from the policy.
Sm_PolicyApi_InvalidOid:
- The policy OID was not found.
- The user directory OID was not found.

Sm_PolicyApi_GetRealm()

Gets the contents of the realm identified by pszRealmOid.

The results of this function are returned in a structure referenced by ppstructRealm. Free the memory allocated for this structure by calling Sm_PolicyApi_FreeMemoryEx().

Type

Realm function, domain scope.

Syntax

int SM_EXTERN Sm_PolicyApi_GetRealm (
   void*                    pSessionHandle,
   const char*              pszRealmOid, 
   Sm_PolicyApi_Realm_t**   ppstructRealm
);

Parameter	I/O	Description
pSessionHandle	I	A pointer to an internal Policy Management API data structure. The structure holds information about the administrator session and the client session.
pszRealmOid	I	A null-terminated string containing the object identifier of an existing realm.
ppstructRealm	O	The address of a pointer to a realm structure.

Returns

Sm_PolicyApi_Success. The get operation was successful.
Sm_PolicyApi_Failure. Memory could not be allocated for Sm_PolicyApi_Realm_t.
Sm_PolicyApi_NoSession. There is no valid administrator session.
Sm_PolicyApi_InvalidHandle. There was no valid initialization prior to this call.
Sm_PolicyApi_NoPrivilege. The administrator does not have the privilege to get a realm.
Sm_PolicyApi_InvalidOid. The realm OID was not found.

Sm_PolicyApi_GetRealmByName()

Gets the contents of the realm identified by pszRealmName, and the corresponding pszDomainOrParentRealmOid of the Domain in which the Realm exists, or the Oid of the Parent Realm in the case of a child Realm.

The results of this function are returned in a structure referenced by ppstructRealm. Free the memory allocated for this structure by calling Sm_PolicyApi_FreeMemoryEx().

Type

Realm function, domain scope.

Syntax

int SM_EXTERN Sm_PolicyApi_GetRealmByName (
   void*                    pSessionHandle,
   const char*              pszRealmOid, 
   Sm_PolicyApi_Realm_t**   ppstructRealm
);

Parameter	I/O	Description
pSessionHandle	I	A pointer to an internal Policy Management API data structure. The structure holds information about the administrator session and the client session.
szDomainOr ParentRealm Oid	I	A null-terminated string containing the object identifier of an existing Domain or Realm
pszRealmName	I	A null-terminated string containing the name of an existing realm.
ppstructRealm	O	The address of a pointer to a realm structure.

Returns

Sm_PolicyApi_Success. The get operation was successful.
Sm_PolicyApi_Failure. Memory could not be allocated for Sm_PolicyApi_Realm_t.
Sm_PolicyApi_NoSession. There is no valid administrator session.
Sm_PolicyApi_InvalidHandle. There was no valid initialization prior to this call.
Sm_PolicyApi_NoPrivilege. The administrator does not have the privilege to get a realm.
Sm_PolicyApi_InvalidOid. The Domain or parent Realm OID was not found.
Sm_PolicyApi_NotFound The Realm name was not found.

Sm_PolicyAPI_GetRedirectURLFromSAML1xScheme()

Retrieves a redirect URL setting from a SAML 1.x authentication scheme.

Syntax

int SM_EXTERN Sm_PolicyApi_GetRedirectURLFromSAML1xScheme(
        void*        pSessionHandle,
        const char*  pszSchemeOid,
        int          iTypeURL,
        char**       URL,
        int          &redirectMode
);

Parameters

pSessionHandle

[in] A pointer to an internal Policy Management API data structure. The structure holds information about the administrator session and the client session.

pszSchemeOid

[in] A null-terminated string containing the object identifier of the authentication scheme being updated.

iTypeUrl

[in] An integer specifying the type of redirect URL, defined in Sm_PolicyAPI_SAML1_STATUS_REDIRECT_URL_TYPE_t as follows:

Sm_PolicyAPI_SAML1_STATUS_REDIRECT_URL_USER_NOT_FOUND_TYPE = 0
Sm_PolicyAPI_SAML1_STATUS_REDIRECT_URL_INVALID_SSO = 1
Sm_PolicyAPI_SAML1_STATUS_REDIRECT_URL_UNACCEPTABLE_USER_CREDENTIALS = 2

URL

[out] A pointer to the redirect URL from the authentication scheme

redirectMode

[out] An integer specifying the input redirect mode, which is either 0 for 302 No Data, or 1 for Http-Post.

Return Values

Sm_PolicyApi_Success. The action was completed successfully.
Sm_PolicyApi_Failure. The action was unsuccessful.
Sm_PolicyApi_InvalidHandle. There was no valid initialization prior to this call.
Sm_PolicyApi_SchemeNotFound. The authentication scheme corresponding to the OID was not found, or was not a SAML 1.x authentication scheme.
Sm_PolicyApi_InvalidOid. The OID of the authentication scheme is NULL.

Sm_PolicyApi_GetRegistrationScheme()

Gets a registration scheme.

Type

Registration scheme function, global scope.

Syntax

int SM_EXTERN Sm_PolicyApi_GetRegistrationScheme (
   void*                         pSessionHandle,
   const char*                   pszRegistrationSchemeOid,
   Sm_PolicyApi_RegistrationScheme_t** 
                                 ppstructRegistrationScheme
);

Parameter	I/O	Description
pSessionHandle	I	A pointer to an internal Policy Management API data structure. The structure holds information about the administrator session and the client session.
pszRegistration SchemeOid	I	A null-terminated string containing the object identifier of the registration scheme.
ppstruct Registration Scheme	O	The address of a pointer to Sm_PolicyApi_RegistrationScheme_t.

Returns

Sm_PolicyApi_Success. The get was successful.
Sm_PolicyApi_Failure. Memory could not be allocated to Sm_PolicyApi_RegistrationScheme_t.
Sm_PolicyApi_InvalidHandle. There was no valid initialization prior to this call.
Sm_PolicyApi_NoSession. There is no valid administrator session.
Sm_PolicyApi_NoPrivilege. The administrator does not have the privilege to get a registration scheme.
Sm_PolicyApi_InvalidOid. A registration scheme OID was not found.

Sm_PolicyApi_GetRegistrationSchemeByName()

Gets a registration scheme.

Type

Registration scheme function, global scope.

Syntax

int SM_EXTERN Sm_PolicyApi_GetRegistrationSchemeByName (
   void*                         pSessionHandle,
   const char*                   pszRegistrationSchemeName,
   Sm_PolicyApi_RegistrationScheme_t** 
                                 ppstructRegistrationScheme
);

Parameter	I/O	Description
pSessionHandle	I	A pointer to an internal Policy Management API data structure. The structure holds information about the administrator session and the client session.
pszRegistration SchemeName	I	A null-terminated string containing the name of the registration scheme.
ppstruct Registration Scheme	O	The address of a pointer to Sm_PolicyApi_RegistrationScheme_t.

Returns

Sm_PolicyApi_Success. The get was successful.
Sm_PolicyApi_Failure. Memory could not be allocated to Sm_PolicyApi_RegistrationScheme_t.
Sm_PolicyApi_InvalidHandle. There was no valid initialization prior to this call.
Sm_PolicyApi_NoSession. There is no valid administrator session.
Sm_PolicyApi_NoPrivilege. The administrator does not have the privilege to get a registration scheme.
Sm_PolicyApi_NotFound. A registration scheme name was not found.

Sm_PolicyApi_GetRegularExpressions()

Gets a list of regular expressions belonging to the referenced password policy. Implemented only if the session's version is set to SM_POLICY_API_VERSION_6_0.

Type

Regular Expression function.

Syntax

int SM_EXTERN    Sm_PolicyApi_GetRegularExpressions (
   void*                               pSessionHandle,
   const char*                         pszPasswordPolicyOid,
   Sm_PolicyApi_RegularExpression_t**  ppstructRegExpr
);

Parameter	I/O	Description
pSessionHandle	I	A pointer to an internal Policy Management API data structure. The structure holds information about the administrator session and the client session.
pszPassword PolicyOid	I	The OID of the password policy.
ppstructRegExpr	O	Pointer to a linked list of regular expressions belonging to the referenced password policy.

Returns

Sm_PolicyApi_Success. The regular expression list was retrieved successfully.
Sm_PolicyApi_Failure. The regular expression list was not retrieved successfully.
Sm_PolicyApi_NoSession. There is no valid administrator session.
Sm_PolicyApi_InvalidHandle. There was no valid initialization prior to this call.
Sm_PolicyApi_NoPrivilege. The administrator does not have the privilege to get regular expressions.
Sm_PolicyApi_InvalidOid: The password policy OID was not found.

Sm_PolicyApi_GetResponse()

Gets the contents of the response identified by pszResponseOid.

The results of this function are returned in a structure referenced by ppstructResponse. Free the memory allocated for this structure by calling Sm_PolicyApi_FreeMemoryEx().

Type

Response function, domain scope.

Syntax

int SM_EXTERN Sm_PolicyApi_GetResponse (
   void*                      pSessionHandle,
   const char*                pszResponseOid,
   Sm_PolicyApi_Response_t**  ppstructResponse
);

Parameter	I/O	Description
pSessionHandle	I	A pointer to an internal Policy Management API data structure. The structure holds information about the administrator session and the client session.
pszResponseOid	I	A null-terminated string containing the object identifier of an existing response.
ppstructResponse	O	The address of a pointer to a response structure.

Returns

Sm_PolicyApi_Success. The get operation was completed successfully.
Sm_PolicyApi_Failure. Memory could not be allocated to Sm_PolicyApi_Response_t.
Sm_PolicyApi_NoSession. There is no valid administrator session.
Sm_PolicyApi_InvalidHandle. There was no valid initialization prior to this call.
Sm_PolicyApi_NoPrivilege. The administrator does not have the privilege to get a response.
Sm_PolicyApi_InvalidOid. The response OID was not found.

Sm_PolicyApi_GetResponseByName()

Gets the contents of the response identified by pszResponseName and the corresponding pszDomainOid of the Domain in which the response exists.

The results of this function are returned in a structure referenced by ppstructResponse. Free the memory allocated for this structure by calling Sm_PolicyApi_FreeMemoryEx().

Type

Response function, domain scope.

Syntax

int SM_EXTERN Sm_PolicyApi_GetResponseByName (
   void*                      pSessionHandle,
   const char*                szDomainOid,
   const char*                pszResponseName,
   Sm_PolicyApi_Response_t**  ppstructResponse
);

Parameter	I/O	Description
pSessionHandle	I	A pointer to an internal Policy Management API data structure. The structure holds information about the administrator session and the client session.
szDomainOid		A null-terminated string containing the object identifier of an existing Domain.
pszResponseName	I	A null-terminated string containing the name of an existing response.
ppstructResponse	O	The address of a pointer to a response structure.

Returns

Sm_PolicyApi_Success. The get operation was completed successfully.
Sm_PolicyApi_Failure. Memory could not be allocated to Sm_PolicyApi_Response_t.
Sm_PolicyApi_NoSession. There is no valid administrator session.
Sm_PolicyApi_InvalidHandle. There was no valid initialization prior to this call.
Sm_PolicyApi_NoPrivilege. The administrator does not have the privilege to get a response.
Sm_PolicyApi_InvalidOid. The Domain OID was not found.
Sm_PolicyApi_NotFound. The response name was not found.

Sm_PolicyApi_GetResponseAttrs()

Retrieves a linked list of the response attributes that are associated with the response identified by pszResponseOid.

The linked list that is returned is referenced by the ppstructResponseAttr structure. Free the memory allocated for this structure by calling Sm_PolicyApi_FreeMemoryEx().

Type

Response function, domain scope.

Syntax

int SM_EXTERN Sm_PolicyApi_GetResponseAttrs (
   void*                           pSessionHandle,
   const char*                     pszResponseOid,
   Sm_PolicyApi_ResponseAttr_t**   ppstructResponseAttr
);

Parameter	I/O	Description
pSessionHandle	I	A pointer to an internal Policy Management API data structure. The structure holds information about the administrator session and the client session.
pszResponseOid	I	A null-terminated string containing the object identifier of an existing response.
ppstructResponseAttr	O	A pointer to a response attribute structure.

Returns

Sm_PolicyApi_Success. The get operation was successful.
Sm_PolicyApi_Failure. Memory could not be allocated to Sm_PolicyApi_ResponseAttr_t.
Sm_PolicyApi_NoSession. There is no valid administrator session.
Sm_PolicyApi_InvalidHandle. There was no valid initialization prior to this call.
Sm_PolicyApi_NoPrivilege. The administrator does not have the privilege to get a list of response attributes.
Sm_PolicyApi_InvalidOid. The response OID was not found.

Sm_PolicyApi_GetRule()

Gets the contents of the rule identified by pszRuleOid.

The results are returned in a structure referenced by ppstructRule. Free the memory allocated for this structure by calling Sm_PolicyApi_FreeMemoryEx().

Type

Rule function, domain scope.

Syntax

int SM_EXTERN Sm_PolicyApi_GetRule (
   void*                    pSessionHandle,
   const char*              pszRuleOid,
   Sm_PolicyApi_Rule_t**    ppstructRule
);

Parameter	I/O	Description
pSessionHandle	I	A pointer to an internal Policy Management API data structure. The structure holds information about the administrator session and the client session.
pszRuleOid	I	A null-terminated string containing the object identifier of an existing rule.
ppstructRule	O	The address of a pointer to a Sm_PolicyApi_Rule_t structure.

Returns

Sm_PolicyApi_Success. The get operation was successful.
Sm_PolicyApi_Failure. Memory could not be allocated to Sm_PolicyApi_Rule_t.
Sm_PolicyApi_InvalidHandle. There was no valid initialization prior to this call.
Sm_PolicyApi_NoSession. There is no valid administrator session.
Sm_PolicyApi_NoPrivilege. The administrator does not have the privilege to get a rule.
Sm_PolicyApi_InvalidOid. The rule OID was not found.

Sm_PolicyApi_GetRuleByName()

Gets the contents of the rule identified by pszRuleName.

The results are returned in a structure referenced by ppstructRule. Free the memory allocated for this structure by calling Sm_PolicyApi_FreeMemoryEx().

Type

Rule function, domain scope.

Syntax

int SM_EXTERN Sm_PolicyApi_GetRuleByName (
   void*                    pSessionHandle,
   const char*              szRealmOid,
   const char*              pszRuleName,
   Sm_PolicyApi_Rule_t**    ppstructRule
);

Parameter	I/O	Description
pSessionHandle	I	A pointer to an internal Policy Management API data structure. The structure holds information about the administrator session and the client session.
szRealmOid	I	A null-terminated string containing the object identifier of an existing Realm.
pszRuleName	I	A null-terminated string containing the name of an existing rule.
ppstructRule	O	The address of a pointer to a Sm_PolicyApi_Rule_t structure.

Returns

Sm_PolicyApi_Success. The get operation was successful.
Sm_PolicyApi_Failure. Memory could not be allocated to Sm_PolicyApi_Rule_t.
Sm_PolicyApi_InvalidHandle. There was no valid initialization prior to this call.
Sm_PolicyApi_NoSession. There is no valid administrator session.
Sm_PolicyApi_NoPrivilege. The administrator does not have the privilege to get a rule.
Sm_PolicyApi_InvalidOid. The Realm OID was not found.
Sm_PolicyApi_NotFound. The rule name was not found.

Sm_PolicyApi_GetSAMLAffiliation()

Retrieves the SAML affiliation specified by its object identifier in the policy store.

Type

SAML 2.0 Configuration function, global scope.

Syntax

int SM_EXTERN Sm_PolicyApi_GetSAMLAffiliation
(
   void*                               pSessionHandle,
   const char*                         pszAffiliationOid,
   Sm_PolicyApi_SAMLAffiliation_t**    ppstructAffiliation
);

Parameter	I/O	Description
pSessionHandle	I	A pointer to an internal Policy Management API data structure. The structure holds information about the administrator session and the client session.
pszAffiliationOid	I	A null-terminated string containing the policy store object identifier of an existing SAML affiliation.
ppstruct Affiliation	O	The address of a pointer to a SAML affiliation structure.

Returns

Sm_PolicyApi_Success. The SAML affiliation was retrieved successfully.
Sm_PolicyApi_Failure. The SAML affiliation was not retrieved successfully.
Sm_PolicyApi_InvalidHandle. There was no valid initialization prior to this call.
Sm_PolicyApi_NoSession. There is no valid administrator session.
Sm_PolicyApi_NoPrivilege. The administrator does not have the privilege to retrieve a SAML affiliation.
Sm_PolicyApi_InvalidOID. The SAML affiliation OID was not found.

Sm_PolicyApi_GetSAMLAffiliationById()

Retrieves the SAML affiliation specified by its unique affiliation identifier (URI).

Type

SAML 2.0 Configuration function, global scope.

Syntax

int SM_EXTERN Sm_PolicyApi_GetSAMLAffiliationById
(
   void*                               pSessionHandle,
   const char*                         pszAffiliationID,
   Sm_PolicyApi_SAMLAffiliation_t**    ppstructAffiliation
);

Parameter

I/O

Description

pSessionHandle

A pointer to an internal Policy Management API data structure. The structure holds information about the administrator session and the client session.

pszAffiliationID

A null-terminated string containing the unique affiliation identifier of an existing SAML affiliation.

The affiliation identifier is specified in SAML_KEY_AFFILIATION_ID.

ppstruct
Affiliation

The address of a pointer to a SAML affiliation structure.

Returns

Sm_PolicyApi_Success. The SAML affiliation was retrieved successfully.
Sm_PolicyApi_Failure. The SAML affiliation was not retrieved successfully.
Sm_PolicyApi_InvalidHandle. There was no valid initialization prior to this call.
Sm_PolicyApi_NoSession. There is no valid administrator session.
Sm_PolicyApi_NoPrivilege. The administrator does not have the privilege to retrieve a SAML affiliation.

Sm_PolicyApi_GetSAMLScheme()

Retrieves information about a SAML 2.0 authentication scheme and the metadata properties of the associated Identity Provider.

Type

SAML 2.0 Configuration function, global scope.

Syntax

int SM_EXTERN Sm_PolicyApi_GetSAMLScheme
(
   void*                                  pHandle,
   const char*                            pszSchemeOid,
   Sm_PolicyApi_Scheme_t**                ppstructScheme,
   Sm_PolicyApi_SAMLProviderProp_t**      ppProps
);

Parameter	I/O	Description
pHandle	I	A pointer to an internal Policy Management API data structure. The structure holds information about the administrator session and the client session.
pszSchemeOid	I	A null-terminated string containing the object identifier of an existing SAML authentication scheme.
ppstructScheme	O	The address of a pointer to a SAML authentication scheme structure.
ppProps	O	The address of a pointer to a SAML 2.0 metadata properties structure. For information about these properties, see SAML 2.0 Authentication Scheme Properties.

Returns

Sm_PolicyApi_Success. The authentication scheme was retrieved successfully.
Sm_PolicyApi_Failure. The authentication scheme was not retrieved successfully.
Sm_PolicyApi_InvalidHandle. There was no valid initialization prior
to this call.
Sm_PolicyApi_NoSession. There is no valid administrator session.
Sm_PolicyApi_NoPrivilege. The administrator does not have the privilege to retrieve an authentication scheme.
Sm_PolicyApi_InvalidOID. The authentication scheme OID was not found.

Sm_PolicyApi_GetSAMLServiceProvider()

Retrieves the Service Provider specified by its object identifier in the policy store.

Type

SAML 2.0 Configuration function, domain scope.

Syntax

int SM_EXTERN Sm_PolicyApi_GetSAMLServiceProvider
(
   void*                             pSessionHandle,
   const char*                       pszProviderOid,
   Sm_PolicyApi_SAMLSP_t**           pstructSAMLSP
);

Parameter	I/O	Description
pSessionHandle	I	A pointer to an internal Policy Management API data structure. The structure holds information about the administrator session and the client session.
pszProviderOid	I	A null-terminated string containing the policy store object identifier of an existing Service Provider.
ppstructSAMLSP	O	The address of a pointer to a Service Provider structure.

Returns

Sm_PolicyApi_Success. The Service Provider was retrieved successfully.
Sm_PolicyApi_Failure. The Service Provider was not retrieved successfully.
Sm_PolicyApi_InvalidHandle. There was no valid initialization prior
to this call.
Sm_PolicyApi_NoSession. There is no valid administrator session.
Sm_PolicyApi_NoPrivilege. The administrator does not have the privilege to retrieve a Service Provider.
Sm_PolicyApi_InvalidOID. The Service Provider OID was not found.
Sm_PolicyApi_DomainNotAffiliate. The domain is not an affiliate domain.

Sm_PolicyApi_GetSAMLServiceProviderById()

Retrieves the Service Provider specified by its unique provider identifier.

Type

SAML 2.0 Configuration function, domain scope

Syntax

int SM_EXTERN Sm_PolicyApi_GetSAMLServiceProvider
(
   void*                             pSessionHandle,
   const char*                       pszProviderId,
   Sm_PolicyApi_SAMLSP_t**           pstructSAMLSP
);

Parameter

I/O

Description

pSessionHandle

A pointer to an internal Policy Management API data structure. The structure holds information about the administrator session and the client session.

pszProviderId

A null-terminated string containing the unique provider identifier of an existing Service Provider.

The provider identifier is specified in SAML_KEY_SPID.

ppstructSAMLSP

The address of a pointer to a Service Provider structure.

Returns

Sm_PolicyApi_Success. The Service Provider was retrieved successfully.
Sm_PolicyApi_Failure. The Service Provider was not retrieved successfully.
Sm_PolicyApi_InvalidHandle. There was no valid initialization prior
to this call.
Sm_PolicyApi_NoSession. There is no valid administrator session.
Sm_PolicyApi_NoPrivilege. The administrator does not have the privilege to retrieve a Service Provider.
Sm_PolicyApi_InvalidOID. The Service Provider OID was not found.
Sm_PolicyApi_DomainNotAffiliate. The domain is not an affiliate domain.

Sm_PolicyApi_GetSAMLServiceProviderUsers()

Retrieves the user directory entries associated with the specified Service Provider.

Type

SAML 2.0 Configuration function, domain scope.

Syntax

int SM_EXTERN Sm_PolicyApi_GetSAMLServiceProviderUsers
(
   void*                        pSessionHandle,
   const char*                  pszProviderOid,
   const char*                  pszUserDirOid,
   Sm_PolicyApi_User_t**        ppStructUsers
);

Parameter	I/O	Description
pSessionHandle	I	A pointer to an internal Policy Management API data structure. The structure holds information about the administrator session and the client session.
pszProviderOid	I	A null-terminated string containing the policy store object identifier of an existing Service Provider.
pszUserDirOid	I	A null-terminated string containing the policy store object identifier of an existing user.
ppStructUsers	O	The address of a pointer to user structures.

Returns

Sm_PolicyApi_Success. The users were retrieved successfully.
Sm_PolicyApi_Failure. The users were not retrieved successfully.
Sm_PolicyApi_InvalidHandle. There was no valid initialization prior to this call.
Sm_PolicyApi_NoSession. There is no valid administrator session.
Sm_PolicyApi_NoPrivilege. The administrator does not have the privilege to retrieve users.
Sm_PolicyApi_InvalidOid. The affiliate OID was not found.

Sm_PolicyApi_GetScheme()

Gets the contents of the authentication scheme identified by pszSchemeOid. The results of this function are returned in a structure referenced by ppstructScheme.

Free the memory allocated for this structure by calling Sm_PolicyApi_FreeMemoryEx().

Type

Authentication scheme function, global scope.

Syntax

int SM_EXTERN Sm_PolicyApi_GetScheme (
   void*                     pSessionHandle,
   const char*               pszSchemeOid,
   Sm_PolicyApi_Scheme_t**   ppstructScheme
);

Parameter	I/O	Description
pSessionHandle	I	A pointer to an internal Policy Management API data structure. The structure holds information about the administrator session and the client session.
pszSchemeOid	I	A null-terminated string containing the object identifier of an existing scheme.
ppstructScheme	O	The address of a pointer to a scheme structure.

Returns

Sm_PolicyApi_Success. The get operation was successful.
Sm_PolicyApi_Failure. Memory could not be allocated to Sm_PolicyApi_Scheme_t.
Sm_PolicyApi_InvalidHandle. There was no valid initialization prior to this call.
Sm_PolicyApi_NoSession. There is no valid administrator session.
Sm_PolicyApi_NoPrivilege. The administrator does not have the privilege to get a scheme.
Sm_PolicyApi_InvalidOid. The scheme OID was not found.

Sm_PolicyApi_GetSchemeByName()

Gets the contents of the authentication scheme identified by pszSchemeName. The results of this function are returned in a structure referenced by ppstructScheme.

Free the memory allocated for this structure by calling Sm_PolicyApi_FreeMemoryEx().

Type

Authentication scheme function, global scope.

Syntax

int SM_EXTERN Sm_PolicyApi_GetSchemeByName (
   void*                     pSessionHandle,
   const char*               pszSchemeName,
   Sm_PolicyApi_Scheme_t**   ppstructScheme
);

Parameter	I/O	Description
pSessionHandle	I	A pointer to an internal Policy Management API data structure. The structure holds information about the administrator session and the client session.
pszSchemeName	I	A null-terminated string containing the name of an existing scheme.
ppstructScheme	O	The address of a pointer to a scheme structure.

Returns

Sm_PolicyApi_Success. The get operation was successful.
Sm_PolicyApi_Failure. Memory could not be allocated to Sm_PolicyApi_Scheme_t.
Sm_PolicyApi_InvalidHandle. There was no valid initialization prior to this call.
Sm_PolicyApi_NoSession. There is no valid administrator session.
Sm_PolicyApi_NoPrivilege. The administrator does not have the privilege to get a scheme.
Sm_PolicyApi_NotFound. The scheme name was not found.

Sm_PolicyApi_GetSharedSecretPolicy()

Gets the current SharedSecretPolicy.

Returns the current shared secret policy object. There will always be exactly one such object, so it is not necessary to specify its OID.

Type

Agent configuration.

Syntax

int SM_EXTERN Sm_PolicyApi_GetSharedSecretPolicy (
   void*                                pSessionHandle,
   Sm_PolicyApi_SharedSecretPolicy_t**  ppstructSecretPolicy
);

Parameter	I/O	Description
pSessionHandle	I	The current Policy API session handle.
ppstructSecret Policy	I/O	Address of pointer to shared secret policy structure

Returns

Sm_PolicyApi_Success. The operation was successful.
Sm_PolicyApi_Failure. Generalized failure.
Sm_PolicyApi_InvalidHandle. The session handle was invalid.
Sm_PolicyApi_NoSession. The user is not logged in.
Sm_PolicyApi_NoPrivilege. User does not have rights to manage objects.

Sm_PolicyApi_GetTargetConfigFromSAML1xScheme

Retrieves a target configuration setting from a SAML 1.x authentication scheme.

Syntax

The Sm_PolicyApi_GetTargetConfigFromSAML1xScheme function has the following syntax:

int SM_EXTERN Sm_PolicyApi_GetTargetConfigFromSAML1xScheme(
        void*        pHandle,
        const char*  pszSchemeOid,
        char**       pszDefaultTarget,
        int*         iQPOverridesTarget
);

Parameters

The Sm_PolicyApi_GetTargetConfigFromSAML1xScheme function accepts the following parameters:

pSessionHandle: [in] A pointer to an internal Policy Management API data structure. The structure holds information about the administrator session and the client session.
pszSchemeOid: [in] A null-terminated string containing the object identifier of the authentication scheme being updated.
pszDefaultTarget: [out] Specifies the target configuration. The calling program must free up this memory by calling the Sm_PolicyApi_FreeMemory() function.
iQPOverridesTarget: [out] Specifies the value of the 'Query parameter override Default Target' check box. The calling program is responsible for passing allocated memory.

Return Values

The Sm_PolicyApi_GetTargetConfigFromSAML1xScheme function returns one of the following values:

Sm_PolicyApi_Success. The action was completed successfully.
Sm_PolicyApi_Failure. The action was unsuccessful.
Sm_PolicyApi_InvalidHandle. There was no valid initialization prior to this call.
Sm_PolicyApi_SchemeNotFound. The authentication scheme corresponding to the OID was not found, or was not a SAML 1.x authentication scheme.
Sm_PolicyApi_InvalidOid. The OID of the authentication scheme is NULL.

Sm_PolicyApi_GetTrustedHost()

Retrieves an existing trusted host object.

Type

Agent configuration function, global scope.

Syntax

int SM_EXTERN Sm_PolicyApi_GetTrustedHost (
   void*                           pSessionHandle,
   const char*                     pszTrustedHostOid,
   Sm_PolicyApi_TrustedHost_t**    ppstructTrustedHost
);

Parameter	I/O	Description
pSessionHandle	I	A pointer to an internal Policy Management API data structure. The structure holds information about the administrator session and the client session.
pszTrustedHostOid	I	Unique identifier of the trusted host object to retrieve.
ppstructTrustedHost	O	Address of a pointer to a structure that defines the trusted host object. The function allocates the structure.

Returns

Sm_PolicyApi_Success. The get operation was successful.
Sm_PolicyApi_Failure. Generalized failure.
Sm_PolicyApi_InvalidOid. The unique ID does not correspond to a trusted host object.
Sm_PolicyApi_NoPrivilege. The caller does not have the privilege to get a trusted host object.
Sm_PolicyApi_InvalidHandle. The session pointer is not valid.
Sm_PolicyApi_NoSession. The API user is not properly logged in.

Sm_PolicyApi_GetTrustedHostByName()

Retrieves an existing trusted host object.

Type

Agent configuration function, global scope.

Syntax

int SM_EXTERN Sm_PolicyApi_GetTrustedHostByName (
   void*                           pSessionHandle,
   const char*                     pszTrustedHostName,
   Sm_PolicyApi_TrustedHost_t**    ppstructTrustedHost
);

Parameter	I/O	Description
pSessionHandle	I	A pointer to an internal Policy Management API data structure. The structure holds information about the administrator session and the client session.
pszTrustedHostName	I	Unique name of the trusted host object to retrieve.
ppstructTrustedHost	O	Address of a pointer to a structure that defines the trusted host object. The function allocates the structure.

Returns

Sm_PolicyApi_Success. The get operation was successful.
Sm_PolicyApi_Failure. Generalized failure.
Sm_PolicyApi_NotFound. The unique name does not correspond to a trusted host object.
Sm_PolicyApi_NoPrivilege. The caller does not have the privilege to get a trusted host object.
Sm_PolicyApi_InvalidHandle. The session pointer is not valid.
Sm_PolicyApi_NoSession. The API user is not properly logged in.

Sm_PolicyApi_GetUseSecureAuthPropFromAffiliate()

Retrieves the value of the UseSecureAuthURL property from a SAML 1.x affiliate.

Syntax

int SM_EXTERN Sm_PolicyApi_GetUseSecureAuthPropFromAffiliate(
   void*    pHandle,
   char*    pszAffiliateOID,
   bool     &bUseSecureAuthURL
                           
);

Parameters

pHandle: [in] A pointer to an internal Policy Management API data structure. The structure holds information about the administrator session and the client session.
pszAffiliateOid: [in] A pointer to the OID of an existing SMAL 1.x affiliate.
bUseSecureAuthURL: [in] A Boolean value that specifies whether to use a secure authentication URL for this affiliate.

Returns

Sm_PolicyApi_Success. The action was completed successfully.
Sm_PolicyApi_Failure. The action was unsuccessful.
Sm_PolicyApi_NoSession. There was no valid initialization prior to this call.
Sm_PolicyApi_NoPrivilege. The administrator did not have sufficient access privileges.

Sm_PolicyApi_GetUserContext()

Allows callers of the Policy Management API to access user context information.

Type

User directory function, global scope.

Syntax

int SM_EXTERN Sm_PolicyApi_GetUserContext (
   void                         *pSessionHandle,
   const char                   *lpszUserDirOid,
   const char                   *lpszUserPath,
   const char                   *lpszSessionID,
   Sm_PolicyApi_UserContext_t   **ppPolicyApiUserContext);
);

Parameter	I/O	Description
pSessionHandle	I	A pointer to an internal Policy Management API data structure. The structure holds information about the administrator session and the client session.
lpszUserDirOid	I	A null-terminated string containing the object identifier of the user directory for the user specified in lpszUserPath.
lpszUserPath	I	The distinguished name of the user.
lpszSessionID	I	A unique identifier of the session. After a successful login, the session ID is returned in the lpszSessionId field of the structure Sm_AgentApi_Session_t. If the session ID is not known, assign an empty string ("") to this parameter.
ppPolicyApi UserContext	O	The user context information that SiteMinder passes to the function.

Remarks

This function allows an application to access information about a user without having to connect to the underlying user directory. To retrieve the user information, the application calls the functions in the Sm_Api_UserContext_t structure, which is returned in ppPolicyApiUserContext.For example:

Calling fGetProp or fSetProp to get or set a user attribute.
Calling fAuthenticate to verify a user's password.
Calling fGetProp to search the directory and examine the results to verify that the correct user has been found.
Calling fGetProp to retrieve an attribute for a user who is not the logged-in user.

Important! After calling Sm_GetUserContext(), release the allocated memory by calling Sm_PolicyApi_FreeMemoryEx(). Otherwise, you can possibly see some Policy Server performance degradation.

Returns

Sm_PolicyApi_Success. The get operation was successful.
Sm_PolicyApi_Failure. The get operation was not successful.
Sm_PolicyApi_NoSession. There is no valid administrator session.
Sm_PolicyApi_Invalid. The specified user or directory was not valid.
Sm_PolicyApi_InvalidHandle. There was no valid initialization prior to this call.
Sm_PolicyApi_NoPrivilege. The administrator does not have the privilege to get a user directory.

Sm_PolicyApi_GetUserDir()

Gets the contents of the user directory identified by pszUserDirOid.

The results of this function are returned in a structure referenced by ppstructUserDir. Free the memory allocated for this structure by calling Sm_PolicyApi_FreeMemoryEx().

Type

User directory function, global scope.

Syntax

int SM_EXTERN Sm_PolicyApi_GetUserDir (
   void*                      pSessionHandle,
   const char*                pszUserDirOid,
   Sm_PolicyApi_UserDir_t**   ppstructUserDir
);

Parameter	I/O	Description
pSessionHandle	I	A pointer to an internal Policy Management API data structure. The structure holds information about the administrator session and the client session.
pszUserDirOid	I	A null-terminated string containing the object identifier of an existing user directory.
ppstructUserDir	O	Address of a pointer to a user directory structure.

Returns

Sm_PolicyApi_Success. The get operation was successful.
Sm_PolicyApi_Failure. Memory could not be allocated for Sm_PolicyApi_UserDir_t.
Sm_PolicyApi_NoSession. There is no valid administrator session.
Sm_PolicyApi_InvalidHandle. There was no valid initialization prior to this call.
Sm_PolicyApi_NoPrivilege. The administrator does not have the privilege to get a user directory.
Sm_PolicyApi_InvalidOid. The user directory OID was not found.

Sm_PolicyApi_GetUserDirByName()

Gets the contents of the user directory identified by pszUserDirName

The results of this function are returned in a structure referenced by ppstructUserDir. Free the memory allocated for this structure by calling Sm_PolicyApi_FreeMemoryEx().

Type

User directory function, global scope.

Syntax

int SM_EXTERN Sm_PolicyApi_GetUserDirByName (
   void*                      pSessionHandle,
   const char*                pszUserDirName,
   Sm_PolicyApi_UserDir_t**   ppstructUserDir
);

Parameter	I/O	Description
pSessionHandle	I	A pointer to an internal Policy Management API data structure. The structure holds information about the administrator session and the client session.
pszUserDirName	I	A null-terminated string containing the name of an existing user directory.
ppstructUserDir	O	Address of a pointer to a user directory structure.

Returns

Sm_PolicyApi_Success. The get operation was successful.
Sm_PolicyApi_Failure. Memory could not be allocated for Sm_PolicyApi_UserDir_t.
Sm_PolicyApi_NoSession. There is no valid administrator session.
Sm_PolicyApi_InvalidHandle. There was no valid initialization prior to this call.
Sm_PolicyApi_NoPrivilege. The administrator does not have the privilege to get a user directory.
Sm_PolicyApi_NotFound. The user directory name was not found.

Sm_PolicyApi_GetUserDirCapabilities()

Retrieves the user directory capabilities.

The user directory capabilities are enumerated in Sm_DirectoryCapability_t in SmApi.h.

Type

User directory function, global scope.

Syntax

int SM_EXTERN Sm_PolicyApi_GetUserDirCapabilities (
   void*             pSessionHandle,
   const char*       pszUserDirOid,
   unsigned long*    pCapabilities
);

Parameter	I/O	Description
pSessionHandle	I	A pointer to an internal Policy Management API data structure. The structure holds information about the administrator session and the client session.
pszUserDirOid	I	A null-terminated string containing the object identifier of the user directory where the lookup has to be performed.
pCapabilities	O	The address of a pointer to an unsigned long that will hold information about directory capability. Directory capabilities are enumerated in Sm_DirectoryCapability_t, which is defined in the header file SmApi.h. See Figure 12 on page 103.

Returns

Sm_PolicyApi_Success. The retrieve was successful.
Sm_PolicyApi_NoSession. There is no valid administrator session.
Sm_PolicyApi_InvalidHandle. There was no valid initialization prior to this call.
Sm_PolicyApi_NoPrivilege. The administrator does not have the privilege to retrieve user directory capability.
Sm_PolicyApi_InvalidOid. The user directory OID was not found.

Sm_PolicyApi_GetUserDirSearchOrder()

Retrieves the OIDs of the user directory objects that are associated with the domain identified by pszDomainOid.

The retrieved list of OIDs is stored in the pszArray string array in the order in that they are searched by SiteMinder. Free the memory allocated for this structure by calling Sm_PolicyApi_FreeStringArray().

Type

User directory function, global scope.

Syntax

int SM_EXTERN Sm_PolicyApi_GetUserDirSearchOrder (
   void*         pSessionHandle,
   const char*   pszDomainOid,
   char**        pszArray[]
);

Parameter	I/O	Description
pSessionHandle	I	A pointer to an internal Policy Management API data structure. The structure holds information about the administrator session and the client session.
pszDomainOid	I	A null-terminated string containing the object identifier of an existing domain.
pszArray	O	The returned array of user directory OIDs of the requested objects.

Returns

Sm_PolicyApi_Success. The function successfully returned the user directory search order.
Sm_PolicyApi_NoSession. There is no valid administrator session.
Sm_PolicyApi_InvalidHandle. There was no valid initialization prior to this call.
Sm_PolicyApi_NoPrivilege. The administrator does not have the privilege to get user directory search order in a domain.
Sm_PolicyApi_InvalidOid. The domain OID was not found.

Sm_PolicyApi_GetUserGroups()

Gets the list of groups that a user is member of.

Type

User and user state function.

Syntax

int SM_EXTERN Sm_PolicyApi_GetUserGroups (
   void *          pSessionHandle,
   const char *    pszUserDirOid,
   const char *    pszUserDN,
   const bool      bRecursive,
   char**          pszGroups[]
);

Parameter	I/O	Description
pSessionHandle	I	A pointer to an internal Policy Management API data structure. The structure holds information about the administrator session and the client session.
pszUserDirOid	I	The user's object identifier.
pszUserDN	I	The user's distinguished name.
bRecursive	I	Value indicating whether to search just one level or all levels. If you specify True, all levels are searched.
pszGroups	O	Array that will contain the groups that the user belongs to. Free the memory allocated for the array by calling Sm_PolicyApi_FreeStringArray().

Returns

Sm_PolicyApi_Success. The get operation was successful.
Sm_PolicyApi_Failure. The get operation was not successful.
Sm_PolicyApi_Invalid. There was no valid directory for the specified user OID and DN.
Sm_PolicyApi_InvalidHandle. There was no valid initialization prior to this call.
Sm_PolicyApi_InvalidOid. The directory OID was not found (for a directory-based group).
Sm_PolicyApi_NoSession. There is no valid administrator session.
Sm_PolicyApi_NoPrivilege. The administrator does not have the privilege to get the groups.

Sm_PolicyApi_GetUserPasswordState()

Returns Sm_Api_UserPasswordState_t. The memory for the Sm_Api_UserPasswordState_t object should be allocated by the calling function.

Type

Password state function.

Syntax

int SM_EXTERN Sm_PolicyApi_GetUserPasswordState (
   void       *pSessionHandle,
   const char *pszUserDirOid,
   const char *pszUserDN,
   Sm_PolicyApi_UserPasswordState_t *pPasswordState
);

Parameter	I/O	Description
pSessionHandle	I	A pointer to an internal Policy Management API data structure. The structure holds information about the administrator session and the client session.
pszUserDirOid	I	Unique object identifier that corresponds to a particular User Directory.
pszUserDN	I	Specifies the DN of the user within the user directory.
pPasswordState	O	The user password state object.

Returns

Sm_PolicyApi_Success. The get operation was successful.
Sm_PolicyApi_Failure. Generalized failure.
Sm_PolicyApi_InvalidHandle. The session pointer is not valid.
Sm_PolicyApi_BadArgument. The input password state pointer is NULL.
Sm_PolicyApi_NoSession. The API user is not properly logged in.
Sm_PolicyApi_InvalidOid. The unique ID does not correspond to User Directory object.
Sm_PolicyApi_UserDirNotFound. Failed to retrieve User Directory object from policy store.
Sm_PolicyApi_ErrorUserDir. Invalid User Directory object or wrong user DN.
Sm_PolicyApi_NoPrivilege. The caller does not have the proper privileges.

Sm_PolicyApi_GetUsersFromWSFEDResourcePartner()

Gets the user directory entries associated with a WS-Federation Resource Partner.

Syntax

int SM_EXTERN Sm_PolicyApi_GetUsersFromWSFEDResourcePartner (
        void* pSessionHandle,
        const char * pszProviderOid,
        const char * pszUserPolicyOid,
       Sm_PolicyApi_User_t ** ppStructUsers
);

Parameters

pSessionHandle: [in] A pointer to an internal Policy Management API data structure. The structure holds information about the administrator session and the client session.
pszProviderOid: [in] A null-terminated string containing the object identifier of an existing WS-Federation Resource Partner.
pszUserPolicyOid: [in] A null-terminated string containing the object identifier of an existing policy user.
ppStructUsers: [out] The address of a pointer to a linked list of user structures.

Return Values

Sm_PolicyApi_Success. The user directory was added successfully.
Sm_PolicyApi_Failure. The user directory was not added successfully.
Sm_PolicyApi_InvalidHandle. There was no valid initialization prior to this call.
Sm_PolicyApi_NoSession. There is no valid administrator session.
Sm_PolicyApi_NoPrivilege. The administrator does not have the privilege to retrieve users.
Sm_PolicyApi_InvalidOid. The affiliate OID was not found.

Sm_PolicyApi_GetVariable()

Gets a specified variable.

The results of this function are returned in a structure referenced by ppstructVariable. Free the memory allocated for this structure by calling Sm_PolicyApi_FreeMemoryEx().

Type

Variable function.

Syntax

int SM_EXTERN Sm_PolicyApi_GetVariable (
   void*                       pSessionHandle,
   const char*                 pszVariableOid,
   Sm_PolicyApi_Variable_t**   ppstructVariable
);

Parameter	I/O	Description
pSessionHandle	I	A pointer to an internal Policy Management API data structure. The structure holds information about the administrator session and the client session.
pszVariableOid	I	Unique object identifier that corresponds to a variable.
ppstructVariable	O	The address of a pointer to a variable structure.

Returns

Sm_PolicyApi_Success. The get was successful.
Sm_PolicyApi_Failure. Memory could not be allocated to Sm_PolicyApi_Variable_t.
Sm_PolicyApi_InvalidHandle. There was no valid initialization prior to this call.
Sm_PolicyApi_NoSession. There is no valid administrator session.
Sm_PolicyApi_NoPrivilege. The administrator does not have the privilege to obtain a variable.
Sm_PolicyApi_InvalidOid. The variable object identifier was not found.
Sm_PolicyApi_FeatureNotSupported. The client who called this function initialized the API with a version less than SM_POLICY_API_VERSION_6_0.

Sm_PolicyApi_GetVariableByName()

Gets a specified variable.

The results of this function are returned in a structure referenced by ppstructVariable. Free the memory allocated for this structure by calling Sm_PolicyApi_FreeMemoryEx().

Type

Variable function.

Syntax

int SM_EXTERN Sm_PolicyApi_GetVariableByName (
   void*                       pSessionHandle,
   const char*                 pszVariableName,
   Sm_PolicyApi_Variable_t**   ppstructVariable
);

Parameter	I/O	Description
pSessionHandle	I	A pointer to an internal Policy Management API data structure. The structure holds information about the administrator session and the client session.
pszDomainOid	I	A null-terminated string containing the object identifier of an existing Domain.
pszVariableName	I	Unique name that corresponds to a variable.
ppstructVariable	O	The address of a pointer to a variable structure.

Returns

Sm_PolicyApi_Success. The get was successful.
Sm_PolicyApi_Failure. Memory could not be allocated to Sm_PolicyApi_Variable_t.
Sm_PolicyApi_InvalidHandle. There was no valid initialization prior to this call.
Sm_PolicyApi_NoSession. There is no valid administrator session.
Sm_PolicyApi_NoPrivilege. The administrator does not have the privilege to obtain a variable.
Sm_PolicyApi_InvalidOid. The Domain OID was not found.
Sm_PolicyApi_NotFound. The variable name was not found.
Sm_PolicyApi_FeatureNotSupported. The client who called this function initialized the API with a version less than SM_POLICY_API_VERSION_6_0.

Sm_PolicyApi_GetVariableType()

Gets a specified variable type.

The results of this function are returned in a structure referenced by ppstructVariable. Free the memory allocated for this structure by calling Sm_PolicyApi_FreeMemoryEx().

Type

Variable function.

Syntax

int SM_EXTERN Sm_PolicyApi_GetVariableType (
   void*                           pSessionHandle,
   const char*                     pszVariableTypeOid,
   Sm_PolicyApi_VariableType_t**   ppstructVariableType
);

Parameter	I/O	Description
pSessionHandle	I	A pointer to an internal Policy Management API data structure. The structure holds information about the administrator session and the client session.
pszVariableOid	I	Unique object identifier that corresponds to a variable type.
ppstructVariable	O	The address of a pointer to a variable structure.

Returns

Sm_PolicyApi_Success. The get was successful.
Sm_PolicyApi_Failure. Memory could not be allocated to Sm_PolicyApi_Variable_t.
Sm_PolicyApi_InvalidHandle. There was no valid initialization prior to this call.
Sm_PolicyApi_NoSession. There is no valid administrator session.
Sm_PolicyApi_NoPrivilege. The administrator does not have the privilege to obtain the variable type.
Sm_PolicyApi_InvalidOid. The variable type object identifier was not found.
Sm_PolicyApi_FeatureNotSupported. The client who called this function initialized the API with a version less than SM_POLICY_API_VERSION_6_0.

Sm_PolicyApi_GetVariableTypeByName()

Gets a specified variable type.

The results of this function are returned in a structure referenced by ppstructVariable. Free the memory allocated for this structure by calling Sm_PolicyApi_FreeMemoryEx().

Type

Variable function.

Syntax

int SM_EXTERN Sm_PolicyApi_GetVariableTypeByName (
   void*                           pSessionHandle,
   const char*                     pszVariableTypeName,
   Sm_PolicyApi_VariableType_t**   ppstructVariableType
);

Parameter	I/O	Description
pSessionHandle	I	A pointer to an internal Policy Management API data structure. The structure holds information about the administrator session and the client session.
pszVariableName	I	Unique name that corresponds to a variable type.
ppstructVariable	O	The address of a pointer to a variable structure.

Returns

Sm_PolicyApi_Success. The get was successful.
Sm_PolicyApi_Failure. Memory could not be allocated to Sm_PolicyApi_Variable_t.
Sm_PolicyApi_InvalidHandle. There was no valid initialization prior to this call.
Sm_PolicyApi_NoSession. There is no valid administrator session.
Sm_PolicyApi_NoPrivilege. The administrator does not have the privilege to obtain the variable type.
Sm_PolicyApi_NotFound The variable type object identifier was not found.
Sm_PolicyApi_FeatureNotSupported. The client who called this function initialized the API with a version less than SM_POLICY_API_VERSION_6_0.

Sm_PolicyApi_GetWSFEDResourcePartner()

Gets an existing Resource Partner object.

Syntax

int SM_EXTERN Sm_PolicyApi_GetWSFEDResourcePartner (
        void* pSessionHandle,
        const char * pszProviderOid;
        Sm_PolicyApi_WSFEDResourcePartner_t** pstructServiceProvider
);

Parameters

pSessionHandle: [in] A pointer to an internal Policy Management API data structure. The structure holds information about the administrator session and the client session.
pszProviderOid: [in] A null-terminated string containing the object identifier of an existing WS-Federation Resource Partner.
pstructServiceProvider: [out] The address of the pointer to WS-Federation Resource Partner structure.

Return Values

Sm_PolicyApi_Success. The Resource Partner was retrieved successfully.
Sm_PolicyApi_Failure. The Resource Partner was not retrieved successfully.
Sm_PolicyApi_InvalidHandle. There was no valid initialization prior to this call.
Sm_PolicyApi_NoSession. There is no valid administrator session.
Sm_PolicyApi_NoPrivilege. The administrator does not have the privilege to retrieve an affiliate.
Sm_PolicyApi_InvalidOID. The Resource Partner OID was not found.
Sm_PolicyApi_DomainNotAffiliate. The domain is not an affiliate domain

Sm_PolicyApi_GetWSFEDScheme()

Gets an existing WSFED authentication scheme object.

Syntax

int SM_EXTERN Sm_PolicyApi_GetWSFEDScheme (
        void* pSessionHandle,
        const char * pszProviderOid,
        Sm_PolicyApi_Scheme_t** ppstructScheme,
        Sm_PolicyApi_WSFEDProviderProp_t** ppProps
);

Parameters

pSessionHandle: [in] A pointer to an internal Policy Management API data structure. The structure holds information about the administrator session and the client session.
pszProviderOid: [in] A null-terminated string containing the object identifier of an existing WSFED auth scheme.
ppstructScheme: [out] The address of the pointer to SiteMinder auth scheme structure.
ppProps: [out] The address of the pointer to linked list WSFED provider properties.

Return Values

Sm_PolicyApi_Success. The authentication scheme was retrieved successfully.
Sm_PolicyApi_Failure. The authentication scheme was not retrieved successfully.
Sm_PolicyApi_InvalidHandle. There was no valid initialization prior to this call.
Sm_PolicyApi_NoSession. There is no valid administrator session.
Sm_PolicyApi_NoPrivilege. The administrator does not have the privilege to retrieve an affiliate.
Sm_PolicyApi_InvalidOID. The provider OID was not found.

Sm_PolicyApi_Init()

Initializes the connection to the SiteMinder policy store and establishes the init handle.

You can specify an initialization flag that will affect the API's behavior.

This function must be called once per API client session. It must be the first function called in the session.

Type

Required function.

Syntax

int SM_EXTERN Sm_PolicyApi_Init (
   void**                           ppInitHandle,
   const Sm_PolicyApi_InitFlags_t   nInitFlag
);

Parameter	I/O	Description
ppInitHandle	O	A pointer to an internal Policy Management API data structure that contains client session information. This init handle is returned on successful initialization and is used as an input parameter to every call to Sm_PolicyApi_Login() and Sm_PolicyApi_Release().
nInitFlag	I	Value affecting the behavior of the API.

Returns

Sm_PolicyApi_Success. The initialization of the Policy Store connection was successful.
Sm_PolicyApi_Failure. The initialization of the Policy Store connection was unsuccessful or memory could not be allocated.

Sm_PolicyApi_InitEx()

Initializes a connection to the SiteMinder policy store and establishes the init handle based on a supplied version.

Type

Required function.

Syntax

int SM_EXTERN Sm_PolicyApi_InitEx (
   void**                           ppInitHandle,
   const Sm_PolicyApi_InitFlags_t   nInitFlag,
   const unsigned                   version
)

Parameter	I/O	Description
ppInitHandle	O	A pointer to an internal Policy Management API data structure that contains client session information.
nInitFlag	I	Value affecting the behavior of the API.
version	I	Version of the Policy Management API to initialize.

Returns

Sm_PolicyApi_Success. The initialization of the Policy Store connection was successful.
Sm_PolicyApi_Failure. The initialization of the Policy Store connection was unsuccessful or memory could not be allocated.

Sm_PolicyApi_IsGroup()

Determines whether an item is a group.

Type

Group function, global scope (agents) or domain scope (responses, rules).

Syntax

int SM_EXTERN Sm_PolicyApi_IsGroup (
   void*                   pSessionHandle,
   Sm_PolicyApi_Groups_t   dwGroup,
   const char*             pszOid,
   const char*             pszDomainOid,
   bool*                   bIsGroup
);

Parameter	I/O	Description
pSessionHandle	I	A pointer to an internal Policy Management API data structure. The structure holds information about the administrator session and the client session.
dwGroup	I	Indicates the type of the object.
pszOid	I	A null-terminated string containing the object identifier of the item to check.
pszDomainOid	I	A null-terminated string containing the object identifier of an existing domain.
bIsGroup	O	A pointer to a boolean value. true if the pszOid object is a group.

Returns

Sm_PolicyApi_Success. The OID is a group.
Sm_PolicyApi_Failure. The OID is not a group.
Sm_PolicyApi_InvalidHandle. There was no valid initialization prior to this call.
Sm_PolicyApi_NoSession. There is no valid administrator session.
Sm_PolicyApi_NoPrivilege. The administrator does not have the privilege to find out if a rule, response, or agent OID is a group.
Sm_PolicyApi_InvalidOid:
- The domain OID was not found (for a domain-based group).
- The group OID was not found.
- The rule, response, or agent OID or group OID was not found.
Sm_PolicyApi_BadGroup. Parameter dwGroup is not the rule, response, or agent type.

Sm_PolicyApi_Login()

After initialization, a successful call to Sm_PolicyApi_Login() is a prerequisite to making any further function calls. This function checks the administrator's login credentials (username and password). If the API detects an uninitialized or improperly initialized init handle, an error is generated. If the administrator is authenticated, the function initializes internal data structures and resources. Once the administrator is logged in, the Policy Server initializes a session handle, which is used as an input parameter to all the Policy Management API functions.

Internally, the session handle contains data structures and context information required for the operation of the Policy Management API, including the client session data (from the init handle) and the administrator session data. The data structures and context information are transparent to the caller.

You can call Sm_PolicyApi_Login() to initialize a session handle without checking the administrator's credentials or without specifying any administrator. To log in under either of these circumstances, set the parameter nCheckCreds to false. See the description of the nCheckCreds parameter for more information.

This function can be called more than once during the client session and depends on the successful initialization of the Policy Store connection.

Type

Required function.

Syntax

int SM_EXTERN Sm_PolicyApi_Login (
   void*           pInitHandle,
   void**          ppSessionHandle,
   int             nCheckCreds,
   const char*     pszUserName,
   const char*     pszPassword,
   const char*     pszClientIP,
   char**          pszUserMsg,
   char**          pszErrMsg
);

Parameter	I/O	Description
pInitHandle	I	A pointer to an internal Policy Management API data structure. This is the init handle returned by Sm_PolicyApi_Init().
ppSessionHandle	O	A pointer to an internal Policy Management API data structure (a different instance of the structure from pInitHandle). The structure contains administrator session data. The session handle is transparent to the caller.
nCheckCreds	I	Flag indicating whether to check the credentials of the administrator, as follows: If nCheckCreds is false and an empty string ( "" ) is passed in pszUserName, no credential checking is done, and the caller is granted all administrator rights. If nCheckCreds is false and a user name is passed in pszUserName, no credential checking is done. However, the passed name must be that of a valid SiteMinder administrator. The caller is granted rights defined for the administrator. If nCheckCreds is true, both the user name and the password are verified and should match a valid SiteMinder administrator. The caller is granted rights defined for the administrator.
pszUserName	I	User Name of the Policy Management API administrator. If you pass in an empty string ( "" ) and set nCheckCreds to false, no administrator name and password are required. The caller is granted all administrator rights.
pszPassword	I	Password of the Policy Management API administrator.
pszClientIP	I	IP address of the machine the administrator is logging from.
pszUserMsg	O	User message returned by the Policy Management API. You release the memory allocated for this variable by calling Sm_PolicyApi_FreeString().
pszErrMsg	O	Error message returned by the Policy Management API. You release the memory allocated for this variable by calling Sm_PolicyApi_FreeString().

Returns

Sm_PolicyApi_Success. The login was successful.
Sm_PolicyApi_Failure. Memory cannot be allocated.
Sm_PolicyApi_InvalidHandle. There was no valid initialization prior to this call.
Sm_PolicyApi_NoPrivilege. The administrator does not have privileges to some or all the domains.
Sm_PolicyApi_ErrorLogin. The authentication failed.

Example

See the Sm_PolicyApi_Login() call in the example application smpolicyapiexample.cpp.

Sm_PolicyApi_Logout()

Logs out an administrator session.

Type

Required function.

Syntax

int SM_EXTERN Sm_PolicyApi_Logout (
   void* pSessionHandle
);

Parameter	I/O	Description
pSessionHandle	I	The session handle that was returned by Sm_PolicyApi_Login() after successful login of the administrator.

Returns

Sm_PolicyApi_Success. The logout was successful.
Sm_PolicyApi_InvalidHandle. There was no valid initialization prior to this call.
Sm_PolicyApi_NoSession. There is no valid administrator session.

Sm_PolicyApi_LookupDirectoryEntry()

Looks up the user specification in a user directory.

pszSearchPattern holds the search pattern for the lookup. User directory searches vary for each type of user directory namespaces.

Type

User directory function, global scope.

Syntax

int SM_EXTERN Sm_PolicyApi_LookupDirectoryEntry (
   void*                   pSessionHandle,
   const char*             pszUserDirOid,
   const char*             pszSearchPattern,
   Sm_PolicyApi_User_t**   ppStructUserSpec
);

Parameter	I/O	Description
pSessionHandle	I	A pointer to an internal Policy Management API data structure. The structure holds information about the administrator session and the client session.
pszUserDirOid	I	A null-terminated string containing the object identifier of the user directory where lookup is to be performed.
pszSearchPattern	I	A null-terminated string containing the search pattern for the lookup. Information about the search expression grammar for different namespace types appears in the section below.
ppStructUserSpec	O	The address of a pointer to a user structure.

Search Expression Grammar for an LDAP Namespace

The search in an LDAP user directory can be based on an attribute-value pair or on an LDAP search expression.

For an attribute-value pair, the format of pszSearchPattern is:

<attribute-name>=<value>

For example if <attribute-name> is disabled and <value> is 0, the LDAP search filter is:

Base:'o=airius.com',

Filter:

'(&
      (|(objectclass=organizationalPerson)
      (objectclass=inetOrgPerson)
      (objectclass=organization)
      (objectclass=organizationalUnit)
      (objectclass=groupOfNames)
      (objectclass=groupOfUniqueNames)
      (objectclass=group)
      )
      (disabled=0)
)'

If the search uses an LDAP search expression, pszSearchPattern will hold the LDAP search expression. For example, if the search expression is 'uid=user1111', the LDAP search filter is:

Base:'o=airius.com',

Filter:

'(&
      (|(objectclass=organizationalPerson)
      (objectclass=inetOrgPerson)
      (objectclass=organization)
      (objectclass=organizationalUnit)
      (objectclass=groupOfNames)
      (objectclass=groupOfUniqueNames)
      (objectclass=group)
      )
      (uid=user1111)
)'

Search Expression Grammar for ODBC, WinNT and Custom Namespaces

You can search in an ODBC user directory for users, groups, or both. The search is based on attribute-value pairs.

The format of pszSearchPattern is:

[ <class>= ] <value>

In the format example:

<class> is an empty-string or user or group. An empty-string implies user and group.
<value> is a wildcard string.

Returns

Sm_PolicyApi_Success. The lookup was successful.
Sm_PolicyApi_Failure. The user specification lookup failed or memory could not be allocated to Sm_PolicyApi_User_t.
Sm_PolicyApi_NoSession. There is no valid administrator session.
Sm_PolicyApi_InvalidHandle. There was no valid initialization prior to this call.
Sm_PolicyApi_InvalidOid. The user directory OID was not found.
Sm_PolicyApi_UserDirNotValid. There is no connection to the user directory or the user directory provider has not been loaded.

Sm_PolicyApi_ManagementCommand()

Performs user, key, and resource management activities.

The Policy Management API supports the types of management commands that are enumerated in Sm_PolicyApi_ManagementCommands_t.

Type

Utility function.

Syntax

int SM_EXTERN Sm_PolicyApi_ManagementCommand (
  void*                             pSessionHandle,
  Sm_PolicyApi_ManagementCommand_t* pstructManagementCommand
);

Parameter	I/O	Description
pSessionHandle	I	A pointer to an internal Policy Management API data structure. The structure holds information about the administrator session and the client session.
pstructManagementCommand	I	The address of a pointer to a management command structure.

Returns

Sm_PolicyApi_Success. The management command was issued successfully.
Sm_PolicyApi_Failure. The management command was not issued successfully.
Sm_PolicyApi_InvalidHandle. There was no valid initialization prior to this call.
Sm_PolicyApi_NoSession. There is no valid administrator session.
Sm_PolicyApi_NoPrivilege. The administrator does not have the privilege to call Sm_PolicyApi_ManagementCommand().
Sm_PolicyApi_Invalid. An invalid management command was specified.

Sm_PolicyApi_Release()

Disconnects from the policy store and releases memory and resources held by the API.

This function must be the last function called by the API client session. This function must be called once per client session.

Note: Failure to call this function will result in a memory leak.

Type

Required function.

Syntax

int SM_EXTERN Sm_PolicyApi_Release(void* pInitHandle);

Parameter	I/O	Description
pInitHandle	I	The init handle that was returned by Sm_PolicyApi_Init() after successful initialization of the client session.

Returns

This function always returns Sm_PolicyApi_Success.

Sm_PolicyApi_RemoveAdminFromAffiliateDomain()

Removes an administrator from an affiliate domain.

Type

Federation function

Syntax

int SM_EXTERN Sm_PolicyApi_RemoveAdminFromAffiliateDomain (
   void*         pSessionHandle,
   const char*   pszAdminOid,
   const char*   pszAffiliateDomainOid
);

Parameter	I/O	Description
pSessionHandle	I	A pointer to an internal Policy Management API data structure. The structure holds information about the administrator session and the client session.
pszAdminOid	I	A null-terminated string containing the object identifier of an existing administrator.
pszAffiliate DomainOid	I	A null-terminated string containing the object identifier of an existing affiliate domain.

Returns

Sm_PolicyApi_Success. The administrator was removed from the affiliate domain.
Sm_PolicyApi_Failure. The administrator was not removed from the affiliate domain.
Sm_PolicyApi_InvalidHandle. There was no valid initialization prior to this call.
Sm_PolicyApi_NoSession. There is no valid administrator session.
Sm_PolicyApi_NoPrivilege. The administrator does not have the privilege to remove an administrator from an affiliate domain.
Sm_PolicyApi_InvalidOID. The affiliate domain OID was not found during an update.
Sm_PolicyApi_NotFound. The administrator object identifier could not be found in the affiliate domain collection.

Sm_PolicyApi_RemoveAdminFromDomain()

Disassociates the administrator object identified by pszAdminOid from the domain identified by szDomainOid.

Type

Administrator function, global scope.

Syntax

int SM_EXTERN Sm_PolicyApi_RemoveAdminFromDomain (
   void*          pSessionHandle,
   const char*    pszAdminOid,
   const char*    pszDomainOid
);

Parameter	I/O	Description
pSessionHandle	I	A pointer to an internal Policy Management API data structure. The structure holds information about the administrator session and the client session.
pszAdminOid	I	A null-terminated string containing the object identifier of an existing administrator.
pszDomainOid	I	A null-terminated string containing the object identifier of an existing domain.

Returns

Sm_PolicyApi_Success. The administrator was removed successfully from a domain.
Sm_PolicyApi_Failure. The administrator was not removed successfully from a domain.
Sm_PolicyApi_InvalidHandle. There was no valid initialization prior to this call.
Sm_PolicyApi_NoSession. There is no valid administrator session.
Sm_PolicyApi_NoPrivilege. The administrator does not have the privilege to remove an administrator from a domain.
Sm_PolicyApi_InvalidOid. The administrator object identifier or the domain object identifier was not found.
Sm_PolicyApi_NotFound, if
- There are no administrator object identifiers in the domain collection.
- The administrator object identifier could not be found in the domain collection.

Sm_PolicyApi_RemoveAgentConfigAssociation()

Removes a configuration parameter name/value pair from the specified agent configuration object.

Type

Agent configuration function, global scope.

Syntax

int SM_EXTERN Sm_PolicyApi_RemoveAgentConfigAssociation (
   void*                  pSessionHandle,
   const char*            pszAssociationOid
);

Parameter	I/O	Description
pSessionHandle	I	A pointer to an internal Policy Management API data structure. The structure holds information about the administrator session and the client session.
pszAssociationOid	I	Unique identifier of the name/value pair to remove.

Returns

Sm_PolicyApi_Success. The operation was successful.
Sm_PolicyApi_Failure. Generalized failure.
Sm_PolicyApi_InvalidOid. The unique ID does not correspond to an agent configuration object.
Sm_PolicyApi_NoPrivilege. The caller does not have the privilege to remove agent configuration object parameters.
Sm_PolicyApi_InvalidHandle. The session pointer is not valid.
Sm_PolicyApi_NoSession. The API user is not properly logged in.

Sm_PolicyApi_RemoveAssertionConsumerServiceFromSAMLSP()

Removes an existing indexed endpoint reference to an Assertion Consumer Service from the policy store. The index, binding type, and Assertion Consumer Service URL must match an existing Assertion Consumer Service.

Type

Federation function

Syntax

int SM_EXTERN Sm_PolicyApi_RemoveAssertionConsumerServiceToSAMLSP (
   void*                               pSessionHandle,
   const Sm_PolicyApi_SAMLSPAssertionConsumerService_t* 
                pstructSAMLSPAssertionConsumerService,
   const char*                         pszSAMLSPOid
);

Parameter	I/O	Description
pSessionHandle	I	A pointer to an internal Policy Management API data structure. The structure holds information about the administrator session and the client session.
pstructSAMLAssertionConsumerService	I	A pointer to an Assertion Consumer Service structure.
pszSAMLSPOid	I	A pointer to a string containing the OID of the Service Provider.

Returns

Sm_PolicyApi_Success. The Assertion Consumer Service was removed successfully.
Sm_PolicyApi_Failure - The Assertion Consumer Service was not removed successfully.
Sm_PolicyApi_ACSIndexedEndpointNotFound - There is no Assertion Consumer Service that matches the Assertion Consumer Service to be removed..
Sm_PolicyApi_InvalidHandle - There was no valid initialization prior to this call.
Sm_PolicyApi_NoSession - There is no valid administrator session.
Sm_PolicyApi_NoPrivilege - The administrator does not have the privilege to remove Attributes from a SAML Service Provider.

Sm_PolicyApi_RemoveAttributeFromAffiliate()

Removes an attribute from an affiliate.

Type

Federation function

Syntax

int SM_EXTERN Sm_PolicyApi_RemoveAttributeFromAffiliate (
   void*                               pSessionHandle,
   const Sm_PolicyApi_AffiliateAttr_t* pstructAffiliateAttr,
   const char*                         pszAffiliateOid
);

Parameter	I/O	Description
pSessionHandle	I	A pointer to an internal Policy Management API data structure. The structure holds information about the administrator session and the client session.
pstructAffiliate Attr	I	A pointer to an affiliate attribute structure.
pszAffiliateOid	I	A null-terminated string containing the object identifier of an existing affiliate.

Returns

Sm_PolicyApi_Success. The affiliate attribute was removed successfully.
Sm_PolicyApi_Failure. The affiliate attribute was not removed successfully.
Sm_PolicyApi_InvalidHandle. There was no valid initialization prior to this call.
Sm_PolicyApi_NoSession. There is no valid administrator session.
Sm_PolicyApi_NoPrivilege. The administrator does not have the privilege to remove an affiliate attribute.
Sm_PolicyApi_InvalidOID. The affiliate OID was not found.

Sm_PolicyApi_RemoveAttributeFromSAMLScheme()

Removes a configured attribute from a SAML authentication scheme.

Syntax

int SM_EXTERN Sm_PolicyApi_RemoveAttributeFromSAMLScheme(
   void*                                pHandle,
   const Sm_PolicyApi_Scheme_t*         pstructScheme,
   const Sm_PolicyApi_SAMLRequesterAttr_t*     pAttr
);

Parameter	I/O	Description
pHandle	I	A pointer to an internal Policy Management API data structure. The structure holds information about the administrator session and the client session.
pstructScheme	I	A pointer to a completely filled-in scheme structure.
pAttr	I	A pointer to the Sm_PolicyApi_SAMLRequesterAttr_t structure containng the attribute to be removed.

Returns

Sm_PolicyApi_Success. The attribute was removed successfully.
Sm_PolicyApi_Failure. The attribute was not removed successfully.
Sm_PolicyApi_InvalidHandle. There was no valid initialization prior to this call.
Sm_PolicyApi_NoSession. There is no valid administrator session.
Sm_PolicyApi_NoPrivilege. The administrator does not have the privilege to remove an attribute to a SAML Requester.
Sm_PolicyApi_SAMLIDP_IncorrectParameters. Supplied SAML provided properties are incomplete or incorrect.
Sm_PolicyApi_NoSuchAttribute. An attribute with a matching Name and NameFormat does not exist.

Sm_PolicyApi_RemoveAttributeFromSAMLSP()

Removes the specified SAML attribute from the Service Provider.

Type

SAML 2.0 Configuration function, domain scope.

Syntax

int SM_EXTERN Sm_PolicyApi_RemoveAttributeFromSAMLSP
(
   void*                               pHandle,
   const Sm_PolicyApi_SAMLSPAttr_t*    pstructSAMLSPAttr,
   const char*                         pszSAMLSPOid
);

Parameter	I/O	Description
pHandle	I	A pointer to an internal Policy Management API data structure. The structure holds information about the administrator session and the client session.
pstructSAMLSPAttr	I	A pointer to a SAML attribute structure
pszSAMLSPOid	I	The Service Provider's object identifier in the policy store.

Returns

Sm_PolicyApi_Success. The attribute was removed successfully.
Sm_PolicyApi_Failure. The attribute was not removed successfully.
Sm_PolicyApi_InvalidHandle. There was no valid initialization prior to this call.
Sm_PolicyApi_NoSession. There is no valid administrator session.
Sm_PolicyApi_NoPrivilege. The administrator does not have the privilege to remove an SAML attribute from a Service Provider.
Sm_PolicyApi_NoSuchAttribute. No attribute exists with the Name and NameFormat provided.

Sm_PolicyApi_RemoveFromGroup()

Removes an item from a group.

The item and the group must exist and must be of the same type, and the item must be contained in the group.

The pszDomainOid parameter is required by rule and response groups. An agent group does not require a domain OID because it is not a domain-based object.

Type

Group function, global scope (agents) or domain scope (responses, rules).

Syntax

int SM_EXTERN Sm_PolicyApi_RemoveFromGroup (
   void*                   pSessionHandle,
   Sm_PolicyApi_Groups_t   dwGroup,
   const char*             pszItemOid,
   const char*             pszGroupOid,
   const char*             pszDomainOid
);

Parameter	I/O	Description
pSessionHandle	I	A pointer to an internal Policy Management API data structure. The structure holds information about the administrator session and the client session.
dwGroup	I	Indicates the type of the group.
pszItemOid	I	A null-terminated string containing the object identifier of an existing item; must be the same type as the group.
pszGroupOid	I	A null-terminated string containing the object identifier of the group.
pszDomainOid	I	A null-terminated string containing the object identifier of an existing domain. Required by rule and response groups.

Returns

Sm_PolicyApi_Success. The remove was successful.
Sm_PolicyApi_Failure. The remove was not successful.
Sm_PolicyApi_InvalidHandle. There was no valid initialization prior to this call.
Sm_PolicyApi_NoSession. There is no valid administrator session.
Sm_PolicyApi_NoPrivilege. The administrator does not have the privilege to remove a rule, response, or agent OID from its respective group.
Sm_PolicyApi_InvalidOid:
- The domain OID was not found (for a domain-based group).
- The group OID was not found.
- The rule, response, or agent OID or group OID was not found.
Sm_PolicyApi_BadGroup. Parameter dwGroup is not the rule, response, or agent type.

Sm_PolicyApi_RemovePolicyLinkFromPolicy()

By removing the policy link identified by pszPolicyLinkOid from the policy identified by pszPolicyOid, this function effectively removes the rule from the policy.

A policy link object binds a policy to a rule and, optionally, a response.

Note: In releases prior to SiteMinder v4.5, the functionality provided by Sm_PolicyApi_RemovePolicyLinkFromPolicy() was provided by Sm_PolicyApi_RemoveRuleFromPolicy().

Type

Policy function, domain scope.

Syntax

int SM_EXTERN Sm_PolicyApi_RemovePolicyLinkFromPolicy (
   void*          pSessionHandle,
   const char*    pszPolicyLinkOid,
   const char*    pszPolicyOid
);

Parameter	I/O	Description
pSessionHandle	I	A pointer to an internal Policy Management API data structure. The structure holds information about the administrator session and the client session.
pszPolicyLinkOid	I	A null-terminated string containing the object identifier of an existing policy link under pszPolicyOid.
pszPolicyOid	I	A null-terminated string containing the object identifier of an existing policy.

Returns

Sm_PolicyApi_Success. The policy link was removed successfully.
Sm_PolicyApi_Failure. The policy link was not removed successfully.
Sm_PolicyApi_InvalidHandle. There was no valid initialization prior to this call.
Sm_PolicyApi_NoSession. There is no valid administrator session.
Sm_PolicyApi_NoPrivilege. The administrator does not have the privilege to remove a policy link.
Sm_PolicyApi_InvalidOid:
- The policy OID was not found.
- The policy link OID was not found.

Sm_PolicyApi_RemoveRegularExpressionFromPasswordPolicy()

Removes a Regular Expression from the referenced password policy. Implemented only if the session's version is set to SM_POLICY_API_VERSION_6_0.

Type

Regular Expression function.

Syntax

int SM_EXTERN    Sm_PolicyApi_RemoveRegularExpressionFromPasswordPolicy(
   void*        pSessionHandle,
   const char*  pszRegularExpressionOid,
   const char*  pszPasswordPolicyOid
);

Parameter	I/O	Description
pSessionHandle	I	A pointer to an internal Policy Management API data structure. The structure holds information about the administrator session and the client session.
pszRegular ExpressionOid	I	The OID of the regular expression to be removed.
pszPassword PolicyOid	I	The OID of the password policy to remove the expression from.

Returns

Sm_PolicyApi_Success. The regular expression was removed successfully.
Sm_PolicyApi_Failure. The regular expression was not removed successfully.
Sm_PolicyApi_NoSession. There is no valid administrator session.
Sm_PolicyApi_InvalidHandle. There was no valid initialization prior to this call.
Sm_PolicyApi_NoPrivilege. The administrator does not have the privilege to remove regular expressions.
Sm_PolicyApi_InvalidOid: The password policy OID was not found.

Sm_PolicyApi_RemoveResponseAttr()

Disassociates the response attribute defined by the pstructResponseAttr structure from the response identified by pszResponseAttrOid. The attribute name and attribute value must match in order for the remove to occur.

Type

Response function, domain scope.

Syntax

int SM_EXTERN Sm_PolicyApi_RemoveResponseAttr (
   void*          pSessionHandle,
   const char*    pszResponseAttrOid
);

Parameter	I/O	Description
pSessionHandle	I	A pointer to an internal Policy Management API data structure. The structure holds information about the administrator session and the client session.
pszResponseAttrOid	I	A null-terminated string containing the object identifier of an existing response attribute.

Returns

Sm_PolicyApi_Success. The remove operation was successful.
Sm_PolicyApi_Failure. The remove operation was not successful.
Sm_PolicyApi_NoSession. There is no valid administrator session.
Sm_PolicyApi_InvalidHandle. There was no valid initialization prior to this call.
Sm_PolicyApi_NoPrivilege. The administrator does not have the privilege to remove a response attribute.
Sm_PolicyApi_InvalidOid. The response attribute OID was not found.

Sm_PolicyApi_RemoveUserDirFromAffiliateDomain()

Removes a user directory from an existing affiliate domain.

Type

Federation function

Syntax

int SM_EXTERN Sm_PolicyApi_RemoveUserDirFromAffiliateDomain(
   void*        pSessionHandle,
   const char*  pszUserDirOid,
   const char*  pszAffiliateDomainOid
);

Parameter	I/O	Description
pSessionHandle	I	A pointer to an internal Policy Management API data structure. The structure holds information about the administrator session and the client session.
pszUserDirOid	I	A null-terminated string containing the object identifier of an existing user directory.
pszAffiliate DomainOid	I	A null-terminated string containing the object identifier of an existing affiliate domain.

Returns

Sm_PolicyApi_Success. The user directory was removed from the affiliate domain successfully.
Sm_PolicyApi_NotFound. The domain does not have the user directory.
Sm_PolicyApi_InvalidHandle. There was no valid initialization prior to this call.
Sm_PolicyApi_NoSession. There is no valid administrator session.
Sm_PolicyApi_NoPrivilege. The administrator does not have the privilege to remove a user directory from an affiliate domain.
Sm_PolicyApi_InvalidOID. The user directory OID or affiliate domain OID was not found during an update.

Sm_PolicyApi_RemoveUserDirFromDomain()

Disassociates the user directory identified by pszUserDirOid from the domain identified by pszDomainOid.

Type

User directory function, global scope.

Syntax

int SM_EXTERN Sm_PolicyApi_RemoveUserDirFromDomain (
   void*          pSessionHandle,
   const char*    pszUserDirOid,
   const char*    pszDomainOid
);

Parameter	I/O	Description
pSessionHandle	I	A pointer to an internal Policy Management API data structure. The structure holds information about the administrator session and the client session.
pszUserDirOid	I	A null-terminated string containing the object identifier of an existing user directory.
pszDomainOid	I	A null-terminated string containing the object identifier of an existing domain.

Returns

Sm_PolicyApi_Success. The remove operation was successful.
Sm_PolicyApi_NotFound. The domain does not have any user directories.
Sm_PolicyApi_NoSession. There is no valid administrator session.
Sm_PolicyApi_InvalidHandle. There was no valid initialization prior to this call.
Sm_PolicyApi_NoPrivilege. The administrator does not have the privilege to remove a user directory from a domain.
Sm_PolicyApi_InvalidOid. A user directory or domain OID was not found.

Sm_PolicyApi_RemoveUsersFromAffiliate()

Removes a user directory entry from an affiliate.

Type

Federation function

Syntax

int SM_EXTERN Sm_PolicyApi_RemoveUsersFromAffiliate (
   void*        pSessionHandle,
   const char*  pszAffiliateOid,
   const char*  pszUserPolicyOid
);

Parameter	I/O	Description
pSessionHandle	I	A pointer to an internal Policy Management API data structure. The structure holds information about the administrator session and the client session.
pszAffiliateOid	I	A null-terminated string containing the object identifier of an existing affiliate.
pszUserPolicyOid	I	A null-terminated string containing the object identifier of an existing policy user.

Returns

Sm_PolicyApi_Success. The user was removed successfully.
Sm_PolicyApi_Failure. The user was not removed successfully.
Sm_PolicyApi_InvalidHandle. There was no valid initialization prior to this call.
Sm_PolicyApi_NoSession. There is no valid administrator session.
Sm_PolicyApi_NoPrivilege. The administrator does not have the privilege to remove a user.
Sm_PolicyApi_InvalidOID. The affiliate OID or user policy OID was not found.

Sm_PolicyApi_RemoveUsersFromPolicy()

Disassociates the user identified by pszUserPolicyOid from the policy identified by pszPolicyOid. Only one user specification (which may be an aggregate) can be removed at a time.

Type

User and user state function.

Syntax

int SM_EXTERN Sm_PolicyApi_RemoveUsersFromPolicy (
   void*          pSessionHandle,
   const char*    pszPolicyOid,
   const char*    pszUserPolicyOid
);

Parameter	I/O	Description
pSessionHandle	I	A pointer to an internal Policy Management API data structure. The structure holds information about the administrator session and the client session.
pszPolicyOid	I	A null-terminated string containing the object identifier of an existing policy from which a user is to be removed.
pszUserPolicyOid	I	A null-terminated string containing the object identifier of an existing policy user.

Remarks

This function is successful only when the pointer to Sm_PolicyApi_User_t is obtained with the Sm_PolicyApi_GetPolicyUsers() function. If the user is retrieved with Sm_PolicyApi_LookupDirectoryEntry(), Sm_PolicyApi_GetDirectoryContents(), or Sm_PolicyApi_ValidateDirectoryEntry(), pszUserPolicyOid will be invalid and the call will fail.

Returns

Sm_PolicyApi_Success. The remove operation was successful.
Sm_PolicyApi_Failure. The remove operation was not successful.
Sm_PolicyApi_InvalidHandle. There was no valid initialization prior to this call.
Sm_PolicyApi_NoSession. There is no valid administrator session.
Sm_PolicyApi_NoPrivilege. The administrator does not have the privilege to remove a user from the policy.
Sm_PolicyApi_InvalidOid:
- The policy OID was not found.
- The user policy OID was not found.

Sm_PolicyApi_RemoveUsersFromSAMLServiceProvider()

Removes the specified users from the Service Provider.

Type

SAML 2.0 Configuration function, domain scope.

Syntax

int SM_EXTERN Sm_PolicyApi_AddUsersToSAMLServiceProvider
(
   void*                             pSessionHandle,
   const char*                       pszProviderOid,
   Sm_PolicyApi_User_t*              pStructUsers,
   int                               iPolicyFlags
);

Parameter	I/O	Description
pSessionHandle	I	A pointer to an internal Policy Management API data structure. The structure holds information about the administrator session and the client session.
pszProviderOid	I	A null-terminated string containing the Service Provider's object identifier.
pStructUsers	I	The users to remove from the Service Provider.
iPolicyFlags	I	A bit field that indicates whether: The policy created for the SAML Service Provider includes a user The policy should be applied recursively

Returns

Sm_PolicyApi_Success. The users were removed successfully.
Sm_PolicyApi_Failure. The users were not removed successfully.
Sm_PolicyApi_InvalidHandle. There was no valid initialization prior to this call.
Sm_PolicyApi_NoSession. There is no valid administrator session.
Sm_PolicyApi_NoPrivilege. The administrator does not have the privilege to remove a user.
Sm_PolicyApi_InvalidOid. The Service Provider OID was not found.

Sm_PolicyApi_RemoveUsersFromWSFEDResourcePartner()

Dissociates a user directory entry from WS-Federation Resource Partner.

Syntax

int SM_EXTERN Sm_PolicyApi_RemoveUsersFromWSFEDResourcePartner (
        void* pSessionHandle,
        const char * pszProviderOid,
        const char * pszUserPolicyOid
);

Parameters

pSessionHandle: [in] A pointer to an internal Policy Management API data structure. The structure holds information about the administrator session and the client session.
pszProviderOid: [in] A null-terminated string containing the object identifier of an existing WS-Federation Resource Partner.
pszUserPolicyOid: [in] A null-terminated string containing the object identifier of an existing policy user.

Return Values

Sm_PolicyApi_Success. The user directory was removed a successfully.
Sm_PolicyApi_Failure. The user directory was not removed successfully.
Sm_PolicyApi_InvalidHandle. There was no valid initialization prior to this call.
Sm_PolicyApi_NoSession. There is no valid administrator session.
Sm_PolicyApi_NoPrivilege. The administrator does not have the privilege to remove a user.
Sm_PolicyApi_InvalidOid. The Resource Partner OID was not found.

Sm_PolicyApi_RenameObject()

Renames a domain or global object.

This function requires the Object Identifier (OID) of the object to be renamed. You can retrieve the object identifier by performing the Get operation on the object.

Type

General object function.

Syntax

int SM_EXTERN Sm_PolicyApi_RenameObject (
   void*          pSessionHandle,
   const char*    pszOid,
   const char*    pszNewName
);

Parameter	I/O	Description
pSessionHandle	I	A pointer to an internal Policy Management API data structure. The structure holds information about the administrator session and the client session.
pszOid	I	Object Identifier of the object to be renamed.
pszNewName	I	New name for the object.

Returns

Sm_PolicyApi_Success. The object was renamed successfully.
Sm_PolicyApi_Failure. The object was not renamed successfully.
Sm_PolicyApi_InvalidHandle. There was no valid initialization prior to this call.
Sm_PolicyApi_NoSession. There is no valid administrator session.
Sm_PolicyApi_NoPrivilege. The administrator does not have the privilege to rename an object.
Sm_PolicyApi_InvalidOid. The OID was not found.

Sm_PolicyApi_SetAffiliateDomainUserDirSearchOrder()

Sets the user directory search order for an affiliate domain.

Type

Federation function

Syntax

int SM_EXTERN Sm_PolicyApi_SetAffiliateDomainUserDirSearchOrder (
   void*         pSessionHandle,
   const char*   pszAffiliateDomainOid,
   char**        pszArray[]
);

Parameter	I/O	Description
pSessionHandle	I	A pointer to an internal Policy Management API data structure. The structure holds information about the administrator session and the client session.
pszAffiliate DomainOid	I	A null-terminated string containing the object identifier of an existing affiliate domain.
pszArray	I	An array of user directory OIDs, in the desired order.

Returns

Sm_PolicyApi_Success. The function successfully set the user directory search order.
Sm_PolicyApi_InvalidHandle. There was no valid initialization prior to this call.
Sm_PolicyApi_NoSession. There is no valid administrator session.
Sm_PolicyApi_NoPrivilege. The administrator does not have the privilege to set user directory search order in an affiliate domain.
Sm_PolicyApi_InvalidOID. The affiliate OID was not found.
Sm_PolicyApi_DomainNotAffiliate. The domain is not an affiliate domain.
Sm_PolicyApi_WrongNumberOfElements. The number of user directories in the affiliate domain collection is different from the number of elements in the array.

Sm_PolicyApi_SetDisabledUserState()

Sets the disabled state of a user. You can also enable a user with this function.

To make this function work, the attribute for tracking disabled users must be set in the user directory (the pszDisabledAttr field of structure Sm_PolicyApi_UserDir_t). You can also set the attribute using the Policy Server User Interface.

Type

User and user state function.

Syntax

int SM_EXTERN Sm_PolicyApi_SetDisabledUserState (
   void*                            pSessionHandle,
   const char*                      pszUserDirOid,
   const char*                      pszUserDN,
   const Sm_Api_DisabledReason_t    nDisabledReason,
   char**                           pszErrMsg
);

Parameter	I/O	Description
pSessionHandle	I	A pointer to an internal Policy Management API data structure. The structure holds information about the administrator session and the client session.
pszUserDirOid	I	A null-terminated string containing the object identifier of an existing user directory.
pszUserDN	I	The distinguished name of the user whose disabled state is to be changed.
nDisabledReason	I	Reason for disabling or enabling a user. The reasons are enumerated in Sm_Api_DisabledReason_t, which is defined in SmApi.h. It is the responsibility of the caller to set the correct state. Multiple reasons can exist concurrently. When a user is enabled, all the flags in the disabled mask should be cleared.
pszErrMsg	O	The error message is held in the string if the operation was not successful. You release the memory allocated for this variable by calling Sm_PolicyApi_FreeString().

Returns

Sm_PolicyApi_Success. The disable user state was set successfully.
Sm_PolicyApi_Failure:
- User state was not disabled.
- Memory could not be allocated to pszErrMsg.
Sm_PolicyApi_InvalidHandle. There was no valid initialization prior to this call.
Sm_PolicyApi_NoSession. There is no valid administrator session.
Sm_PolicyApi_NoPrivilege. The administrator does not have the privilege to set disabled user state.
Sm_PolicyApi_InvalidOid. The user directory OID was not found.

Examples

To disable a user for password expiration:

nDisabledReason = Sm_Api_Disabled_DisabledMask &
      Sm_Api_Disabled_PWExpired;

To disable a user for administrative reasons:

enum Sm_Api_DisabledReason_t nDisabledReason;

iRes =  Sm_PolicyApi_GetDisabledUserState (pSessionHandle,
                                           pszUserDirOid,
                                           pszUserDN,
                                           &nDisabledReason,
                                           &pszGetErrMsg);

if (iRes != Sm_PolicyApi_Success)
{
    cout << "Error: " << pszGetErrMsg << endl;
}

// Set admin disabled reason bit.
nDisabledReason=(Sm_Api_DisabledReason_t) (nDisabledReason | 
      Sm_Api_Disabled_AdminDisabled);

// Set Disable user state
iRes = Sm_PolicyApi_SetDisabledUserState(pSessionHandle,
                                         pszUserDirOid,
                                         pszUserDN,
                                         nDisabledReason,
                                         &pszSetErrMsg);

To enable a user and clear all disable reason bits:

enum Sm_Api_DisabledReason_t nDisabledReason;
iRes = Sm_PolicyApi_GetDisabledUserState(pSessionHandle,
                                         pszUserDirOid,
                                         pszUserDN,
                                         &nDisabledReason,
                                         &pszGetErrMsg);

if (iRes != Sm_PolicyApi_Success)
{
   if (pszGetErrMsg)
   {
      cout << "Error: " << pszGetErrMsg << endl;
   }
}
// Clear all the disable reason bits.
nDisabledReason=(Sm_Api_DisabledReason_t)
      (nDisabledReason & (~Sm_Api_Disabled_DisabledMask));

// Set Disable user state to enable
iRes = Sm_PolicyApi_SetDisabledUserState(pSessionHandle,
                                         pszUserDirOid,
                                         pszUserDN,
                                         nDisabledReason,
                                         &pszSetErrMsg);

Sm_PolicyApi_SetPassword()

Changes the password of a user account. It can also be used to validate a new password or an old password without changing the password.

To validate a new password, you must set SiteMinder Password services for the directory, and you must identify a password attribute in the SiteMinder user directory.

Type

User and user state function.

Syntax

int SM_EXTERN Sm_PolicyApi_SetPassword (
   void*          pSessionHandle,
   const char*    pszUserDirOid,
   const char*    pszUserDN,
   const char*    pszNewPassword,
   const char*    pszOldPassword,
   bool           bChangePassword,
   bool           bValidateNewPassword,
   bool           bValidateOldPassword,
   char**         pszErrMsg
);

Parameter	I/O	Description
pSessionHandle	I	A pointer to an internal Policy Management API data structure. The structure holds information about the administrator session and the client session.
pszUserDirOid	I	A null-terminated string containing the object identifier of the user directory where the user may be found.
pszUserDN	I	The distinguished name of the user whose password is to be changed and/or whose new or old password is to be validated.
pszNewPassword	I	New user password to validate or change.
pszOldPassword	I	Old user password to validate or change.
bChangePassword	I	If true, the password is changed to the new password and is recorded in the user's password history. If an error occurs, the function returns an error code.
bValidateNewPassword	I	If true, the new password is checked to make sure it satisfies all password policy requirements. If the new password is in violation of any password policies, pszErrMsg is set and the function returns an error code.
bValidateOldPassword	I	If true, the old password is used to authenticate the user. If authentication fails, the function returns an error code.
pszErrMsg	O	String containing an error message if the user password change or validation was not successful. You release the memory allocated for this variable by calling Sm_PolicyApi_FreeString().

Returns

Sm_PolicyApi_Success. The change or validation was successful.
Sm_PolicyApi_Failure. The change or validation was not successful or memory could not be allocated to the error message string.
Sm_PolicyApi_InvalidHandle. There was no valid initialization prior to this call.
Sm_PolicyApi_InvalidPasswordSyntax. Returned when both of these conditions exist:
- bValidateNewPassword is true.
- The new password did not satisfy the password policy requirements set for the specified directory.
For information about the error, call Sm_PolicyApi_GetPasswordMsg() and pass to it the encoded error message (pszErrMsg) returned from Sm_PolicyApi_SetPassword().
Sm_PolicyApi_NoSession. There is no valid administrator session.
Sm_PolicyApi_NoPrivilege. The administrator does not have the privilege to set or validate user passwords.
Sm_PolicyApi_InvalidOid. The user directory OID was not found.

Sm_PolicyApi_SetResponseInPolicyLink()

Alters the policy link described by the ppstructPolicyLink structure.

This function sets a response or a response group to a rule or rule group. It can also be used to remove a response or response group from a policy link. To remove a response or response group from a policy link, set the pszResponseOid in Sm_PolicyApi_PolicyLink_t to an empty string.

Type

Response function, domain scope.

Syntax

int SM_EXTERN Sm_PolicyApi_SetResponseInPolicyLink (
   void*                       pSessionHandle,
   const char*                 pszPolicyOid,
   Sm_PolicyApi_PolicyLink_t*  ppstructPolicyLink
);

Parameter	I/O	Description
pSessionHandle	I	A pointer to an internal Policy Management API data structure. The structure holds information about the administrator session and the client session.
pszPolicyOid	I	A null-terminated string containing the object identifier of an existing policy.
ppstructPolicyLink	I	The address of a policy link structure.

Returns

Sm_PolicyApi_Success. The response was successfully set or removed in a policy link.
Sm_PolicyApi_Failure. The response cannot be set or removed in a policy link.
Sm_PolicyApi_InvalidHandle. There was no valid initialization prior to this call.
Sm_PolicyApi_NoSession. There is no valid administrator session.
Sm_PolicyApi_NoPrivilege. The administrator does not have the privilege to set a policy link.
Sm_PolicyApi_InvalidOid:
- The policy OID was not found.
- The rule or rule group OID was not found.
- The response or response group OID was not found.
Sm_PolicyApi_DoesNotExist. There are no policy links in the policy collection.

Sm_PolicyApi_SetSharedSecretPolicy()

Sets the current SharedSecretPolicy. There will always be exactly one such object, so it is not necessary to provide the bUpdate boolean flag.

Type

Agent configuration.

Syntax

int SM_EXTERN Sm_PolicyApi_SetSharedSecretPolicy (
   void*                               pSessionHandle,
   Sm_PolicyApi_SharedSecretPolicy_t*  ppstructSecretPolicy
);

Parameter	I/O	Description
pSessionHandle	I	The current Policy API session handle.
ppstructSecret Policy	I/O	The shared secret policy structure.

Returns

Sm_PolicyApi_Success. The operation was successful.
Sm_PolicyApi_Failure. Generalized failure.
Sm_PolicyApi_InvalidHandle. The session handle was invalid.
Sm_PolicyApi_NoSession. The user is not logged in.
Sm_PolicyApi_NoPrivilege. User does not have rights to manage objects.

Sm_PolicyApi_SetUserDirSearchOrder()

Rearranges the search order of the user directory objects associated with the domain identified by pszDomainOid.

The ordered list of names is specified in the pszArray string array. The user directories in this array must match in OID and number (but not order) the list of user directory names that were retrieved by a call to Sm_PolicyApi_GetUserDirSearchOrder().

Type

User directory function, global scope.

Syntax

int SM_EXTERN Sm_PolicyApi_SetUserDirSearchOrder (
   void*          pSessionHandle,
   const char*    pszDomainOid,
   char**         pszArray[]
);

Parameter	I/O	Description
pSessionHandle	I	A pointer to an internal Policy Management API data structure. The structure holds information about the administrator session and the client session.
pszDomainOid	I	A null-terminated string containing the object identifier of an existing domain.
pszArray	I	An array of user directory OIDs, in the desired order.

Returns

Sm_PolicyApi_Success. The user directory search order was set successfully.
Sm_PolicyApi_NoSession. There is no valid administrator session.
Sm_PolicyApi_InvalidHandle. There was no valid initialization prior to this call.
Sm_PolicyApi_NoPrivilege. The administrator does not have the privilege to set user directory search order in a domain.
Sm_PolicyApi_InvalidOid. The domain OID was not found.
Sm_PolicyApi_WrongNumberOfElements. The number of user directories in the domain collection is different from the number of elements in the array.

Sm_PolicyApi_SetUserPasswordState()

Add or update a UserPasswordState object.

If there is no PasswordState associated with the user, a new PasswordState will be created. Otherwise, the UserPasswordState will be updated.

Type

Password state function.

Syntax

int SM_EXTERN Sm_PolicyApi_SetUserPasswordState (
   void                             *pSessionHandle,
   const char                       *pszUserDirOid,
   const char                       *pszUserDN,
   Sm_PolicyApi_UserPasswordState_t *pPasswordState
   bool bEmptyHistory
);

Parameter	I/O	Description
pSessionHandle	I	A pointer to an internal Policy Management API data structure. The structure holds information about the administrator session and the client session.
pszUserDirOid	I	Unique object identifier that corresponds to a particular User Directory.
pszUserDN	I	Specifies the distinguished name of the user within the user directory.
pPasswordState	I/O	The user password state object. If this parameter changes the user directory setting for the last time the password was changed, and the password is reset outside of SiteMinder, the password policy preventing password reuse may not work as expected. If this parameter is set to NULL, the function returns Sm_PolicyApi_Failure.
bEmptyHistory	I	Specifies whether this function should clear the existing password history. If this parameter is set to true, the field tLastPWChange field of structure Sm_PolicyApi_UserPasswordState_t is implicitly reset to zero.

Returns

Sm_PolicyApi_Success. The get operation was successful.
Sm_PolicyApi_Failure. Generalized failure.
Sm_PolicyApi_InvalidHandle. The session pointer is not valid.
Sm_PolicyApi_BadArgument. The input password state pointer is NULL.
Sm_PolicyApi_NoSession. The API user is not properly logged in.
Sm_PolicyApi_InvalidOid. The unique id does not correspond to User Directory object.
Sm_PolicyApi_UserDirNotFound. Failed to retrieve User Directory object from policy store.
Sm_PolicyApi_ErrorUserDir. Invalid User Directory object or wrong user DN.
Sm_PolicyApi_NoPrivilege. The caller does not have the proper privileges.

Sm_PolicyApi_ValidateDirectoryEntry()

Validates a user specification in a user directory.

Type

User directory function, global scope.

Syntax

int SM_EXTERN Sm_PolicyApi_ValidateDirectoryEntry (
   void*                  pSessionHandle,
   const char*            pszUserDirOid,
   const char*            pszPath,
   Sm_PolicyApi_User_t**  ppUserEntry
);

Parameter	I/O	Description
pSessionHandle	I	A pointer to an internal Policy Management API data structure. The structure holds information about the administrator session and the client session.
pszUserDirOid	I	A null-terminated string containing the object identifier of the user directory.
pszPath	I	A null-terminated string containing the path of a user.
ppUserEntry	O	The address of a pointer to a user structure.

Returns

Sm_PolicyApi_Success. The validation was successful.
Sm_PolicyApi_Failure:
- The policy resolution of the user path in pszPath is not of type Sm_PolicyResolution_User.
- There is no connection to the user directory or the user directory provider has not been loaded.
- Memory could not be allocated to Sm_PolicyApi_User_t.
Sm_PolicyApi_NoSession. There is no valid administrator session.
Sm_PolicyApi_InvalidHandle. There was no valid initialization prior to this call.
Sm_PolicyApi_InvalidOid. The user directory OID was not found.

Authentication Scheme Configuration

When you configure an authentication scheme programmatically, you provide information that would otherwise be provided through the Authentication Scheme Properties dialog of the Policy Server UI. You provide this information through the fields in the structure Sm_PolicyApi_Scheme_t.

Note: The following categories of information can be used for different purposes in different authentication schemes. For example, with the TeleID authentication scheme, the shared secret is used to supply the encryption seed.

Scheme type
SiteMinder provides a number of standard authentication scheme types (also known as templates). Each authentication scheme type is configured differently.
Description
Brief description of the authentication scheme.
Protection level
Protection level values can range from 1 through 1000. The higher the number, the greater the degree of protection provided by the scheme.
Library
An authentication scheme library performs authentication processing for the associated authentication scheme type. Each predefined authentication scheme is shipped with a default library. Optionally, you can use a custom library instead of the default.
Parameter
Additional information that the authentication scheme requires, such as the URL of an HTML login page. With some authentication schemes, the parameter information is constructed from field values in the Scheme Type Setup tab of the Authentication Scheme Properties dialog. To see how a parameter string is constructed for a given scheme type, open this dialog, select the appropriate scheme type, provide values to the fields in the Scheme Type Setup tab, and view the constructed parameter in the Advanced tab.
Shared Secret
Information that is known to both the authentication scheme and the Policy Server. Different authentication schemes use different kinds of secrets. Most schemes use no secret.
Is template?
A flag that specifies whether the authentication scheme is a template.

Note: Setting an authentication scheme as a template with the C Policy Management API was deprecated in SDK v6.0 SP3.
Is used by administrator?
A flag that specifies whether the authentication scheme can be used to authenticate administrators.
Save Credentials?
A flag that specifies whether to save the user's credentials.
Is RADIUS?
A flag that specifies whether the scheme can be used with RADIUS agents.
Ignore password check?
A flag that specifies whether password policies for the scheme are enabled. If True (1), password policies are disabled.

Note: The Ignore password check flag must be set to True for anonymous authentication schemes.

Anonymous Template

Use this table when configuring an authentication scheme based on the scheme type Anonymous. The structure fields referenced in the table are in Sm_PolicyApi_Scheme_t.

Note: The Ignore password check flag must be set to True for anonymous authentication schemes.

Information Type	Value Assignment and Meaning
Scheme type	nType=Sm_Api_SchemeType_Anonymous The scheme type Anonymous.
Description	pszDesc=description The description of the authentication scheme.
Protection level	nLevel=0 Set to 0. Not applicable to this scheme type.
Library	pszLib="smauthanon" The default library for this scheme type.
Parameter	pszParam=param A string containing the guest DN. Policies associated with the guest DN must apply to anonymous users.
Shared secret	pszSecret="" Set to an empty string. Not applicable to this scheme.
Is template?	bIsTemplate=0 Set to false (0) to indicate that the scheme is not a template. Any other value is ignored.
Is used by administrator?	bIsUsedbyAdmin=0 Set to false (0)-scheme is not used to authenticate administrators.
Save credentials?	bAllowSaveCreds=0 Set to false (0) to indicate that user credentials won't be saved.
Is RADIUS?	bIsRadius=0 Set to false (0)-scheme is not used with RADIUS agents.
Ignore password check?	bIgnorePwCheck=1 Set to true (1)-ignore password checking.

Basic Over SSL Template

Use this table when configuring an authentication scheme based on the scheme type Basic over SSL. The structure fields referenced in the table are in Sm_PolicyApi_Scheme_t.

Information Type	Value Assignment and Meaning
Scheme type	nType=Sm_Api_SchemeType_BasicOverSSL The scheme type Basic over SSL.
Description	pszDesc=description The description of the authentication scheme.
Protection level	nLevel=value A value of 1 through 1000. The higher the number, the greater degree of protection provided by the scheme. Default is 10.
Library	pszLib="smauthcert" The default library for this scheme type.
Parameter	pszParam=param A string containing the domain or IP address of the SSL server and the name of the SSL Credentials Collector (SCC). Format: https://server/SCC?basic The following example uses the default SCC: https://my.server.com/siteminderagent/ nocert/smgetcred.scc?basic
Shared secret	pszSecret="" Set to an empty string. Not applicable to this scheme.
Is template?	bIsTemplate=0 Set to false (0) to indicate that the scheme is not a template. Any other value is ignored.
Is used by administrator?	bIsUsedbyAdmin=0 Set to false (0) for this scheme.
Save credentials?	bAllowSaveCreds=0 Set to false (0) to indicate that user credentials won't be saved.
Is RADIUS?	bIsRadius=0 Set to false (0)-scheme is not used with RADIUS agents.
Ignore password check?	bIgnorePwCheck=flag Set to true (1) to ignore password checking, or false (0) to check passwords. Default is 0.

Basic Template

Use this table when configuring an authentication scheme based on the scheme type Basic. The structure fields referenced in the table are in Sm_PolicyApi_Scheme_t.

Information Type	Value Assignment and Meaning
Scheme type	nType=Sm_Api_SchemeType_Basic The scheme type Basic.
Description	pszDesc=description The description of the authentication scheme.
Protection level	nLevel=value A value of 1 through 1000. The higher the number, the greater degree of protection provided by the scheme. Default is 5.
Library	pszLib="smauthdir" The default library for this scheme type.
Parameter	pszParam="" Set to an empty string. Not applicable to this scheme.
Shared secret	pszSecret="" Set to an empty string. Not applicable to this scheme.
Is template?	bIsTemplate=0 Set to false (0) to indicate that the scheme is not a template. Any other value is ignored.
Is used by administrator?	bIsUsedbyAdmin=1 Set to true (1)-scheme can be used to authenticate administrators.
Save credentials?	bAllowSaveCreds=0 Set to false (0) to indicate that user credentials won't be saved.
Is RADIUS?	bIsRadius=1 Set to true (1)-scheme can be used with RADIUS agents.
Ignore password check?	bIgnorePwCheck=flag Set to true (1) to ignore password checking, or false (0) to check passwords. Default is 0.

Custom Template

Use this table when configuring an authentication scheme based on the scheme type Custom. You create custom schemes using the Authentication API. The structure fields referenced in the table are in Sm_PolicyApi_Scheme_t.

Information Type	Value Assignment and Meaning
Scheme type	nType=Sm_Api_SchemeType_Custom The scheme type Custom.
Description	pszDesc=description The description of the authentication scheme.
Protection level	nLevel=value A value of 0 through 1000. The higher the number, the greater degree of protection provided by the scheme. Default is 5.
Library	pszLib=customLibName The name of the custom shared library you created using the Authentication API.
Parameter	pszParam=param Any string of one or more parameters required by your custom authentication scheme. For a custom authentication scheme that uses SSL, you must supply a URL that points to a SiteMinder Web Agent library required for the SSL-based authentication.
Shared secret	pszSecret=secret The shared secret, if any, that your custom authentication scheme uses for encryption of credentials.
Is template?	bIsTemplate=0 Set to false (0) to indicate that the scheme is not a template. Any other value is ignored.
Is used by administrator?	bIsUsedbyAdmin=flag Set to true (1) to specify that the scheme can be used to authenticate administrators, or to false (0) to specify that the scheme cannot be used to authenticate administrators. Default is 0.
Save credentials?	bAllowSaveCreds=0 Set to false (0) to indicate that user credentials won't be saved.
Is RADIUS?	bIsRadius=0 Set to false (0)-scheme is not used with RADIUS agents.
Ignore password check?	bIgnorePwCheck=flag Set to true (1) to ignore password checking, or false (0) to check passwords. Default is 0.

HTML Form Template

Use this table when configuring an authentication scheme based on the scheme type HTML Form. The structure fields referenced in the table are in Sm_PolicyApi_Scheme_t.

Information Type	Value Assignment and Meaning
Scheme type	nType=Sm_Api_SchemeType_HTMLForm The scheme type HTML Form.
Description	pszDesc=description The description of the authentication scheme.
Protection level	nLevel=value A value of 1 through 1000. The higher the number, the greater degree of protection provided by the scheme. Default is 5.
Library	pszLib="smauthhtml" The default library for this scheme type.
Parameter	pszParam=param A string containing a user attribute list plus the location of the forms credential collector (FCC). The attribute list must begin with AL= and use commas as the list delimiter character, and it must end with a semicolon-for example: AL=Password,SSN,age,zipcode; The complete parameter format is: attr-list;https:/server/fcc The following example uses the default FCC: AL=PASSWORD,SSN,age,zipcode; http://my.server.com/siteminderagent/ forms/login.fcc
Shared secret	pszSecret="" Set to an empty string. Not applicable to this scheme.
Is template?	bIsTemplate=0 Set to false (0) to indicate that the scheme is not a template. Any other value is ignored.
Is used by administrator?	bIsUsedbyAdmin=0 Set to false (0)-scheme is not used to authenticate administrators.
Save credentials?	bAllowSaveCreds=flag Set to true (1) to indicate that user credentials should be saved, or false (0) to indicate that user credentials should not be saved. Default is 0.
Is RADIUS?	bIsRadius=0 Set to false (0)-scheme is not used with RADIUS agents.
Ignore password check?	bIgnorePwCheck=flag Set to true (1) to ignore password checking, or false (0) to check passwords. Default is 0.

Impersonation Template

Use this table when configuring an authentication scheme based on the scheme type Impersonation. The structure fields referenced in the table are in Sm_PolicyApi_Scheme_t.

Information Type	Value Assignment and Meaning
Scheme type	nType=Sm_Api_SchemeType_Impersonation The scheme type Impersonation.
Description	pszDesc=description The description of the authentication scheme.
Protection level	nLevel=value A value of 1 through 1000. The higher the number, the greater degree of protection provided by the scheme. Default is 5.
Library	pszLib="smauthimpersonate" The default library for this scheme type.
Parameter	pszParam=param A string containing a user attribute list plus the location of the forms credential collector (FCC). The attribute list must begin with AL= and use commas as the list delimiter character, and it must end with a semicolon-for example: AL=Password,SSN,age,zipcode; The complete parameter format is: attr-list;https:/server/fcc The following example uses the default FCC: AL=PASSWORD,SSN,age,zipcode; http://my.server.com/siteminderagent/ forms/imp.fcc
Shared secret	pszSecret="" Set to an empty string. Not applicable to this scheme.
Is template?	bIsTemplate=0 Set to false (0) to indicate that the scheme is not a template. Any other value is ignored.
Is used by administrator?	bIsUsedbyAdmin=0 Set to false (0)-scheme is not used to authenticate administrators.
Save credentials?	bAllowSaveCreds=0 Set to false (0) to indicate that user credentials won't be saved.
Is RADIUS?	bIsRadius=0 Set to false (0)-scheme is not used with RADIUS agents.
Ignore password check?	bIgnorePwCheck=1 Set to true (1)-ignore password checking.