The OverwriteObjects method sets or retrieves the overwrite objects flag.
Syntax
The OverwriteObjects method has the following format:
Netegrity::PolicyMgtDataMgr‑>OverwriteObjects([overwriteFlag])
Parameters
The OverwriteObjects method accepts the following parameter:
overwriteFlag (int)
(Optional) Specifies whether to allow existing objects to be overwritten:
Return Value
The OverwriteObjects method returns one of the following values:
Remarks
This flag determines whether existing objects should be overwritten during a call to the PolicyMgtDataMgr‑>Import method.
When you create a data manager object with the PolicyMgtSession‑>CreateDataManager method, this flag is initialized to 1 (overwrite existing objects).
To set the overwrite flag, call this method before calling the PolicyMgtDataMgr‑>Import method for the object. For a given instance of the data manager, a flag maintains its setting unless you reset it.
The following methods act on PolicyMgtDomain objects:
The AddAdmin method adds an administrator to the domain.
Syntax
The AddAdmin method has the following format:
Netegrity::PolicyMgtDomain‑>AddAdmin(admin)
Parameters
The AddAdmin method accepts the following parameter:
admin (type)
Specifies the administrator to add to the domain.
Return Value
The AddAdmin method returns one of the following values:
Remarks
Administrators can create, edit, and delete SiteMinder objects within the domain.
You cannot use the Policy Management API to create an administrator for a particular domain. However, if you use the Administrative UI to create an administrator for a domain, you can add that administrator to another domain by calling the PolicyMgtAffDomain‑>AddAdmin method.
The AddUserDir method associates a user directory with the domain.
Syntax
The AddUserDir method has the following format:
Netegrity::PolicyMgtDomain‑>AddUserDir(userDir)
Parameters
The AddUserDir method accepts the following parameter:
userDir (PolicyMgtUserDir)
Specifies the user directory to associate with the domain.
Return Value
The AddUserDir method returns one of the following values:
Remarks
During user authentication, the user's supplied credentials are checked against the credentials stored in this user directory.
The directory object is appended to the end of the search order. To change the search order, call the PolicyMgtAffDomain‑>SetUserDirSearchOrder method.
The CreatePolicy method creates and configures a policy in the domain.
Syntax
The CreatePolicy method has the following format:
Netegrity::PolicyMgtDomain‑>CreatePolicy(policyName [, policyDesc] [, enableFlag] [, activeExpr])
Parameters
The CreatePolicy method accepts the following parameters:
policyName (string)
Specifies the name of the policy.
policyDesc (string)
(Optional) Specifies the description of the policy.
enableFlag (int)
(Optional) Specifies whether to enable (1) or disable (0) the policy. Default is enabled.
activeExpr (string)
(Optional) Specifies the active expression of the policy.
Return Value
The CreatePolicy method returns one of the following values:
The CreateRealm method creates and configures a top-level realm in the domain.
Syntax
The CreateRealm method has the following format:
Netegrity::PolicyMgtDomain‑>CreateRealm(realmName, agent, authScheme [, realmDesc] [, resFilter] [, procAuthEvents] [, procAzEvents] [, protectAll] [, maxTimeout] [, idleTimeout] [, syncAudit] [, azUserDir] [, regScheme])
Parameters
The CreateRealm method accepts the following parameters:
realmName (string)
Specifies the name of the realm.
agent (PolicyMgtAgent)
Specifies the agent or agent group that protects the realm.
authScheme (PolicyMgtAuthScheme)
Specifies the authentication scheme to associate with the realm.
realmDesc (string)
(Optional) Specifies the realm description.
resFilter (string)
(Optional) Specifies the resource filter for the realm.
procAuthEvents (int)
(Optional) Specifies whether to process authentication events -- 1 to enable or 0 to disable. Default is enabled. Authentication event processing affects performance. If no rules in the realm are to be triggered by authentication events, set this flag to 0.
procAzEvents (int)
(Optional) Specifies whether to process authorization events -- 1 to enable or 0 to disable. Default is enabled. Authorization event processing affects performance. If no rules in the realm are to be triggered by authorization events, set this flag to 0.
protectAll (int)
(Optional) Specifies whether to activate default resource protection -- 1 to enable or 0 to disable. Default is enabled.
maxTimeout (int)
(Optional) Specifies the maximum time, in seconds, a user can access the realm before re-authentication is required. Default is 7200 (2 hours).
idleTimeout (int)
(Optional) Specifies the maximum time, in seconds, a user can remain inactive in the realm before re-authentication is required. Default is 3600 (1 hour).
syncAudit (int)
(Optional) Specifies lag for enabling synchronous auditing -- 1 to enable or 0 to disable. When this flag is enabled, SiteMinder logs Policy Server and agent actions before it allows access to resources. Default is disabled.
azUserDir (PolicyMgtUserDir)
(Optional) Specifies The directory where users in the realm will be authorized. Default is the default directory.
regScheme (type)
(Optional) Specifies the registration scheme used to register new users accessing resources in the realm.
Return Value
The CreateRealm method returns one of the following values:
Remarks
This method creates a realm that is configured for non-persistent sessions. To configure the realm for SiteMinder 5.0 persistent sessions, edit the realm in the Administrative UI.
Note: The Policy Management API only manipulates realms that are direct descendants of the object whose method has been called, as follows:
The CreateResponse method creates a response.
Syntax
The CreateResponse method has the following format:
Netegrity::PolicyMgtDomain‑>CreateResponse(resName, agentType [, resDesc])
Parameters
The CreateResponse method accepts the following parameters:
resName (string)
Specifies the name of the response.
agentType (PolicyMgtAgentType)
Specifies the agent type associated with the response. Call the PolicyMgtSession‑>GetAgentType method to get the agent type object.
resDesc (string)
(Optional) Specifies the description of the response.
Return Value
The CreateResponse method returns one of the following values:
Remarks
The agent returns responses based on certain events. For example, if an unauthorized user attempts to access a protected Web page, a response can redirect the user to an HTML page that displays an appropriate message.
The CreateResponseGroup method creates a response group for the domain.
Syntax
The CreateResponseGroup method has the following format:
Netegrity::PolicyMgtDomain‑>CreateResponseGroup(groupName, agentType, [, groupDesc])
Parameters
The CreateResponseGroup method accepts the following parameters:
groupName (string)
Specifies the name of the group.
agentType (PolicyMgtAgentType)
Specifies the agent type associated with this response group. Call the PolicyMgtSession‑>GetAgentType method to get the agent type object.
groupDesc (string)
(Optional) Specifies the description of the group.
Return Value
The CreateResponseGroup method returns one of the following values:
The CreateRuleGroup method creates a rule group for the domain.
Syntax
The CreateRuleGroup method has the following format:
Netegrity::PolicyMgtDomain‑>CreateRuleGroup(groupName, agentType [, groupDesc])
Parameters
The CreateRuleGroup method accepts the following parameters:
groupName (string)
Specifies the name of the group.
agentType (PolicyMgtAgentType)
Specifies the agent type associated with this rule group. Call the PolicyMgtSession‑>GetAgentType method to get the agent type object.
groupDesc (string)
(Optional) Specifies the description of the group.
Return Value
The CreateRuleGroup method returns one of the following values:
The DeleteGroup method deletes the specified group in the domain.
Syntax
The DeleteGroup method has the following format:
Netegrity::PolicyManagementDomain‑>DeleteGroup(group)
Parameters
The DeleteGroup method accepts the following parameter:
group (PolicyMgrGroup)
Specifies the group to delete.
Return Value
The DeleteGroup method returns one of the following values:
The DeletePolicy method deletes a policy.
Syntax
The DeletePolicy method has the following format:
Netegrity::PolicyMgtDomain‑>DeletePolicy(policy)
Parameters
The DeletePolicy method accepts the following parameter:
policy (PolicyMgtPolicy)
Specifies the policy to delete.
Return Value
The DeletePolicy method returns one of the following values:
The DeleteRealm method deletes a top-level realm in the domain.
Syntax
The DeleteRealm method has the following format:
Netegrity::PolicyMgtDomain‑>DeleteRealm(realm)
Parameters
The DeleteRealm method accepts the following parameter:
realm (PolicyMgtRealm)
Specifies the realm to delete.
Return Value
The DeleteRealm method returns one of the following values:
The DeleteResponse method deletes a response.
Syntax
The DeleteResponse method has the following format:
Netegrity::PolicyMgtDomain‑>DeleteResponse(response)
Parameters
The DeleteResponse method accepts the following parameter:
response (PolicyMgtResponse)
Specifies the response to delete.
Return Value
The DeleteResponse method returns one of the following values:
The Description method sets or retrieves the description of the domain.
Syntax
The Description method has the following format:
Netegrity::PolicyMgtDomain‑>Description([domainDesc])
Parameters
The Description method accepts the following parameter:
domainDesc (string)
(Optional) Specifies the description to set.
Return Value
The Description method returns one of the following values:
The GetAllPolicies method retrieves all policies associated the domain.
Syntax
The GetAllPolicies method has the following format:
Netegrity::PolicyMgtDomain‑>GetAllPolicies( )
Parameters
The GetAllPolicies method accepts no parameters.
Return Value
The GetAllPolicies method returns one of the following values
The GetAllRealms method Retrieves all top-level realms in the domain.
Syntax
The GetAllRealms method has the following format:
Netegrity::PolicyMgtDomain‑>GetAllRealms( )
Parameters
The GetAllRealms method accepts no parameters.
Return Value
The GetAllRealms method returns one of the following values
Remarks
To retrieve all top-level realms under a realm, call the PolicyMgtRealm‑>GetAllChildRealms method.
The GetAllResponseGroups method retrieves all of the response groups associated with the domain.
Syntax
The GetAllResponseGroups method has the following format:
Netegrity::PolicyMgtDomain‑>GetAllResponseGroups( )
Parameters
The GetAllResponseGroups method accepts no parameters.
Return Value
The GetAllResponseGroups method returns one of the following values
The GetAllResponses method retrieves all responses associated with the domain.
Syntax
The GetAllResponses method has the following format:
Netegrity::PolicyMgtDomain‑>GetAllResponses()
Parameters
The GetAllResponses method accepts no parameters.
Return Value
The GetAllResponses method returns one of the following values
The GetAllRuleGroups method retrieves all rule groups associated with the domain.
Syntax
The GetAllRuleGroups method has the following format:
Netegrity::PolicyMgtDomain‑>GetAllRuleGroups( )
Parameters
The GetAllRuleGroups method accepts no parameters.
Return Value
The GetAllRuleGroups method returns one of the following values:
The GetPolicy method retrieves a policy in the domain.
Syntax
The GetPolicy method has the following format:
Netegrity::PolicyMgtDomain‑>GetPolicy(policyName)
Parameters
The GetPolicy method accepts the following parameter:
policyName (string)
Specifies the policy to retrieve.
Return Value
The GetPolicy method returns one of the following values
The GetRealm method retrieves a top-level realm in the domain.
Syntax
The GetRealm method has the following format:
Netegrity::PolicyMgtDomain‑>GetRealm(realmName)
Parameters
The GetRealm method accepts the following parameter:
realmName (string)
Specifies the realm to retrieve.
Return Value
The GetRealm method returns one of the following values:
The GetResponse method retrieves a response associated with the domain.
Syntax
The GetResponse method has the following format:
Netegrity::PolicyMgtDomain‑>GetResponse(resName)
Parameters
The GetResponse method accepts the following parameter:
resName (string)
Specifies the response to retrieve.
Return Value
The GetResponse method returns one of the following values:
The GetResponseGroup method retrieves the specified response group.
Syntax
The GetResponseGroup method has the following format:
Netegrity::PolicyMgtDomain‑>GetResponseGroup(groupName)
Parameters
The GetResponseGroup method accepts the following parameter:
groupName (string)
Specifies the name of the response group to retrieve.
Return Value
The GetResponseGroup method returns one of the following values:
The GetRuleGroup method retrieves the specified rule group.
Syntax
The GetRuleGroup method has the following format:
Netegrity::PolicyMgtDomain‑>GetRuleGroup(groupName)
Parameters
The GetRuleGroup method accepts the following parameter:
groupName (string)
Specifies the name of the group to retrieve.
Return Value
The GetRuleGroup method returns one of the following values:
The GetUserDirSearchOrder method retrieves user directory objects associated with the domain.
Syntax
The GetUserDirSearchOrder method has the following format:
Netegrity::PolicyMgtDomain‑>GetUserDirSearchOrder( )
Parameters
The GetUserDirSearchOrder method accepts no parameters:
Return Value
The GetUserDirSearchOrder method returns one of the following values:
Remarks
The order of the returned objects is the same order that SiteMinder uses when querying the directories. To change the search order, call the PolicyMgtAffDomain‑>SetUserDirSearchOrder method.
The GlobalPoliciesApply method sets or retrieves the flag indicating whether the domain is enabled for global policies. If the domain is enabled for global policies, both global and domain-specific policies can apply to the domain.
Syntax
The GlobalPoliciesApply method has the following format:
Netegrity::PolicyMgtDomain‑>GlobalPoliciesApply([globalFlag])
Parameters
The GlobalPoliciesApply method accepts the following parameter:
globalFlag (int)
(Optional) Specifies whether to enable the domain for global polices:
Return Value
The GlobalPoliciesApply method returns one of the following values:
The Name method sets or retrieves the domain name.
Syntax
The Name method has the following format:
Netegrity::PolicyMgtDomain‑>Name([domainName])
Parameters
The Name method accepts the following parameter:
domainName (string)
(Optional) Specifies the name to assign to the domain.
Return Value
The Name method returns one of the following values:
The RemoveAdmin method disassociates an administrator from the domain.
Syntax
The RemoveAdmin method has the following format:
Netegrity::PolicyMgtDomain‑>RemoveAdmin(admin)
Parameters
The RemoveAdmin method accepts the following parameter:
admin (PolicyMgtAdmin)
Specifies the administrator to remove from the domain.
Return Value
The RemoveAdmin method returns one of the following values:
Remarks
See also the PolicyMgtSession‑>DeleteAdmin method to delete an administrator from the policy store.
You cannot use the Policy Management API to create an administrator for a particular domain. However, if an administrator is associated with a domain either through the Administrative UI or the PolicyMgtAffDomain‑>AddAdmin method, you can remove that administrator from the domain by calling the RemoveAdmin method.
The RemoveUserDir method disassociates the user directory from the domain.
Syntax
The RemoveUserDir method has the following format:
Netegrity::PolicyMgtDomain‑>RemoveUserDir(userDir)
Parameters
The RemoveUserDir method accepts the following parameter:
userDir (PolicyMgtUserDir)
Specifies the user directory to disassociate from the domain.
Return Value
The RemoveUserDir method returns one of the following values:
The SetUserDirSearchOrder method rearranges the search order of the user directory objects associated with the domain.
Syntax
The SetUserDirSearchOrder method has the following format:
Netegrity::PolicyMgtDomain‑>SetUserDirSearchOrder(dirArray)
Parameters
The SetUserDirSearchOrder method accepts the following parameter:
dirArray ()
Specifies a reference to an array of user directory objects (for example: \@myarray).
Return Value
The SetUserDirSearchOrder method returns one of the following values:
The following methods act on PolicyMgtGroup objects. This object can contain either PolicyMgtAgent objects, PolicyMgtResponse objects, PolicyMgtRule objects, or nested PolicyMgtGroup objects.
The Add method adds an agent, response, rule, or nested group object to the group.
Syntax
The Add method has the following format:
Netegrity::PolicyMgtGroup‑>Add(newMember)
Parameters
The Add method accepts the following parameter:
newMember (objectType)
Specifies the member to add to the group. objectType can be any one of the following:
Return Value
The Add method returns one of the following values:
The Contains method determines whether the group contains the specified agent, response, rule, or nested group object.
Syntax
The Contains method has the following format:
Netegrity::PolicyMgtGroup‑>Contains(object)
Parameters
The Contains method accepts the following parameter:
object (objectType)
Specifies the object to check. objectType can be any one of the following:
Return Value
The Contains method returns one of the following values:
The Description method sets or retrieves the description of the group object.
Syntax
The Description method has the following format:
Netegrity::PolicyMgtGroup‑>Description([Description])
Parameters
The Description method accepts the following parameter:
Description (string)
(Optional) Specifies the description to set.
Return Value
The Description method returns one of the following values:
The GetAgent method retrieves the specified agent object from the group.
Syntax
The GetAgent method has the following format:
Netegrity::PolicyMgtGroup‑>GetAgent(agentName)
Parameters
The GetAgent method accepts the following parameter:
agentName (string)
Specifies the name of the agent to retrieve.
Return Value
The GetAgent method returns one of the following values:
The GetAgentGroup method retrieves an agent group object nested within the group.
Syntax
The GetAgentGroup method has the following format:
Netegrity::PolicyMgtGroup‑>GetAgentGroup(groupName)
Parameters
The GetAgentGroup method accepts the following parameter:
groupName (string)
Specifies the name of the agent group to retrieve.
Return Value
The GetAgentGroup method returns one of the following values:
The GetAgentType method retrieves the type of the agent objects contained in the group (for example, Web Agent).
Syntax
The GetAgentType method has the following format:
Netegrity::PolicyMgtGroup‑>GetAgentType( )
Parameters
The GetAgentType method accepts no parameters:
Return Value
The GetAgentType method returns one of the following values:
The GetAllAgentGroups method retrieves all the agent group objects nested within the group.
Syntax
The GetAllAgentGroups method has the following format:
Netegrity::PolicyMgtGroup‑>GetAllAgentGroups( )
Parameters
The GetAllAgentGroups method accepts no parameters.
Return Value
The GetAllAgentGroups method returns one of the following values:
The GetAllAgents method retrieves all the agent objects in the group.
Syntax
The GetAllAgents method has the following format:
Netegrity::PolicyMgtGroup‑>GetAllAgents( )
Parameters
The GetAllAgents method accepts no parameters.
Return Value
The GetAllAgents method returns one of the following values:
The GetAllResponseGroups method retrieves all the response group objects nested within the group.
Syntax
The GetAllResponseGroups method has the following format:
Netegrity::PolicyMgtGroup‑>GetAllResponseGroups( )
Parameters
The GetAllResponseGroups method accepts no parameters.
Return Value
The GetAllResponseGroups method returns one of the following values:
The GetAllResponses method retrieves all the response objects in the group.
Syntax
The GetAllResponses method has the following format:
Netegrity::PolicyMgtGroup‑>GetAllResponses( )
Parameters
The GetAllResponses method accepts no parameters.
Return Value
The GetAllResponses method returns one of the following values:
The GetAllRuleGroups method retrieves all the rule group objects nested within the group.
Syntax
The GetAllRuleGroups method has the following format:
Netegrity::PolicyMgtGroup‑>GetAllRuleGroups( )
Parameters
The GetAllRuleGroups method accepts no parameters.
Return Value
The GetAllRuleGroups method returns one of the following values:
The GetAllRules method retrieves all the rule objects in the group.
Syntax
The GetAllRules method has the following format:
Netegrity::PolicyMgtGroup‑>GetAllRules( )
Parameters
The GetAllRules method accepts no parameters.
Return Value
The GetAllRules method returns one of the following values:
The GetResponse method retrieves the specified response object from the group.
Syntax
The GetResponse method has the following format:
Netegrity::PolicyMgtGroup‑>GetResponse(responseName)
Parameters
The GetResponse method accepts the following parameter:
responseName (type)
Specifies the name of the response to retrieve.
Return Value
The GetResponse method returns one of the following values:
The GetResponseGroup method retrieves a response group object nested within the group.
Syntax
The GetResponseGroup method has the following format:
Netegrity::PolicyMgtGroup‑>GetResponseGroup(groupName)
Parameters
The GetResponseGroup method accepts the following parameter:
groupName (string)
Specifies the name of the response group to retrieve.
Return Value
The GetResponseGroup method returns one of the following values:
The GetRule method retrieves the specified rule object from the group.
Syntax
The GetRule method has the following format:
Netegrity::PolicyMgtGroup‑>GetRule(ruleName)
Parameters
The GetRule method accepts the following parameter:
ruleName (string)
Specifies the name of the rule to retrieve.
Return Value
The GetRule method returns one of the following values:
The GetRuleGroup method retrieves a rule group object nested within the group.
Syntax
The GetRuleGroup method has the following format:
Netegrity::PolicyMgtGroup‑>GetRuleGroup(groupName)
Parameters
The GetRuleGroup method accepts the following parameter:
groupName (string)
Specifies the name of the rule group to retrieve.
Return Value
The GetRuleGroup method returns one of the following values:
The Name method sets or retrieves the name of the group object.
Syntax
The Name method has the following format:
Netegrity::PolicyMgtGroup‑>Name([Name])
Parameters
The Name method accepts the following parameter:
Name (string)
(Optional) Specifies the name to set.
Return Value
The Name method returns one of the following values:
The Remove method removes the specified group member from the group.
Syntax
The Remove method has the following format:
Netegrity::PolicyMgtGroup‑>Remove(member)
Parameters
The Remove method accepts the following parameters:
member (objectType)
Specifies the group member to remove, which can be any of the following object types:
Return Value
The Remove method returns one of the following values:
The following methods act on PolicyMgtHostConfig objects:
The AddCluster method adds an empty cluster to the host configuration. Call the AddServer method to populate the cluster with servers.
Syntax
The AddCluster method has the following format:
Netegrity::PolicyMgtHostConfig‑>AddCluster( )
Parameters
The AddCluster method accepts no parameters.
Return Value
The AddCluster method returns one of the following values:
Remarks
The clusters in a host configuration are referenced in a cluster array. When you add a cluster, the cluster is added to the end of the cluster array. The order in which you add clusters to a host configuration object determines the failover sequence. The first cluster you add (that is, the first cluster in the cluster array) is the primary cluster. This is the first cluster in the failover sequence that SiteMinder sends requests to. If there are not enough available servers in the primary cluster (that is, if the number of available servers in the cluster falls below the failover threshold), failover to the next cluster occurs (the second cluster that was added to the host configuration object). If that cluster also fails, failover to the third cluster added to the host configuration object occurs, and so on.
The AddServer method adds a non-clustered server to the host configuration.
Syntax
The AddServer method has the following format:
Netegrity::PolicyMgtHostConfig‑>AddServer(Host [, AcctPort] [, AuthPort] [, AzPort])
Parameters
The AddServer method accepts the following parameters:
Host (string)
Specifies the IP address of the Policy Server.
AcctPort (string)
(Optional) Specifies the IP port for the accounting server.
AuthPort (string)
(Optional) Specifies the IP port for the authentication server.
AzPort (string)
(Optional) Specifies the IP port for the authorization server.
Return Value
The AddServer method returns one of the following values:
Remarks
The single-process Policy Server introduced in SiteMinder v6.0 combines the previously separate Authentication, Authorization, and Accounting processes into one combined process whose requests go through one TCP port. As a result, the arguments AcctPort, AuthPort, and AzPort all reference the same port number. The three arguments are maintained for backward compatibility.
To add a server to a cluster, call the PolicyMgtCluster‑>AddServer method.
The Description method sets or retrieves the description of the host configuration object.
Syntax
The Description method has the following format:
Netegrity::PolicyMgtHostConfig‑>Description([Description])
Parameters
The method accepts the following parameter:
Description (string)
(Optional) Specifies the description to set.
Return Value
The Description method returns one of the following values:
The EnableFailover method Sets or retrieves the enable failover flag. This flag determines whether an agent and the Policy Server should communicate through failover or round-robin.
Syntax
The EnableFailover method has the following format:
Netegrity::PolicyMgtHostConfig‑>EnableFailover([EnableFailover])
Parameters
The EnableFailover method accepts the following parameter:
EnableFailover (int)
(Optional) Specifies the value of the flag to set.
Return Value
The EnableFailover method returns one of the following values:
The FailoverThreshold method sets or retrieves the failover threshold percentage for the clusters in the host configuration.
Syntax
The FailoverThreshold method has the following format:
Netegrity::PolicyMgtHostConfig‑>FailoverThreshold([FailoverThreshold])
Parameters
The FailoverThreshold method accepts the following parameter:
FailoverThreshold (int)
(Optional) Specifies the failover threshold percentage to set.
Return Value
The FailoverThreshold method returns one of the following values:
Remarks
The threshold percentage represents the minimum number of servers in a cluster that must be available for requests. If the number of available servers falls below the threshold, failover to the next cluster occurs. To determine the number of servers represented by the percentage, multiply the threshold percentage by the number of servers in a cluster, rounding up to the next highest integer. For example:
The GetAllClusters method retrieves an array of Policy Management Cluster objects.
Syntax
The GetAllClusters method has the following format:
Netegrity::PolicyMgtHostConfig‑>GetAllClusters()
Parameters
The GetAllClusters method accepts no parameters.
Return Value
The GetAllClusters method returns one of the following values:
The GetAllServers method retrieves an array of non-clustered server objects for the host configuration.
Syntax
The GetAllServers method has the following format:
Netegrity::PolicyMgtHostConfig‑>GetAllServers( )
Parameters
The GetAllServers method accepts no parameters.
Return Value
The GetAllServers method returns one of the following values:
Remarks
To retrieve the servers that are members of clusters, call the PolicyMgtCluster‑>GetAllServers method.
The MaxSocketsPerPort method sets or retrieves the maximum number of TCP/IP sockets that can be opened between an agent and the Policy Server.
Syntax
The MaxSocketsPerPort method has the following format:
Netegrity::PolicyMgtHostConfig‑>MaxSocketsPerPort([MaxSocketsPerPort])
Parameters
The MaxSocketsPerPort method accepts the following parameter:
MaxSocketsPerPort (int)
(Optional) Specifies the new maximum number of sockets per port.
Return Value
The MaxSocketsPerPort method returns one of the following values:
The MinSocketsPerPort method sets or retrieves the minimum number of TCP/IP sockets that should be opened between an agent and the Policy Server.
Syntax
The MinSocketsPerPort method has the following format:
Netegrity::PolicyMgtHostConfig‑>MinSocketsPerPort([MinSocketsPerPort])
Parameters
The MinSocketsPerPort method accepts the following parameter:
MinSocketsPerPort (int)
(Optional) Specifies the new minimum socket value.
Return Value
The MinSocketsPerPort method returns one of the following values:
The Name method sets or retrieves the name of the host configuration object.
Syntax
The Name method has the following format:
Netegrity::PolicyMgtHostConfig‑>Name([Name])
Parameters
The Name method accepts the following parameter:
Name (string)
(Optional) Specifies the name to set.
Return Value
The Name method returns one of the following values:
The NewSocketStep method sets or retrieves the new socket step value for the host configuration. This value is an incremental number of TCP/IP sockets that should be opened between an agent and the Policy Server when demand increases.
Syntax
The NewSocketStep method has the following format:
Netegrity::PolicyMgtHostConfig‑>NewSocketStep([NewSocketStep])
Parameters
The NewSocketStep method accepts the following parameter:
NewSocketStep (int)
(Optional) Specifies the new sockets step value to set.
Return Value
The NewSocketStep method returns one of the following values:
The RemoveAllClusters method removes all cluster objects associated with this host configuration.
Syntax
The RemoveAllClusters method has the following format:
Netegrity::PolicyMgtHostConfig‑>RemoveAllClusters()
Parameters
The RemoveAllClusters method accepts no parameters.
Return Value
The RemoveAllClusters method returns one of the following values:
The RemoveAllServers method removes all non-clustered PolicyMgtServer objects from the host configuration.
Syntax
The RemoveAllServers method has the following format:
Netegrity::PolicyMgtHostConfig‑>RemoveAllServers()
Parameters
The RemoveAllServers method accepts no parameters.
Return Value
The RemoveAllServers method returns one of the following values:
The RequestTimeout method sets or retrieves the request timeout value, in seconds. This value represents the length of time that an agent will wait for a response from the Policy Server.
Syntax
The RequestTimeout method has the following format:
Netegrity::PolicyMgtHostConfig‑>RequestTimeout([RequestTimeout])
Parameters
The RequestTimeout method accepts the following parameter:
RequestTimeout (int)
(Optional) Specifies the new timeout value to set.
Return Value
The RequestTimeout method returns one of the following values:
The following methods act on PolicyMgtAPI objects:
The CreateSession method creates a Policy Server session. A session is required before Policy Server objects can be manipulated. All necessary initializations and logging are performed at this stage.
Syntax
The CreateSession method has the following format:
Netegrity::PolicyMgtAPI‑>CreateSession(username, userpwd[, clientIP])
Parameters
The CreateSession method accepts the following parameters:
username (string)
Specifies the administrator's login ID.
userpwd (string)
Specifies the administrator's password.
clientIP (string)
(Optional) Specifies the IP address of the local machine.
The CreateSession method returns one of the following values:
The DisableAudit method sets a flag to enable or disable auditing.
Syntax
The DisableAudit method has the following format:
Netegrity::PolicyMgtAPI‑>DisableAudit([auditFlag])
Parameters
The DisableAudit method accepts the following parameter:
auditFlag (int)
(Optional) Specifies the value to set the flag:
Return Value
The DisableAudit method returns one of the following values:
Remarks
Reads or sets the enabled state for the following operations:
The default state is enabled. The enabled state reverts to the default at the start of each new session.
Attempting to set the enabled state has no effect after the PolicyMgtAPI‑>CreateSession method is called.
The DisbleCacheUpdates method is deprecated in SiteMinder v6.0. Caches affected by this method are automatically enabled.
The DisableManagementWatchdog method reads or sets the enabled state of the SiteMinder Management Watchdog.
Note: The watchdog is used internally and should not be disabled.
Syntax
The DisableManagementWatchdog method has the following format:
Netegrity::PolicyMgtAPI‑>DisableManagementWatchDog([watchDogFlag])
Parameters
The DisableManagementWatchdog method accepts the following parameter:
watchDogFlag (int)
(Optional) Specifies the value of the flag to set:
Return Value
The DisableManagementWatchdog method returns one of the following values:
Remarks
The default state is enabled. The enabled state reverts to the default at the start of each new session.
Attempting to set the enabled state has no effect after PolicyMgtAPI‑>CreateSession is called.
The DisableValidation method reads or sets the enabled state regarding validation of Policy Server objects.
Syntax
The DisableValidation method has the following format:
Netegrity::PolicyMgtAPI‑>DisableValidation([validationFlag])
Parameters
The DisableValidation method accepts the following parameter:
validationFlag (int)
(Optional) Specifies the value to set the flag::
Return Value
The DisableValidation method returns one of the following values:
Remarks
The default state is enabled. The enabled state reverts to the default at the start of each new session.
Attempting to set the enabled state has no effect after the PolicyMgtAPI‑>CreateSession method is called.
The EnableCache method is deprecated in SiteMinder v6.0. Beginning with this release, caches affected by this method are automatically enabled.
The LoadAgentTypeDirectory method reads or sets the enabled state for the loading of the agent type dictionary by the Policy Server.
Syntax
The LoadAgentTypeDirectory method has the following format:
Netegrity::PolicyMgtAPI‑>LoadAgentTypeDictionary([loadFlag])
Parameters
The LoadAgentTypeDirectory method accepts the following parameter:
loadFlag (int)
(Optional) Specifies the value to set the flag:
0 to disable loading the agent type dictionary
1 to enable loading the agent type dictionary
Return Value
The LoadAgentTypeDirectory method returns one of the following values:
Remarks
The default state is disabled. The enabled state reverts to the default at the start of each new session.
Attempting to set the enabled state has no effect after the PolicyMgtAPI‑>CreateSession method is called.
The New method is the constructor for the Policy Management API. This method must be called before the Policy Management API can be used.
Syntax
The New method has the following format:
Netegrity::PolicyMgtAPI‑>New( )
Parameters
The New method accepts no parameters.
Return Value
The New method returns one of the following values:
The PreLoadCache method reads or sets the enabled state for preloading of caches by the Policy Server.
Syntax
The PreLoadCache method has the following format:
Netegrity::PolicyMgtAPI‑>PreLoadCache([cacheFlag])
Parameters
The PreLoadCache method accepts the following parameter:
cacheFlag (int)
(Optional) Specifies the value to set the flag:
Return Value
The PreLoadCache method returns one of the following values:
Remarks
The default state is disabled. The enabled state reverts to the default at the start of each new session.
Attempting to set the enabled state has no effect after the PolicyMgtAPI‑>CreateSession method is called.
Note: By disabling this flag, you can reduce the time it takes for Policy Management scripts to make policy store changes.
The PrintDebugTrace method enables or disables the printing of debug (trace) information to the console.
Syntax
The PrintDebugTrace method has the following format:
Netegrity::PolicyMgtAPI‑>PrintDebugTrace([debugFlag])
Parameters
The PrintDebugTrace method accepts the following parameter:
debugFlag (int)
(Optional) Specifies the value to set the flag:
Return Value
The PrintDebugTrace method returns one of the following values:
The following methods act on PolicyMgtIPConfig objects. These methods manage IP address restrictions (that is, IP addresses where requests must originate).
The GetEndIPAddress method retrieves the ending IP address for an IP address range.
Syntax
The GetEndIPAddress method has the following format:
Netegrity::PolicyMgtIPConfig‑>GetEndIPAddress( )
Parameters
The GetEndIPAddress method accepts no parameters.
Return Value
The GetEndIPAddress method returns one of the following values:
Remarks
See the method PolicyMgtAffiliate‑>CreateIPConfigRange for more information.
The GetHostName method retrieves the host name associated with a host name IP address restriction.
Syntax
The GetHostName method has the following format:
Netegrity::PolicyMgtIPConfig‑>GetHostName()
Parameters
The GetHostName method accepts no parameters.
Return Value
The GetHostName method returns one of the following values:
Remarks
See the method PolicyMgtAffiliate‑>CreateIPConfigHostName for more information.
The GetIPAddress method retrieves an IP address for an IP address restriction, as follows:
To determine the type of IP address restriction, call the GetType method.
Syntax
The GetIPAddress method has the following format:
Netegrity::PolicyMgtIPConfig‑>GetIPAddress()
Parameters
The GetIPAddress method accepts no parameters.
Return Value
The GetIPAddress method returns one of the following values:
The GetSubnetMask method retrieves the subnet mask for a subnet address derived from a specified subnet mask and IP address.
Syntax
The GetSubnetMask method has the following format:
Netegrity::PolicyMgtIPConfig‑>GetSubnetMask( )
Parameters
The GetSubnetMask method accepts no parameters.
Return Value
The GetSubnetMask method returns one of the following values:
Remarks
See the description of the PolicyMgtPolicy‑>CreateIPConfigSubnetMask method for more information.
The GetType method retrieves the type of the IP address restriction. An IP address restriction specifies where a request must originate before it can be honored.
Syntax
The GetType method has the following format:
Netegrity::PolicyMgtIPConfig‑>GetType()
Parameters
The GetType method accepts no parameters.
Return Value
The GetType method returns one of the following values:
The following methods act on PolicyMgtODBCQueryScheme objects:
The Description method sets or retrieves the description of the ODBC query scheme.
Syntax
The Description method has the following format:
Netegrity::PolicyMgtODBCQueryScheme‑>Description([schemeDesc])
Parameters
The Description method accepts the following parameter:
schemeDesc (string)
(Optional) Specifies the description of the ODBC query scheme.
Return Value
The Description method returns one of the following values:
The Name method sets or retrieves the ODBC query scheme name.
Syntax
The Name method has the following format:
Netegrity::PolicyMgtODBCQueryScheme‑>Name([schemeName])
Parameters
The Name method accepts the following parameter:
schemeName (string)
Specifies the ODBC query scheme name.
Return Value
The Name method returns one of the following values:
The QueryAuthenticateUser method sets or retrieves a query that fetches a user's password.
Syntax
The QueryAuthenticateUser method has the following format:
Netegrity::PolicyMgtODBCQueryScheme‑>QueryAuthenticateUser([queryAuthUser])
Parameters
The QueryAuthenticateUser method accepts the following parameter:
queryAuthUser (string)
(Optional) Specifies the query that fetches a user's password.
Return Value
The QueryAuthenticateUser method returns one of the following values:
Remarks
Sample query (based on the SiteMinder sample database schema SmSampleUsers). The %s expression is a placeholder for the user's name parameter to be supplied by SiteMinder when the query is executed:
select Name from SmUser where Name = '%s' and Password = '%s'
If you are configuring a query scheme for an Oracle database and you are using Oracle's encrypted password feature, replace the entire query string with the word connect. Using the word connect for this query indicates to SiteMinder that a user's name and password should be evaluated by the Oracle encrypted password feature.
The QueryEnumerate method sets or retrieves a query that lists the names of user objects in the directory.
Syntax
The QueryEnumerate method has the following format:
Netegrity::PolicyMgtODBCQueryScheme‑>QueryEnumerate([queryEnumerate])
Parameters
The QueryEnumerate method accepts the following parameter:
queryEnumerate (string)
(Optional) Specifies the query that lists the names of user objects in the directory.
Return Value
The QueryEnumerate method returns one of the following values:
Remarks
Sample query (based on the SiteMinder sample database schema SmSampleUsers):
select Name, 'Group' as Class from SmGroup order by Class
The QueryGetGroupProp method sets or retrieves a query that fetches the value of a group property. The property must be one of the properties specified through the QueryGetGroupProps method.
Syntax
The QueryGetGroupProp method has the following format:
Netegrity::PolicyMgtODBCQueryScheme‑>QueryGetGroupProp([queryGetGroupProp])
Parameters
The QueryGetGroupProp method accepts the following parameter:
queryGetGroupProp (string)
(Optional) Specifies the query that fetches the group property.
Return Value
The QueryGetGroupProp method returns one of the following values:
Remarks
Sample query (based on the SiteMinder sample database schema SmSampleUsers). The %s expressions are placeholders for property name and group name parameters to be supplied by SiteMinder when the query is executed:
select %s from SmGroup where Name = '%s'
The QueryGetGroupProps method sets or retrieves a comma-separated list of group properties. These attributes are used to search the contents of a group, or to bind policies to group attributes. The attributes are expected to reside in the same table as the group name.
Syntax
The QueryGetGroupProps method has the following format:
Netegrity::PolicyMgtODBCQueryScheme‑>QueryGetGroupProps([queryGetGroupProps])
Parameters
The QueryGetGroupProps method accepts the following parameters:
queryGetGroupProps (string)
(Optional) Specifies the comma-separated list of group properties.
Return Value
The QueryGetGroupProps method returns one of the following values:
Remarks
Sample list:
Name, GroupId
The QueryGetGroups method sets or retrieves a query that fetches the names of the groups that the user is a member of.
Syntax
The QueryGetGroups method has the following format:
Netegrity::PolicyMgtODBCQueryScheme‑>QueryGetGroups([queryGetGroups])
Parameters
The QueryGetGroups method accepts the following parameters:
queryGetGroups (string)
(Optional) Specifies the query that fetches the names of the user's groups.
Return Value
The QueryGetGroups method returns one of the following values:
Remarks
Sample query (based on the SiteMinder sample database schema SmSampleUsers). The %s expression is a placeholder for a user name parameter to be supplied by SiteMinder when the query is executed:
select SmGroup.Name from SmGroup, SmUser, SmUserGroup where SmUser.Name = '%s' and SmUser.UserId = SmUserGroup.UserId and SmGroup.GroupId = SmUserGroup.GroupId
The QueryGetObjInfo method sets or retrieves a query that fetches the class of the object.
Syntax
The QueryGetObjInfo method has the following format:
Netegrity::PolicyMgtODBCQueryScheme‑>QueryGetObjInfo([queryGetObjInfo])
Parameters
The QueryGetObjInfo method accepts the following parameter:
queryGetObjInfo (string)
(Optional) Specifies the query that fetches the class of the object.
Return Value
The QueryGetObjInfo method returns one of the following values:
Remarks
Sample query (based on the SiteMinder sample database schema SmSampleUsers). The %s expression is a placeholder for a user or group object name to be supplied by SiteMinder when the query is executed:
select Name, 'User' from SmUser where Name = '%s' Union select Name, 'Group' from SmGroup where Name = '%s'
The QueryGetUserProp method sets or retrieves a query that fetches the value of a user property. The property must be one of the properties specified through the PolicyMgtODBCQueryScheme‑>QueryGetUserProps method.
Syntax
The QueryGetUserProp method has the following format:
Netegrity::PolicyMgtODBCQueryScheme‑>QueryGetUserProp([queryGetUserProp])
Parameters
The QueryGetUserProp method accepts the following parameter:
queryGetUserProp (string)
(Optional) Specifies the query that fetches the user property.
Return Value
The QueryGetUserProp method returns one of the following values:
Remarks
Sample query (based on the SiteMinder sample database schema SmSampleUsers). The %s expressions are placeholders for property name and user name parameters to be supplied by SiteMinder when the query is executed:
select %s from SmUser where Name = '%s'
The QueryGetUserProps method sets or retrieves a comma-separated list of user properties. The properties reside in the same table as the user name.
Syntax
The QueryGetUserProps method has the following format:
Netegrity::PolicyMgtODBCQueryScheme‑>QueryGetUserProps([queryGetUserProps])
Parameters
The QueryGetUserProps method accepts the following parameter:
queryGetUserProps (string)
(Optional) Specifies the comma-separated list of user properties.
Return Value
The QueryGetUserProps method returns one of the following values:
Remarks
Sample list:
Name, UserId, FirstName, LastName, TelephoneNumber, EmailAddress, PIN, Mileage, Disabled
The QueryInitUser method sets or retrieves a query that determines whether a particular user exists in the database.
Syntax
The QueryInitUser method has the following format:
Netegrity::PolicyMgtODBCQueryScheme‑>QueryInitUser([queryGetInitUser])
Parameters
The QueryInitUser method accepts the following parameter:
queryGetInitUser (string)
(Optional) Specifies the query that determines whether the user exists in the database.
Return Value
The QueryInitUser method returns one of the following values:
Remarks
Sample query (based on the SiteMinder sample database schema SmSampleUsers). The %s expression is a placeholder for the user name parameter to be supplied by SiteMinder when the query is executed:
select Name from SmUser where Name = '%s'
The QueryIsGroupMember method sets or retrieves a query that lists the group membership for a particular user.
Syntax
The QueryIsGroupMember method has the following format:
Netegrity::PolicyMgtODBCQueryScheme‑>QueryIsGroupMember([queryIsGroupMember])
Parameters
The QueryIsGroupMember method accepts the following parameters:
queryIsGroupMember (string)
(Optional) Specifies the query that determines a user's group membership.
Return Value
The QueryIsGroupMember method returns one of the following values:
Remarks
Sample query (based on the SiteMinder sample database schema SmSampleUsers). The %s expressions are placeholders for user name and group name parameters to be supplied by SiteMinder when the query is executed:
select Id from SmUserGroup where UserId = (select UserId from SmUser where Name = '%s') and GroupId = (select GroupId from SmGroup where Name = '%s')
The QueryLookup method sets or retrieves a query that fetches objects based on a property specified in a group table.
Syntax
The QueryLookup method has the following format:
Netegrity::PolicyMgtODBCQueryScheme‑>QueryLookup([queryLookup])
Parameters
The QueryLookup method accepts the following parameter:
queryLookup (string)
(Optional) Specifies the query that fetches the objects.
Return Value
The QueryLookup method returns one of the following values:
Remarks
Sample query (based on the SiteMinder sample database schema SmSampleUsers). The %s expression is a placeholder for a parameter to be supplied by SiteMinder when the query is executed:
select Name, 'User' as Class from SmUser where Name %s Union select Name, 'Group' as Class from SmGroup where Name %s order by Class
The QueryLookupGroup method sets or retrieves a query that fetches a group name based on a property specified in a group table.
Syntax
The QueryLookupGroup method has the following format:
Netegrity::PolicyMgtODBCQueryScheme‑>QueryLookupGroup([queryLookupGrp])
Parameters
The QueryLookupGroup method accepts the following parameter:
queryLookupGrp (string)
(Optional) Specifies the query that fetches the group name.
Return Value
The QueryLookupGroup method returns one of the following values:
Remarks
Sample query (based on the SiteMinder sample database schema SmSampleUsers). The %s expression is a placeholder for a parameter to be supplied by SiteMinder when the query is executed:
select Name, 'Group' as Class from SmGroup where %s
The QueryLookupUser method sets or retrieves a query that fetches a user name based on a property specified in the user table.
Syntax
The QueryLookupUser method has the following format:
Netegrity::PolicyMgtODBCQueryScheme‑>QueryLookupUser([queryLookupUsr])
Parameters
The QueryLookupUser method accepts the following parameter:
queryLookupUsr (string)
(Optional) Specifies the query that fetches the user name.
Return Value
The QueryLookupUser method returns one of the following values:
Remarks
Sample query (based on the SiteMinder sample database schema SmSampleUsers). The %s expression is a placeholder for a parameter to be supplied by SiteMinder when the query is executed:
select Name, 'User' as Class from SmUser where %s
The QuerySetGroupProp method sets or retrieves a query that sets the value of a group property. The property must be one of the properties specified through the QueryGetGroupProps method.
Syntax
The QuerySetGroupProp method has the following format:
Netegrity::PolicyMgtODBCQueryScheme‑>QuerySetGroupProp([querySetGroupProp])
Parameters
The QuerySetGroupProp method accepts the following parameter:
querySetGroupProp (string)
(Optional) Specifies the query that sets the property value for the group.
Return Value
The QuerySetGroupProp method returns one of the following values:
Remarks
Sample query (based on the SiteMinder sample database schema SmSampleUsers). The %s expressions are placeholders for property name, property value, and group name parameters to be supplied by SiteMinder when the query is executed:
update SmGroup set %s = %s where Name = '%s'
The QuerySetPassword method sets or retrieves a query that changes a user password.
Syntax
The QuerySetPassword method has the following format:
Netegrity::PolicyMgtODBCQueryScheme‑>QuerySetPassword([querySetPassword])
Parameters
The QuerySetPassword method accepts the following parameter:
querySetPassword (string)
(Optional) Specifies the query that changes a user password.
Return Value
The QuerySetPassword method returns one of the following values:
Remarks
Sample query (based on the SiteMinder sample database schema SmSampleUsers). The %s expressions are placeholders for user password and user name parameters to be supplied by SiteMinder when the query is executed:
update SmUser set Password = '%s' where Name = '%s'
The QuerySetUserProp method sets or retrieves a query that sets the value of a user property. The property must be one of the properties specified through the PolicyMgtODBCQueryScheme‑>QueryGetUserProps method.
Syntax
The QuerySetUserProp method has the following format:
Netegrity::PolicyMgtODBCQueryScheme‑>QuerySetUserProp([querySetUserProp])
Parameters
The QuerySetUserProp method accepts the following parameters:
querySetUserProp (string)
(Optional) Specifies the query that sets the property value for the group.
Return Value
The QuerySetUserProp method returns one of the following values:
Remarks
Sample query (based on the SiteMinder sample database schema SmSampleUsers). The %s expressions are placeholders for property name, property value, and user name parameters to be supplied by SiteMinder when the query is executed:
update SmUser set %s = %s where Name = '%s'
The following methods act on PolicyMgtPwdPolicy objects:
The AllowNestedGroups method allows the password policy to be configured for nested groups. This method applies only to LDAP directories.
Syntax
The AllowNestedGroups method has the following format:
Netegrity::PolicyMgtPwdPolicy‑>AllowNestedGroups([groupFlag])
Parameters
The AllowNestedGroups method accepts the following parameter:
groupFlag (int)
(Optional) Specifies whether to allow nested groups:
Return Value
The AllowNestedGroups method returns one of the following values:
The ApplyLowerPriorityPolicies method sets or retrieves the flag that determines whether password policies with lower priority should be evaluated after the current password policy is evaluated.
Syntax
The ApplyLowerPriorityPolicies method has the following format:
Netegrity::PolicyMgtPwdPolicy‑>ApplyLowerPriorityPolicies([lowerPriorityFlag])
Parameters
The ApplyLowerPriorityPolicies method accepts the following parameters:
lowerPriorityFlag (int)
(Optional) Specifies whether to enable evaluation of lower-priority password policies:
Return Value
The ApplyLowerPriorityPolicies method returns one of the following values:
The AuthLoginTrackFailure method sets or retrieves the flag for allowing a user to log in if login tracking data fails to be written to the user directory. Login tracking data includes login attempts and successful logins.
Syntax
The AuthLoginTrackFailure method has the following format:
Netegrity::PolicyMgtPwdPolicy‑>AuthLoginTrackFailure([trackingFlag])
Parameters
The AuthLoginTrackFailure method accepts the following parameter:
trackingFlag (int)
(Optional) Specifies whether to allow the user to login when login tracking fails:
Return Value
The AuthLoginTrackFailure method returns one of the following values:
Remarks
If you enable this flag, users are allowed to log in even if login tracking data cannot be written to the user directory. If you disable this flag, users are not allowed to log in if login tracking data cannot be written to the user directory.
The BadLoginDisablementPeriod method sets or retrieves the number of minutes before a user account is disabled after too many failed login attempts.
Syntax
The BadLoginDisablementPeriod method has the following format:
Netegrity::PolicyMgtPwdPolicy‑>BadLoginDisablementPeriod([disablementPeriod])
Parameters
The BadLoginDisablementPeriod method accepts the following parameters:
disablementPeriod (int)
(Optional) Specifies the number of minutes to allow before the user account is disabled.
Return Value
The BadLoginDisablementPeriod method returns one of the following values:
The Description method sets or retrieves the description of the password policy.
Syntax
The Description method has the following format:
Netegrity::PolicyMgtPwdPolicy‑>Description([policyDesc])
Parameters
The Description method accepts the following parameter:
policyDesc (string)
(Optional) Specifies the description of the password policy.
Return Value
The Description method returns one of the following values:
The DictionaryMatch method sets the minimum number of letters required to qualify a password for dictionary checking.
Syntax
The DictionaryMatch method has the following format:
Netegrity::PolicyMgtPwdPolicy‑>DictionaryMatch([dicMatchLen])
Parameters
The DictionaryMatch method accepts the following parameter:
dicMatchLen (int)
(Optional) Specifies the minimum number of letters required.
Return Value
The DictionaryMatch method returns one of the following values:
The DictionaryPath method sets or retrieves the location of a dictionary file that lists words that cannot be used in a password.
Syntax
The DictionaryPath method has the following format:
Netegrity::PolicyMgtPwdPolicy‑>DictionaryPath([dicPath])
Parameters
The DictionaryPath method accepts the following parameter:
dicPath (string)
(Optional) Specifies the new dictionary path.
Return Value
The DictionaryPath method returns one of the following values:
Remarks
The dictionary file must be a text file located in a directory that all Policy Servers can access.
The DisableAfterInactivityExpiration method sets or retrieves the flag for disabling a user's account if it has been inactive for a specified period.
Syntax
The DisableAfterInactivityExpiration method has the following format:
Netegrity::PolicyMgtPwdPolicy‑>DisableAfterInactivityExpiration([inactivityFlag])
Parameters
The DisableAfterInactivityExpiration method accepts the following parameters:
inactivityFlag (int)
(Optional) Specifies whether to disable the user's account
1 disables the user's account after a specified period of inactivity
0 keeps the account enabled and forces a password change
Return Value
The DisableAfterInactivityExpiration method returns one of the following values:
Remarks
If the flag is set not to disable the user's account after the inactivity period, the user is required to change the password at the next login.
The DisableAfterPwdExpiration method sets or retrieves the flag for disabling a user's account after the user's password expires.
Syntax
The DisableAfterPwdExpiration method has the following format:
Netegrity::PolicyMgtPwdPolicy‑>DisableAfterPwdExpiration([expireFlag])
Parameters
The DisableAfterPwdExpiration method accepts the following parameter:
expireFlag (type)
(Optional) Specifies whether to disable the user's account:
1 disable the user's account after the user's password expires
0 keeps the account enabled and forces a password change
Return Value
The DisableAfterPwdExpiration method returns one of the following values:
Remarks
If the flag is set not to disable the user's account after the password expires, the user is required to change the password at next login.
The EntireDir method determines whether the password policy applies to the entire directory or just a part of it.
Syntax
The EntireDir method has the following format:
Netegrity::PolicyMgtPwdPolicy‑>EntireDir([dirFlag])
Parameters
The EntireDir method accepts the following parameters:
dirFlag (int)
(Optional) Specifies whether to apply the password policy to an entire directory:
1 applies the password policy to the entire directory
0 applies the password policy to just a portion of the directory
Return Value
The EntireDir method returns one of the following values:
Remarks
For information about specifying a part of an entire directory, see the descriptions of the PolicyMgtPwdPolicy‑>UserDirPath method and the PolicyMgtPwdPolicy‑>UserDirClass method.
The ExpirationDelay method specifies the number of days a password can be used until it must be changed.
Syntax
The ExpirationDelay method has the following format:
Netegrity::PolicyMgtPwdPolicy‑>ExpirationDelay([expDelay])
Parameters
The ExpirationDelay method accepts the following parameter:
expDelay (int)
(Optional) Specifies the number of days that the password can be used.
Return Value
The ExpirationDelay method returns one of the following values:
The IsEnabled method enables or disables a password policy.
Syntax
The IsEnabled method has the following format:
Netegrity::PolicyMgtPwdPolicy‑>IsEnabled([enableFlag])
Parameters
The IsEnabled method accepts the following parameter:
enableFlag (int)
(Optional) Specifies whether the password policy is enabled:
Return Value
The IsEnabled method returns one of the following values:
The MaxLoginFailures method sets or retrieves the maximum number of failed login attempts a user can make before the user account is disabled.
Syntax
The MaxLoginFailures method has the following format:
Netegrity::PolicyMgtPwdPolicy‑>MaxLoginFailures([maxLogin])
Parameters
The MaxLoginFailures method accepts the following parameter:
maxLogin (int)
(Optional) Specifies the number of failed login attempts.
Return Value
The MaxLoginFailures method returns one of the following values:
The MaxLoginInactive method sets or retrieves the number of days of inactivity allowed before a user's password expires.
Syntax
The MaxLoginInactive method has the following format:
Netegrity::PolicyMgtPwdPolicy‑>MaxLoginInactive([maxLoginInactive])
Parameters
The MaxLoginInactive method accepts the following parameters:
maxLoginInactive (int)
(Optional) Specifies the number of days of inactivity.
Return Value
The MaxLoginInactive method returns one of the following values:
The Name method sets or retrieves the password policy name.
Syntax
The Name method has the following format:
Netegrity::PolicyMgtPwdPolicy‑>Name([policyName])
Parameters
The Name method accepts the following parameter:
policyName (string)
(Optional) Specifies the password policy name.
Return Value
The Name method returns one of the following values:
The PwdAddRegExpMatch method adds a regular expression to the list of expressions that new passwords must match.
Syntax
The PwdAddRegExpMatch method has the following format:
Netegrity::PolicyMgtPwdPolicy‑>PwdAddRegExpMatch([tag] [, expression])
Parameters
The PwdAddRegExpMatch method accepts the following parameters:
tag (string)
(Optional) Specifies the name of the regular expression.
expression (string)
(Optional) Specifies the regular expression.
Return Value
The PwdAddRegExpMatch method returns one of the following values:
The PwdAddRegExpNoMatch method adds a regular expression to the list of expressions that new passwords must not match.
Syntax
The PwdAddRegExpNoMatch method has the following format:
Netegrity::PolicyMgtPwdPolicy‑>PwdAddRegExpNoMatch([tag] [, expression])
Parameters
The PwdAddRegExpNoMatch method accepts the following parameters:
tag (string)
(Optional) Specifies the name of the regular expression.
expression (string)
(Optional) Specifies the regular expression.
Return Value
The PwdAddRegExpNoMatch method returns one of the following values:
The PwdAllowDigits method sets or retrieves the flag that specifies whether passwords are allowed to have numeric characters.
Syntax
The PwdAllowDigits method has the following format:
Netegrity::PolicyMgtPwdPolicy‑>PwdAllowDigits([digitFlag])
Parameters
The PwdAllowDigits method accepts the following parameter:
digitFlag (int)
(Optional) Specifies whether passwords are allowed to have numeric characters:
1 numeric characters are allowed
0 if numeric characters are not allowed
Return Value
The PwdAllowDigits method returns one of the following values:
The PwdAllowLowercase method sets or retrieves the flag that specifies whether passwords are allowed to have lower case letters.
Syntax
The PwdAllowLowercase method has the following format:
Netegrity::PolicyMgtPwdPolicy‑>PwdAllowLowercase([lcFlag])
Parameters
The PwdAllowLowercase method accepts the following parameters:
lcFlag (int)
(Optional) Specifies whether lowercase letters are allowed in passwords:
Return Value
The PwdAllowLowercase method returns one of the following values:
The PwdAllowNonAlphNum method sets or retrieves the flag that specifies whether passwords are allowed to have non-alphanumeric characters.
Syntax
The PwdAllowNonAlphNum method has the following format:
Netegrity::PolicyMgtPwdPolicy‑>PwdAllowNonAlphaNum([nonAlphaNumFlag])
Parameters
The PwdAllowNonAlphNum method accepts the following parameters:
nonAlphaNumFlag (int)
(Optional) Specifies whether non-alphanumeric characters are allowed in passwords
Return Value
The PwdAllowNonAlphNum method returns one of the following values:
The PwdAllowNonPrintable method sets or retrieves the flag that specifies whether passwords are allowed to have non-printable characters. These characters cannot be displayed on a computer screen.
Syntax
The PwdAllowNonPrintable method has the following format:
Netegrity::PolicyMgtPwdPolicy‑>PwdAllowNonPrintable([nonPrintFlag])
Parameters
The PwdAllowNonPrintable method accepts the following parameters:
nonPrintFlag (int)
(Optional) Specifies whether non-printable characters are allowed in passwords:
Return Value
The PwdAllowNonPrintable method returns one of the following values:
The PwdAllowPunctuation method sets or retrieves the flag that specifies whether passwords are allowed to have punctuation mark characters.
Syntax
The PwdAllowPunctuation method has the following format:
Netegrity::PolicyMgtPwdPolicy‑>PwdAllowPunctuation([punctuationMarkFlag])
Parameters
The PwdAllowPunctuation method accepts the following parameters:
punctuationMarkFlag (int)
(Optional) Specifies whether punctuation mark characters are allowed in passwords:
Return Value
The PwdAllowPunctuation method returns one of the following values:
The PwdAllowUpperCase method sets or retrieves the flag that specifies whether passwords are allowed to have upper case letters.
Syntax
The PwdAllowUpperCase method has the following format:
Netegrity::PolicyMgtPwdPolicy‑>PwdAllowUppercase([upperCaseFlag])
Parameters
The PwdAllowUpperCase method accepts the following parameter:
upperCaseFlag (int)
(Optional) Specifies whether upper case letters are allowed in passwords:
Return Value
The PwdAllowUpperCase method returns one of the following values:
The PwdExpiryWarning method sets or retrieves the number of days in advance to notify the user that the password will expire.
Syntax
The PwdExpiryWarning method has the following format:
Netegrity::PolicyMgtPwdPolicy‑>PwdExpiryWarning([warningDays])
Parameters
The PwdExpiryWarning method accepts the following parameters:
warningDays (int)
(Optional) Specifies the number of days of advance notice.
Return Value
The PwdExpiryWarning method returns one of the following values:
The PwdForceLowerCase method sets or retrieves the flag that determines whether to convert any upper case letters in a new password to lower case.
Syntax
The PwdForceLowerCase method has the following format:
Netegrity::PolicyMgtPwdPolicy‑>PwdForceLowerCase([forceLCFlag])
Parameters
The PwdForceLowerCase method accepts the following parameters:
forceLCFlag (int)
(Optional) Specifies whether for force new passwords into lower vase:
Return Value
The PwdForceLowerCase method returns one of the following values:
The PwdForceUpperCase method sets or retrieves the flag that determines whether to convert any lower case letters in a new password to upper case.
Syntax
The PwdForceUpperCase method has the following format:
Netegrity::PolicyMgtPwdPolicy‑>PwdForceUpperCase([forceUCFlag])
Parameters
The PwdForceUpperCase method accepts the following parameters:
forceUCFlag (int)
(Optional) Specifies whether to force new passwords to use only upper case:
Return Value
The PwdForceUpperCase method returns one of the following values:
The PwdGetAllRegExpMatch method retrieves the name tags of all the regular expressions that new passwords must match.
Syntax
The PwdGetAllRegExpMatch method has the following format:
Netegrity::PolicyMgtPwdPolicy‑>PwdGetAllRegExpMatch()
Parameters
The PwdGetAllRegExpMatch method accepts no parameters.
Return Value
The PwdGetAllRegExpMatch method returns one of the following values:
The PwdGetAllRegExpNoMatch method retrieves the name tags of all the regular expressions that new passwords must not match.
Syntax
The PwdGetAllRegExpNoMatch method has the following format:
Netegrity::PolicyMgtPwdPolicy‑>PwdGetAllRegExpNoMatch()
Parameters
The PwdGetAllRegExpNoMatch method accepts no parameters.
Return Value
The PwdGetAllRegExpNoMatch method returns one of the following values:
The PwdGetRegExp method retrieves the regular expression for the specified name tag.
Syntax
The PwdGetRegExp method has the following format:
Netegrity::PolicyMgtPwdPolicy‑>PwdGetRegExp(tag)
Parameters
The PwdGetRegExp method accepts the following parameter:
tag (string)
Specifies the name of the regular expression to retrieve.
Return Value
The PwdGetRegExp method returns one of the following values:
The PwdIgnoreSequence method specifies whether to ignore sequence (that is, character position) when the different-from-previous-characters percentage is calculated.
Syntax
The PwdIgnoreSequence method has the following format:
Netegrity::PolicyMgtPwdPolicy‑>PwdIgnoreSequence([pwdPctSeq])
Parameters
The PwdIgnoreSequence method accepts the following parameter:
pwdPctSeq (int)
(Optional) Specifies whether to ignore the sequence of characters when creating a new password:
Return Value
The PwdIgnoreSequence method returns one of the following values:
Remarks
For example, suppose a user's previous password is BASEBALL12:
For greater security, pass 1 into this method.
The PwdMaxLength method sets or retrieves the maximum length for user passwords.
Syntax
The PwdMaxLength method has the following format:
Netegrity::PolicyMgtPwdPolicy‑>PwdMaxLength([maxPwdLength])
Parameters
The PwdMaxLength method accepts the following parameter:
maxPwdLength (int)
(Optional) Specifies the maximum password length.
Return Value
The PwdMaxLength method returns the new or existing password length setting.
The PwdMaxRepeatingChar method sets or retrieves the maximum number of identical characters that can appear consecutively in a password.
Syntax
The PwdMaxRepeatingChar method has the following format:
Netegrity::PolicyMgtPwdPolicy‑>PwdMaxRepeatingChar([maxPwdRepeat])
Parameters
The PwdMaxRepeatingChar method accepts the following parameter:
maxPwdRepeat (int)
(Optional) Specifies the maximum number of repeating characters.
Return Value
The PwdMaxRepeatingChar method returns the new or existing setting for repeating characters.
The PwdMinAlpha method sets or retrieves the minimum number of alphabetic characters (A-Z, a-z) that a password must contain.
Syntax
The PwdMinAlpha method has the following format:
Netegrity::PolicyMgtPwdPolicy‑>PwdMinAlpha([pwdMinAlpha])
Parameters
The PwdMinAlpha method accepts the following parameter:
pwdMinAlpha (int)
(Optional) Specifies the minimum number of alphabetic characters required.
Return Value
The PwdMinAlpha method returns the new or existing minimum number of alphabetic characters.
The PwdMinAlphaNum method sets or retrieves the minimum number of alphanumeric characters (A-Z, a-z, 0-9) that a password must contain.
Syntax
The PwdMinAlphaNum method has the following format:
Netegrity::PolicyMgtPwdPolicy‑>PwdMinAlphaNum([pwdMinAlphaNum])
Parameters
The PwdMinAlphaNum method accepts the following parameters:
pwdMinAlphaNum (int)
(Optional) Specifies the minimum number of alphanumeric characters required.
Return Value
The PwdMinAlphaNum method returns the new or existing minimum number of alphanumeric characters.
The PwdMinLength method sets or retrieves the minimum length for user passwords.
Syntax
The PwdMinLength method has the following format:
Netegrity::PolicyMgtPwdPolicy‑>PwdMinLength([minPwdLength])
Parameters
The PwdMinLength method accepts the following parameters:
minPwdLength (int)
(Optional) Specifies the minimum length for user passwords.
Return Value
The PwdMinLength method returns the new or existing minimum password length.
The PwdMinLowercase method sets or retrieves the minimum number of lower case letters that a password must contain.
Syntax
The PwdMinLowercase method has the following format:
Netegrity::PolicyMgtPwdPolicy‑>PwdMinLowercase([pwdMinLC])
Parameters
The PwdMinLowercase method accepts the following parameter:
pwdMinLC (int)
(Optional) Specifies the minimum number of lower case letters that a password must contain.
Return Value
The PwdMinLowercase method returns new or existing minimum for lower case letters.
The PwdMinNonAlpha method sets or retrieves the minimum number of non-alphanumeric characters that a password must contain. These characters include punctuation marks and other symbols located on the keyboard, such as @, $, and *.
Syntax
The PwdMinNonAlpha method has the following format:
Netegrity::PolicyMgtPwdPolicy‑>PwdMinNonAlpha([pwdMinNonAlpha])
Parameters
The PwdMinNonAlpha method accepts the following parameters:
pwdMinNonAlpha (int)
(Optional) Specifies the minimum number of non-alphanumeric characters required.
Return Value
The PwdMinNonAlpha method returns the new or existing minimum number of non-alphanumeric characters.
The PwdMinNonPrintable method sets or retrieves the minimum number of non-printable characters that a password must contain. These characters cannot be displayed on a computer screen.
Syntax
The PwdMinNonPrintable method has the following format:
Netegrity::PolicyMgtPwdPolicy‑>PwdMinNonPrintable([pwdMinNonPrint])
Parameters
The PwdMinNonPrintable method accepts the following parameter:
pwdMinNonPrint (int)
(Optional) Specifies the minimum number of non-printable characters required.
Return Value
The PwdMinNonPrintable method returns The new or existing minimum number of non-printable characters.
The PwdMinNumbers method sets or retrieves the minimum number of numeric characters (0-9) that a password must contain.
Syntax
The PwdMinNumbers method has the following format:
Netegrity::PolicyMgtPwdPolicy‑>PwdMinNumbers([pwdMinNum])
Parameters
The PwdMinNumbers method accepts the following parameter:
pwdMinNum (int)
(Optional) Specifies the minimum number of numeric characters required.
Return Value
The PwdMinNumbers method returns the new or existing minimum number of numeric characters.
The PwdMinProfileMatch method specifies the minimum character sequence to check against the user's personal information.
Syntax
The PwdMinProfileMatch method has the following format:
Netegrity::PolicyMgtPwdPolicy‑>PwdMinProfileMatch([pwdMatchAttr])
Parameters
The PwdMinProfileMatch method accepts the following parameter:
pwdMatchAttr (int)
(Optional) Specifies the minimum number of sequential characters to check.
Return Value
The PwdMinProfileMatch method returns the new or existing minimum setting.
Remarks
For example, if this value is set to 4, SiteMinder prohibits the use of any four consecutive characters found in the user's personal information, such as the four last digits of the user's telephone number.
This field prevents a user from incorporating personal information in a password. SiteMinder checks the password against attributes in the user's directory entry.
The PwdMinPunctuation method sets or retrieves the minimum number of punctuation marks that a password must contain. These characters include periods, commas, exclamation marks, slashes, hyphens, dashes, and other punctuation marks.
Syntax
The PwdMinPunctuation method has the following format:
Netegrity::PolicyMgtPwdPolicy‑>PwdMinPunctuation([pwdMinPunc])
Parameters
The PwdMinPunctuation method accepts the following parameter:
pwdMinPunc (int)
(Optional) Specifies the minimum number of punctuation marks required.
Return Value
The PwdMinPunctuation method returns the new or existing minimum number of punctuation marks.
The PwdMinUppercase method sets or retrieves the minimum number of upper case letters that a password must contain.
Syntax
The PwdMinUppercase method has the following format:
Netegrity::PolicyMgtPwdPolicy‑>PwdMinUppercase([pwdMinUC])
Parameters
The PwdMinUppercase method accepts the following parameter:
pwdMinUC (int)
(Optional) Specifies the minimum number of upper case letters that a password must contain.
Return Value
The PwdMinUppercase method returns the new or existing minimum for upper case letters.
The PwdPercentDiff method sets or retrieves the percentage of characters that a new password must contain that differ from characters in the previous password. If the value is set to 100, the new password cannot contain any characters that were in the previous password (unless the parameter PwdIgnoreSeq is set to 0).
Syntax
The PwdPercentDiff method has the following format:
Netegrity::PolicyMgtPwdPolicy‑>PwdPercentDiff([pwdPctDiff])
Parameters
The PwdPercentDiff method accepts the following parameter:
pwdPctDiff (int)
(Optional) Specifies the minimum percentage setting.
Return Value
The PwdPercentDiff method returns the new or existing minimum percentage setting.
The PwdPolicyPriority method sets or retrieves the password's evaluation priority setting (1-1000). Policies are evaluated in descending order (1000 first, 1 last).
Syntax
The PwdPolicyPriority method has the following format:
Netegrity::PolicyMgtPwdPolicy‑>PwdPolicyPriority([priority])
Parameters
The PwdPolicyPriority method accepts the following parameters:
priority (int)
(Optional) Specifies the evaluation priority of this password policy.
Return Value
The PwdPolicyPriority method returns new or existing evaluation priority setting.
The PwdRedirectionURL method sets or retrieves the URL where the user is redirected when an invalid password is provided. This must be the URL of the Password Services CGI.
Syntax
The PwdRedirectionURL method has the following format:
Netegrity::PolicyMgtPwdPolicy‑>PwdRedirectionURL([URL])
Parameters
The PwdRedirectionURL method accepts the following parameter:
URL (string)
(Optional) Specifies the redirection URL.
Return Value
The PwdRedirectionURL method returns one of the following values:
The PwdRemoveRegExp method removes the regular expression associated with the specified name tag.
Syntax
The PwdRemoveRegExp method has the following format:
Netegrity::PolicyMgtPwdPolicy‑>PwdRemoveRegExp(tag)
Parameters
The method accepts the following parameter:
tag (string)
Specifies the name of the regular expression to move.
Return Value
The PwdRemoveRegExp method returns one of the following values:
The PwdReuseCount method specifies the number of new passwords that must be used before an old password can be reused.
Syntax
The PwdReuseCount method has the following format:
Netegrity::PolicyMgtPwdPolicy‑>PwdReuseCount([pwdReuseCount])
Parameters
The PwdReuseCount method accepts the following parameters:
pwdReuseCount (int)
(Optional) Specifies the password reuse setting.
Return Value
The PwdReuseCount method returns the new or existing password reuse setting.
The PwdReuseDelay method specifies the number of days a user must wait before reusing a password.
Syntax
The PwdReuseDelay method has the following format:
Netegrity::PolicyMgtPwdPolicy‑>PwdReuseDelay([pwdReuseDelay])
Parameters
The PwdReuseDelay method accepts the following parameter:
pwdReuseDelay (type)
(Optional) Specifies the password reuse delay setting.
Return Value
The PwdReuseDelay method returns the new or existing password reuse delay setting.
The ReEnableAfterIncorrectPwd method determines whether to re-enable a user account after the entry of an incorrect password or passwords.
Syntax
The ReEnableAfterIncorrectPwd method has the following format:
Netegrity::PolicyMgtPwdPolicy‑>ReEnableAfterIncorrectPwd([groupFlag])
Parameters
The ReEnableAfterIncorrectPwd method accepts the following parameter:
groupFlag (int)
(Optional) Specifies whether to re-enable a user account after the entry of an incorrect password:
Return Value
The ReEnableAfterIncorrectPwd method returns one of the following values:
The Save method saves the password policy to the policy store.
Syntax
The Save method has the following format:
Netegrity::PolicyMgtPwdPolicy‑>Save( )
Parameters
The Save method accepts no parameters.
Return Value
The Save method returns one of the following values:
Remarks
Call this method once after making all the modifications to the password policy that you intend to make. This method must be called for any changes to take effect.
The StripEmbeddedWhitespace method sets or retrieves the flag that determines whether to strip new passwords of embedded white space.
Syntax
The StripEmbeddedWhitespace method has the following format:
Netegrity::PolicyMgtPwdPolicy‑>StripEmbeddedWhitespace([stripEmbeddedFlag])
Parameters
The StripEmbeddedWhitespace method accepts the following parameter:
stripEmbeddedFlag (int)
(Optional) Specifies whether to strip embedded white space from new passwords:
Return Value
The StripEmbeddedWhitespace method returns the new or existing flag setting.
The StripLeadingWhitespace method sets or retrieves the flag that determines whether to strip new passwords of leading white space.
Syntax
The StripLeadingWhitespace method has the following format:
Netegrity::PolicyMgtPwdPolicy‑>StripLeadingWhitespace([stripLeadingFlag])
Parameters
The StripLeadingWhitespace method accepts the following parameter:
stripLeadingFlag (int)
(Optional) Specifies whether to strip leading white space from passwords:
Return Value
The StripLeadingWhitespace method returns the new or existing flag setting.
The StripTrailingWhitespace method sets or retrieves the flag that determines whether to strip new passwords of trailing white space.
Syntax
The StripTrailingWhitespace method has the following format:
Netegrity::PolicyMgtPwdPolicy‑>StripTrailingWhitespace([stripTrailingFlag])
Parameters
The StripTrailingWhitespace method accepts the following parameter:
stripTrailingFlag (int)
(Optional) Specifies whether to strip trailing white space from passwords:
Return Value
The StripTrailingWhitespace method returns the new or existing flag setting.
The TrackLoginDetails method sets or retrieves the flag that determines whether to track authentication attempts and successful logins.
Syntax
The TrackLoginDetails method has the following format:
Netegrity::PolicyMgtPwdPolicy‑>TrackLoginDetails([trackingFlag])
Parameters
The TrackLoginDetails method accepts the following parameter:
trackingFlag (int)
(Optional) Specifies whether to enable login tracking:
Return Value
The TrackLoginDetails method returns the new or existing flag setting.
The UserDirClass method sets or retrieves the directory class if the password policy applies to a part of the directory.
Syntax
The UserDirClass method has the following format:
Netegrity::PolicyMgtPwdPolicy‑>UserDirClass([path])
Parameters
The UserDirClass method accepts the following parameter:
path (string)
(Optional) Specifies the directory class.
Return Value
The UserDirClass method returns the new or existing directory class.
The UserDirectory method sets or retrieves the user directory for the password policy.
Syntax
The UserDirectory method has the following format:
Netegrity::PolicyMgtPwdPolicy‑>UserDirectory([userDir])
Parameters
The UserDirectory method accepts the following parameter:
userDir (PolicyMgtUserDir)
(Optional) Specifies the user directory for the password policy.
Return Value
The UserDirectory method returns a PolicyMgtUserDir object.
The UserDirPath method sets or retrieves the directory path if the password policy applies to a part of the directory.
Syntax
The UserDirPath method has the following format:
Netegrity::PolicyMgtPwdPolicy‑>UserDirPath([path])
Parameters
The UserDirPath method accepts the following parameter:
path (type)
(Optional) Specifies the directory path.
Return Value
The UserDirPath method returns the new or existing directory path.
The following methods act on PolicyMgtPolicy objects:
The ActiveExpr method sets or retrieves the active expression associated with the policy.
Syntax
The ActiveExpr method has the following format:
Netegrity::PolicyMgtPolicy‑>ActiveExpr([activeExpr])
Parameters
The ActiveExpr method accepts the following parameter:
activeExpr (string)
(Optional) Specifies the active expression to set.
Return Value
The ActiveExpr method returns one of the following values:
The AddRule method adds a rule to the policy.
Syntax
The AddRule method has the following format:
Netegrity::PolicyMgtPolicy‑>AddRule(rule)
Parameters
The AddRule method accepts the following parameter:
rule (PolicyMgtRule)
Specifies the rule to add.
Return Value
The AddRule method returns one of the following values:
The AddUser method adds a user to the policy.
Syntax
The AddUser method has the following format:
Netegrity::PolicyMgtPolicy‑>AddUser(user [, iExcludeUser] [, iRecursiveFlag] [, iANDUserFlag])
Parameters
The AddUser method accepts the following parameters:
user (PolicyMgtUser)
Specifies the user to add.
iExcludeUser (int)
(Optional) Specifies whether to exclude a user:
iRecursiveFlag (int)
(Optional) Specifies the setting for the AllowNested flag:
iANDUserFlag (int)
(Optional) Specifies the setting for the AND flag:
1 set the AND flag
0 disables the AND flag
Return Value
The AddUser method returns one of the following values:
The AllowNested method sets or retrieves the AllowNested flag.
Syntax
The AllowNested method has the following format:
Netegrity::PolicyMgtPolicy‑>AllowNested(user[, iRecursiveFlag])
Parameters
The AllowNested method accepts the following parameters:
user (PolicyMgtUser)
Specifies the user for which to set or retrieve the AllowNested flag.
iRecursiveFlag (int)
(Optional) Specifies the value of the AllowNested flag:
If this is not passed, the function returns the current value of the AllowNested flag. The flag applies to all the users added to the policy for a particular user directory.
Return Value
The AllowNested method returns one of the following values:
The CreateIPConfigHostName method creates an IP Address configuration based on the host name passed to the method. For the policy to fire, a request must come from the machine with the passed host name.
Syntax
The CreateIPConfigHostName method has the following format:
Netegrity::PolicyMgtPolicy‑>CreateIPConfigHostName(hostName)
Parameters
The CreateIPConfigHostName method accepts the following parameter:
hostName (string)
Specifies the host name required for the policy to fire.
Return Value
The CreateIPConfigHostName method returns one of the following values:
The CreateIPConfigRange method creates an IP Address configuration based on the range of IP addresses passed to the method. For the policy to fire, a request must come from a machine with an IP address that falls within the range.
Syntax
The CreateIPConfigRange method has the following format:
Netegrity::PolicyMgtPolicy‑>CreateIPConfigRange(ipAddr1, ipAddr2)
Parameters
The CreateIPConfigRange method accepts the following parameters:
ipAddr1 (string)
Specifies the beginning IP address in the range of accepted addresses.
ipAddr2 (string)
Specifies the ending IP address in the range of accepted addresses.
Return Value
The CreateIPConfigRange method returns one of the following values:
The CreateIPConfigSingleHost method creates an IP Address configuration based on the IP address passed to the method. For the policy to fire, a request must come from the machine with the passed IP address.
Syntax
The CreateIPConfigSingleHost method has the following format:
Netegrity::PolicyMgtPolicy‑>CreateIPConfigSingleHost(ipAddr)
Parameters
The CreateIPConfigSingleHost method accepts the following parameter:
ipAddr (string)
Specifies the IP address required for the policy to fire.
Return Value
The CreateIPConfigSingleHost method returns one of the following values:
The CreateIPConfigSubnetMask method creates an IP Address configuration based on the IP address and subnet mask passed to the method. For the policy to fire, a request must come from the subnet address derived from the passed IP address and subnet mask.
Syntax
The CreateIPConfigSubnetMask method has the following format:
Netegrity::PolicyMgtPolicy‑>CreateIPConfigSubnetMask(ipAddr, subnetMask)
Parameters
The CreateIPConfigSubnetMask method accepts the following parameters:
ipAddr (string)
Specifies the IP address used to derive the subnet address.
subnetMask (unsigned long)
Specifies the subnet mask used to derive the subnet address.
Return Value
The CreateIPConfigSubnetMask method returns one of the following values:
Remarks
The subnet mask value is a number of bits. To arrive at this value, count the bits in the binary value of the address. For example, suppose the subnet mask is 255.255.255.128. The binary format is:
11111111 11111111 11111111 10000000
Counting from left to right, the number to pass in subnetMask would be 25.
The DeleteIPConfig method deletes the specified IP configuration object.
Syntax
The DeleteIPConfig method has the following format:
Netegrity::PolicyMgtPolicy‑>DeleteIPConfig(ipConfig)
Parameters
The DeleteIPConfig method accepts the following parameters:
ipConfig (PolicyMgtIPConfig)
Specifies the IP configuration object to delete.
Return Value
The DeleteIPConfig method returns one of the following values:
The Description method sets or retrieves the description of the policy.
Syntax
The Description method has the following format:
Netegrity::PolicyMgtPolicy‑>Description([policyDesc])
Parameters
The Description method accepts the following parameter:
policyDesc (string)
Specifies the description to set.
Return Value
The Description method returns one of the following values:
The EnforceANDEvaluation method sets or retrieves the ANDUser/Group flag depending on the value of the iANDUserFlag.
Syntax
The EnforceANDEvaluation method has the following format:
Netegrity::PolicyMgtPolicy‑>EnforceANDEvaluation(user[, iANDUserFlag])
Parameters
The EnforceANDEvaluation method accepts the following parameters:
user (PolicyMgtUser)
Specifies the user for which to set or retrieve iANDUserFlag.
iANDUserFlag (int)
(Optional) Specifies whether to enforce AND evaluation:
1 to enforce AND evaluation
0 to remove AND evaluation
If this argument is not passed, the function returns the current value of iANDUserFlag. This flag applies to all the users added to the policy for a particular user directory.
Return Value
The EnforceANDEvaluation method returns one of the following values:
The ExcludeUser method excludes or includes a user from the policy depending on the value of iExcludeFlag.
Syntax
The ExcludeUser method has the following format:
Netegrity::PolicyMgtPolicy‑>ExcludeUser(user[, iExcludeFlag])
Parameters
The ExcludeUser method accepts the following parameters:
user (PolicyMgtUser)
Specifies the user to exclude or include.
iExcludeFlag (int)
(Optional) Specifies whether to exclude the specified user:
If this argument is not passed, the function returns the current value of iExcludeFlag.
Return Value
The ExcludeUser method returns one of the following values:
The GetAllIPConfigs method retrieves all IP address restriction objects in the policy.
Syntax
The GetAllIPConfigs method has the following format:
Netegrity::PolicyMgtPolicy‑>GetAllIPConfigs( )
Parameters
The GetAllIPConfigs method accepts no parameters.
Return Value
The GetAllIPConfigs method returns one of the following values:
Remarks
See the PolicyMgtIPConfig‑>GetType method for information about IP address restrictions and IP address restriction types.
The GetAllRules method retrieves all rules associated with the policy.
Syntax
The GetAllRules method has the following format:
Netegrity::PolicyMgtPolicy‑>GetAllRules()
Parameters
The GetAllRules method accepts no parameters.
Return Value
The GetAllRules method returns one of the following values:
The GetAllUsers method retrieves all users associated with the policy. If a user directory is specified, only those users associated with that directory are retrieved.
Syntax
The GetAllUsers method has the following format:
Netegrity::PolicyMgtPolicy‑>GetAllUsers([userDir])
Parameters
The GetAllUsers method accepts the following parameter:
userDir (PolicyMgtUserDir)
(Optional) Specifies that only users associated with this user directory are retrieved.
Return Value
The GetAllUsers method returns one of the following values:
The IsEnabled method enables or disables the policy.
Syntax
The IsEnabled method has the following format:
Netegrity::PolicyMgtPolicy‑>IsEnabled([enableFlag])
Parameters
The IsEnabled method accepts the following parameter:
enableFlag (int)
(Optional) Specifies whether to enable or disable the policy:
Return Value
The IsEnabled method returns one of the following values:
The Name method sets or retrieves the policy name.
Syntax
The Name method has the following format:
Netegrity::PolicyMgtPolicy‑>Name([policyName])
Parameters
The Name method accepts the following parameter:
policyName (string)
(Optional) Specifies the name to assign to the policy.
Return Value
The Name method returns one of the following values:
The RemoveResponse method removes the response for a configured rule in the policy.
Syntax
The RemoveResponse method has the following format:
Netegrity::PolicyMgtPolicy‑>RemoveResponse(rule)
Parameters
The RemoveResponse method accepts the following parameter:
rule (PolicyMgtRule)
Specifies the rule whose response should be removed.
Return Value
The RemoveResponse method returns one of the following values:
The RemoveRule method Removes the specified rule from the policy.
Syntax
The RemoveRule method has the following format:
Netegrity::PolicyMgtPolicy‑>RemoveRule(rule)
Parameters
The RemoveRule method accepts the following parameter:
rule (PolicyMgtRule)
Specifies the rule to remove.
Return Value
The RemoveRule method returns one of the following values:
The RemoveUser method removes a user from the policy.
Syntax
The RemoveUser method has the following format:
Netegrity::PolicyMgtPolicy‑>RemoveUser(user)
Parameters
The RemoveUser method accepts the following parameters:
user (PolicyMgtUser)
Specifies the user to remove.
Return Value
The RemoveUser method returns one of the following values:
The SetResponse method sets the response for a configured rule in the policy.
Syntax
The SetResponse method has the following format:
Netegrity::PolicyMgtPolicy‑>SetResponse(rule, response)
Parameters
The SetResponse method accepts the following parameters:
rule (PolicyMgtRule)
Specifies the rule whose response is being set.
response (PolicyMgtResponse)
Specifies the response to set.
Return Value
The SetResponse method returns one of the following values:
The following methods define TCP/IP connectivity information for a PolicyMgtServer object:
The GetPorts method is deprecated in SiteMinder v6.0 and replaced by the GetServerPort method.
The GetServerAddress method retrieves the Host Name or IP address of the Policy Server.
Syntax
The GetServerAddress method has the following format:
Netegrity::PolicyMgtServer‑>GetServerAddress()
Parameters
The GetServerAddress method accepts no parameters.
Return Value
The GetServerAddress method returns one of the following values:
The GetServerPort method retrieves one of the following:
Syntax
The GetServerPort method has the following format:
Netegrity::PolicyMgtServer‑>GetServerPort()
Parameters
The GetServerPort method accepts no parameters:
Return Value
The GetServerPort method returns one of the following values:
Remarks
The single-process Policy Server introduced in SiteMinder v6.0 combines the previously separate Authentication, Authorization, and Accounting processes into one combined process whose requests go through one TCP port. As a result, the ports numbers retrieved in the array are all the same.
The following methods act on PolicyMgtRealm objects:
The Agent method sets or retrieves the agent for the realm.
Syntax
The Agent method has the following format:
Netegrity::PolicyMgtRealm‑>Agent([agent])
Parameters
The Agent method accepts the following parameters:
agent (PolicyMgtAgent)
(Optional) Specifies the agent to set for the realm.
Return Value
The Agent method returns one of the following values:
The AuthScheme method sets or retrieves the authentication scheme for the realm.
Syntax
The AuthScheme method has the following format:
Netegrity::PolicyMgtRealm‑>AuthScheme([authScheme])
Parameters
The AuthScheme method accepts the following parameter:
authScheme (PolicyMgtAuthScheme)
(Optional) Specifies the authentication scheme to set for the realm.
Return Value
The AuthScheme method returns one of the following values:
The AzUserDir method sets or retrieves the authorization user directory for the realm.
Syntax
The AzUserDir method has the following format:
Netegrity::PolicyMgtRealm‑>AzUserDir([dir])
Parameters
The AzUserDir method accepts the following parameter:
dir (PolicyMgtUserDirectory)
(Optional) Specifies the authorization user directory to set for the realm.
Return Value
The AzUserDir method returns one of the following values:
The CreateChildRealm method creates and configures a realm directly under the realm on which this method was called.
Syntax
The CreateChildRealm method has the following format:
Netegrity::PolicyMgtRealm‑>CreateChildRealm(realmName, agent, authScheme [, realmDesc] [, resFilter] [, procAuthEvents] [, procAzEvents] [, protectAll] [, maxTimeout] [, idleTimeout] [, syncAudit] [, azUserDir] [, regScheme])
Parameters
The CreateChildRealm method accepts the following parameters:
realmName (string)
Specifies the name of the realm.
agent (PolicyMgtAgent)
Specifies the agent or agent group for the realm.
authScheme (PolicyMgtAuthScheme)
Specifies the authentication scheme to associate with the realm.
realmDesc (string)
(Optional) Specifies the realm description.
resFilter (string)
(Optional) Specifies the resource filter for the realm.
procAuthEvents (int)
(Optional) Specifies a flag for processing authentication events: 1 to enable, or 0 to disable. The default is enabled.
procAzEvents (int)
(Optional) Specifies a flag for processing authorization events: 1 to enable, or 0 to disable. The default is enabled.
protectAll (int)
(Optional) Specifies a flag for activating default resource protection:1 to enable, or 0 to disable. The default is enabled.
maxTimeout (int)
(Optional) Specifies the maximum time, in seconds, a user can access the realm before re-authentication is required. The default is 7200 (2 hours).
idleTimeout (int)
(Optional) Specifies the maximum time a user can remain inactive in the realm before re-authentication is required. The default is 3600 (1 hour).
syncAudit (int)
(Optional) Specifies a flag for enabling synchronous auditing: 1 to enable, or 0 to disable. When this flag is enabled, SiteMinder logs Policy Server and agent actions before it allows access to resources. The default is enabled.
azUserDir (PolicyMgtUserDir)
(Optional) Specifies the directory where users in the realm will be authorized. The default is the default directory.
regScheme (PolicyMgtRegScheme)
(Optional) Specifies the registration scheme used to register new users accessing resources in the realm.
Return Value
The CreateChildRealm method returns one of the following values:
Remarks
This method creates a realm that is configured for non-persistent sessions. To configure the realm for SiteMinder 5.0 persistent sessions, edit the realm in the Administrative UI.
Note: The Policy Management API only manipulates realms that are direct descendants of the object whose method has been called, as follows:
The CreateRule method creates and configures a rule under the realm.
Syntax
The CreateRule method has the following format:
Netegrity::PolicyMgtRealm‑>CreateRule( ruleName [, ruleDesc] [, action] [, resource] [, allowAccess] [, regexMatch] [, activeExpr] [, isEnabled] )
Parameters
The CreateRule method accepts the following parameters:
ruleName (string)
Specifies the name of the rule.
ruleDesc (string)
(Optional) Specifies the description of the rule.
action (string)
(Optional) Specifies the type of action that the rule will execute. One of the following actions:
For action type Web Agent actions, use one or more of the following HTTP actions. Use commas to separate multiple actions:
For action type Authentication events:
For action type Authorization events:
resource (string)
(Optional) Specifies the resource protected by the rule. This value doesn't apply to action type Authentication events.
allowAccess (int)
(Optional) Specifies a flag to allow or deny access to the resource protected by the rule: 1 allows access, or 0 denies access. This flag applies only to action values of type GET, PUT, and/or POST. The default is 1.
regexMatch (int)
(Optional) Specifies a flag to allow regular expression pattern matching in the resource field : 1 allows regular expression matching, and 0 denies regular expression matching. This flag doesn't apply to action type Authentication events. The default is 0.
activeExpr (string)
(Optional) Specifies the active expression associated with the rule.
isEnabled (int)
(Optional) Specifies a flag to enable or disable the rule:1 to enable, or 0 to disable. The default is enabled.
Return Value
The CreateRule method returns one of the following values:
The DeleteChildRealm method deletes a top-level realm within the realm.
Syntax
The DeleteChildRealm method has the following format:
Netegrity::PolicyMgtRealm‑>DeleteChildRealm(realm)
Parameters
The DeleteChildRealm method accepts the following parameter:
realm (PolicyMgtRealm)
Specifies the child realm to delete.
Return Value
The DeleteChildRealm method returns one of the following values:
The DeleteRule method deletes an existing rule within the realm.
Syntax
The DeleteRule method has the following format:
Netegrity::PolicyMgtRealm‑>DeleteRule(rule)
Parameters
The DeleteRule method accepts the following parameter:
rule (PolicyMgtRule)
Specifies the rule to delete.
Return Value
The DeleteRule method returns one of the following values:
The Description method sets or retrieves the description of the realm.
Syntax
The Description method has the following format:
Netegrity::PolicyMgtRealm‑>Description([realmDesc])
Parameters
The Description method accepts the following parameter:
realmDesc (string)
(Optional) Specifies the description to assign to the realm.
Return Value
The Description method returns one of the following values:
The Flush method flushes the realm from the resource cache.
Syntax
The Flush method has the following format:
Netegrity::PolicyMgtRealm‑>Flush()
Parameters
The Flush method accepts no parameters.
Return Value
The Flush method returns one of the following values:
The GetAllChildRealms method retrieves all top-level realms within the realm. Returns only the children.
Syntax
The GetAllChildRealms method has the following format:
Netegrity::PolicyMgtRealm‑>GetAllChildRealms()
Parameters
The GetAllChildRealms method accepts no parameters.
Return Value
The GetAllChildRealms method returns one of the following values:
The GetAllRules method retrieves the rules associated with the realm.
Syntax
The GetAllRules method has the following format:
Netegrity::PolicyMgtRealm‑>GetAllRules()
Parameters
The GetAllRules method accepts no parameters.
Return Value
The GetAllRules method returns one of the following values:
The GetChildRealm method retrieves a top-level child realm under the realm. This method only searches child realms.
Syntax
The GetChildRealm method has the following format:
Netegrity::PolicyMgtRealm‑>GetChildRealm(realmName)
Parameters
The GetChildRealm method accepts the following parameter:
realmName (string)
Specifies the realm to check for child realms.
Return Value
The GetChildRealm method returns one of the following values:
The GetDomain method retrieves the domain associated with the realm.
Syntax
The GetDomain method has the following format:
Netegrity::PolicyMgtRealm‑>GetDomain()
Parameters
The GetDomain method accepts parameters.
Return Value
The GetDomain method returns one of the following values:
The GetRule method retrieves an existing rule in the realm.
Syntax
The GetRule method has the following format:
Netegrity::PolicyMgtRealm‑>GetRule(ruleName)
Parameters
The GetRule method accepts the following parameter:
ruleName (string)
Specifies the name of the rule to retrieve.
Return Value
The GetRule method returns one of the following values:
The IdleTimeout method sets or retrieves the maximum time a user can remain inactive in the realm before re-authentication is required.
Syntax
The IdleTimeout method has the following format:
Netegrity::PolicyMgtRealm‑>IdleTimeout([idleTimeout])
Parameters
The IdleTimeout method accepts the following parameter:
idleTimeout (type)
(Optional) Specifies the idle timeout value, in seconds.
Return Value
The IdleTimeout method returns one of the following values:
The MaxTimeout method sets or retrieves the maximum time a user can access the realm before re-authentication is required.
Syntax
The MaxTimeout method has the following format:
Netegrity::PolicyMgtRealm‑>MaxTimeout([maxTimeout])
Parameters
The MaxTimeout method accepts the following parameter:
maxTimeout (int)
(Optional) Specifies the maximum timeout value, in seconds.
Return Value
The MaxTimeout method returns one of the following values:
The Name method sets or retrieves the realm name.
Syntax
The Name method has the following format:
Netegrity::PolicyMgtRealm‑>Name([realmName])
Parameters
The Name method accepts the following parameter:
realmName (string)
(Optional) Specifies the name to assign to the realm.
Return Value
The Name method returns one of the following values:
The ProcessAuEvents method sets or retrieves the authentication event flag in the realm.
Authentication event processing affects performance. If no rules in the realm are triggered by authentication events, set this flag to 0.
Syntax
The ProcessAuEvents method has the following format:
Netegrity::PolicyMgtRealm‑>ProcessAuEvents([authFlag])
Parameters
The ProcessAuEvents method accepts the following parameter:
authFlag (int)
(Optional) Specifies whether authentication events are processed:
Return Value
The ProcessAuEvents method returns one of the following values:
The ProcessAzEvents method sets or retrieves the authorization event flag in the realm.
Syntax
The ProcessAzEvents method has the following format:
Netegrity::PolicyMgtRealm‑>ProcessAzEvents([azFlag])
Parameters
The ProcessAzEvents method accepts the following parameter:
azFlag (int)
(Optional) Specifies whether to enable authorization event processing:
Return Value
The ProcessAzEvents method returns one of the following values:
Remarks
Authorization event processing affects performance. If no rules in the realm are triggered by authorization events, set this flag to 0.
The ProtectResource method sets or retrieves the current resource protection flag.
Syntax
The ProtectResource method has the following format:
Netegrity::PolicyMgtRealm‑>ProtectResource([protectFlag])
Parameters
The ProtectResource method accepts the following parameter:
protectFlag (int)
(Optional) Specifies whether enable resource protection:
Return Value
The ProtectResource method returns one of the following values:
The RegScheme method sets or retrieves the registration scheme for the realm.
Syntax
The RegScheme method has the following format:
Netegrity::PolicyMgtRealm‑>RegScheme([regScheme])
Parameters
The RegScheme method accepts the following parameter:
regScheme (PolicyMgtRegScheme)
(Optional) Specifies the registration scheme to set.
Return Value
The RegScheme method returns one of the following values:
The SessionDrift method sets or retrieves the session drift of the realm, that is, the validation period (in seconds) if enabled on a persistent realm.
Syntax
The SessionDrift method has the following format:
Netegrity::PolicyMgtRealm‑>SessionDrift([SessionDrift])
Parameters
The SessionDrift method accepts the following parameter:
SessionDrift (int)
(Optional) Specifies the new value, or returns the current value when not specified.
Return Value
The SessionDrift method returns one of the following values:
Note: -1 (Sm_PolicyApi_Failure) is a valid return value, indicating that the session drift is not enabled
The ResourceFilter method sets or retrieves the realm resource filter.
Syntax
The ResourceFilter method has the following format:
Netegrity::PolicyMgtRealm‑>ResourceFilter([rFilter])
Parameters
The ResourceFilter method accepts the following parameter:
rFilter (string)
(Optional) Specifies the realm resource filter to set.
Return Value
The ResourceFilter method returns one of the following values:
The SyncAudit method sets or retrieves the synchronous auditing flag. When this flag is enabled, SiteMinder logs Policy Server and agent actions before it allows access to resources.
Syntax
The SyncAudit method has the following format:
Netegrity::PolicyMgtRealm‑>SyncAudit([syncFlag])
Parameters
The SyncAudit method accepts the following parameter:
syncFlag (int)
(Optional) Specifies whether synchronous auditing is enabled:
Return Value
The SyncAudit method returns one of the following values:
The following methods act on PolicyMgtRegScheme objects:
The Description method sets or retrieves the registration scheme description.
Syntax
The Description method has the following format:
Netegrity::PolicyMgtRegScheme‑>Description([regDesc])
Parameters
The Description method accepts the following parameter:
regDesc (string)
(Optional) Specifies the description of the registration scheme.
Return Value
The Description method returns one of the following values:
The EnableLogging method enables or disables registration scheme logging.
Syntax
The EnableLogging method has the following format:
Netegrity::PolicyMgtRegScheme‑>EnableLogging([logFlag])
Parameters
The EnableLogging method accepts the following parameter:
logFlag (int)
(Optional) Specifies whether registration scheme logging is enabled:
Return Value
The EnableLogging method returns one of the following values:
The Name method Sets or retrieves the registration scheme name.
Syntax
The Name method has the following format:
Netegrity::PolicyMgtRegScheme‑>Name([regName])
Parameters
The Name method accepts the following parameters:
regName (string)
(Optional) Specifies the registration scheme name.
Return Value
The Name method returns one of the following values:
The TemplatePath method sets or retrieves the path of the registration scheme template.
Syntax
The TemplatePath method has the following format:
Netegrity::PolicyMgtRegScheme‑>TemplatePath([path])
Parameters
The TemplatePath method accepts the following parameters:
path (string)
(Optional) Specifies the path of the registration scheme template.
Return Value
The TemplatePath method returns one of the following values:
The UserDirectory method sets or retrieves the user directory for the registration scheme.
Syntax
The UserDirectory method has the following format:
Netegrity::PolicyMgtRegScheme‑>UserDirectory([userDir])
Parameters
The UserDirectory method accepts the following parameters:
userDir (PolicyMgtUserDir)
(Optional) Specifies the user directory for the registration scheme.
Return Value
The UserDirectory method returns one of the following values:
The WelcomePageURL method sets or retrieves the welcome page URL for the registration scheme.
Syntax
The WelcomePageURL method has the following format:
Netegrity::PolicyMgtRegScheme‑>WelcomePageURL([URL])
Parameters
The WelcomePageURL method accepts the following parameter:
URL (string)
(Optional) Specifies the welcome page URL for the registration scheme. Users are redirected to this page after successfully registering.
Format: http://my.acme.com/hr/welcome.htm
Return Value
The WelcomePageURL method returns one of the following values:
The following methods act on PolicyMgtResponse objects:
The CreateAttribute method creates a Static response attribute for the response.
Syntax
The CreateAttribute method has the following format:
Netegrity::PolicyMgtResponse‑>CreateAttribute(attrName, varValue [, TTL])
Parameters
The CreateAttribute method accepts the following parameters:
attrName (string)
Specifies the name of the attribute to create. Valid attribute names vary with the type of agent associated with the response.
Agent type is specified in the SiteMinder Response Dialog, which is displayed when you create a response. To see the list of attributes associated with a given agent type, select the agent type in the SiteMinder Response Dialog, click Create, then view the choices in the Attribute field of the SiteMinder Response Attribute Editor.
For example, if you are creating a response with a SiteMinder Web Agent type, you can create any of the following response attributes:
varValue (string)
Specifies the value of the static attribute. This value appears in the Value column of the SiteMinder Response Dialog. The value represents either a variable or cookie value or a name/value pair. If you need to specify a name as well as a value, use the form name=value. For example, the attribute WebAgent-HTTP-Header-Variable requires a name/value pair. If the name is show_content and the value is yes, you would assign show_content=yes to varValue.
TTL (int)
(Optional) Specifies the amount of time in seconds that can elapse before the value of the response attribute is recalculated.
Return Value
The CreateAttribute method returns one of the following values:
Remarks
You cannot create response attributes of type User Attribute or DN Attribute with the Command Line Interface.
See also the descriptions of the PolicyMgtResponse‑>CreateActiveAttribute method and the PolicyMgtResponse‑>CreateVariableAttribute method.
The DeleteAttribute method deletes a response attribute in the response.
Syntax
The DeleteAttribute method has the following format:
Netegrity::PolicyMgtResponse‑>DeleteAttribute(respAttr)
Parameters
The DeleteAttribute method accepts the following parameter:
respAttr (PolicyMgtResponseAttr)
Specifies the response attribute to delete.
Return Value
The DeleteAttribute method returns one of the following values:
The Description method sets or retrieves the response description.
Syntax
The Description method has the following format:
Netegrity::PolicyMgtResponse‑>Description([resDesc])
Parameters
The Description method accepts the following parameter:
resDesc (string)
(Optional) Specifies the response description.
Return Value
The Description method returns one of the following values:
The GetAllAttributes method retrieves a list of configured response attributes.
Syntax
The GetAllAttributes method has the following format:
Netegrity::PolicyMgtResponse‑>GetAllAttributes()
Parameters
The GetAllAttributes method accepts no parameters:
Return Value
The GetAllAttributes method returns one of the following values:
The Name method sets or retrieves the response name.
Syntax
The Name method has the following format:
Netegrity::PolicyMgtResponse‑>Name([resName])
Parameters
The Name method accepts the following parameter:
resName (string)
(Optional) Specifies the response name.
Return Value
The Name method returns one of the following values:
The following methods act on PolicyMgtResponseAttr objects:
The GetAgentTypeAttrName method retrieves the name of the agent type attribute associated with this response attribute.
Syntax
The GetAgentTypeAttrName method has the following format:
Netegrity::PolicyMgtResponseAttr‑>GetAgentTypeAttrName()
Parameters
The GetAgentTypeAttrName method accepts no parameters.
Return Value
The GetAgentTypeAttrName method returns one of the following values:
The GetTTL method retrieves the Time To Live (TTL) setting.
Syntax
The GetTTL method has the following format:
Netegrity::PolicyMgtResponseAttr‑>GetTTL()
Parameters
The GetTTL method accepts no parameters.
Return Value
The GetTTL method returns one of the following values:
The GetValue method retrieves the response attribute value.
Syntax
The GetValue method has the following format:
Netegrity::PolicyMgtResponseAttr‑>GetValue()
Parameters
The GetValue method accepts no parameters.
Return Value
The GetValue method returns one of the following values:
The following methods act on PolicyMgtRule objects:
The AccessType method sets or retrieves the flag that allows or denies access to the resource protected by the rule.
Syntax
The AccessType method has the following format:
Netegrity::PolicyMgtRule‑>AccessType([allowAccess])
Parameters
The AccessType method accepts the following parameter:
allowAccess (int)
(Optional) Specifies whether the rule allows access to the resource:
Return Value
The AccessType method returns one of the following values:
The Action method sets or retrieves the action for the rule.
Syntax
The Action method has the following format:
Netegrity::PolicyMgtRule‑>Action([action])
Parameters
The Action method accepts the following parameter:
action (string)
(Optional) Specifies the action to perform, as follows:
For action type Web Agent actions, use one or more of the following HTTP actions. Use commas to separate multiple actions:
For action type Authentication events:
For action type Authorization events:
Return Value
The Action method returns one of the following values:
The ActiveExpr method sets or retrieves the active expression for the rule.
Syntax
The ActiveExpr method has the following format:
Netegrity::PolicyMgtRule‑>ActiveExpr([expr])
Parameters
The ActiveExpr method accepts the following parameters:
expr (string)
(Optional) Specifies the active expression to execute.
Return Value
The ActiveExpr method returns one of the following values:
The Agent method sets or retrieves an agent object or an agent group object associated with the global rule.
Syntax
The Agent method has the following format:
Netegrity::PolicyMgtRule‑>Agent(agentObject)
Parameters
The Agent method accepts the following parameter:
agentObject (objectType)
Specifies the agent object or agent group object to associate with the rule. objectType can be either PolicyMgtAgent or PolicyMgtGroup.
Return Value
The Agent method returns a new or existing PolicyMgtAgent object or PolicyMgtGroup object.
Remarks
After the rule is created, the agent associated with the rule can be changed only within the same agent type (such as Web Agent).
Note: Rules that have domain scope are associated with agents indirectly, through a realm.
The Description method sets or retrieves the description of the rule.
Syntax
The Description method has the following format:
Netegrity::PolicyMgtRule‑>Description([ruleDesc])
Parameters
The Description method accepts the following parameter:
ruleDesc (string)
(Optional) Specifies the description of the rule.
Return Value
The Description method returns one of the following values:
The IsEnabled method enables or disables the rule.
Syntax
The IsEnabled method has the following format:
Netegrity::PolicyMgtRule‑>IsEnabled([enableFlag])
Parameters
The IsEnabled method accepts the following parameter:
enableFlag (type)
(Optional) Specifies whether to enable the rule:
Return Value
The IsEnabled method returns one of the following values:
The Name method sets or retrieves the rule name.
Syntax
The Name method has the following format:
Netegrity::PolicyMgtRule‑>Name([ruleName])
Parameters
The Name method accepts the following parameter:
ruleName (string)
Specifies the rule name.
Return Value
The Name method returns one of the following values:
The RegexMatch method sets or retrieves the flag that determines whether regular expression pattern matching is enabled for resource-matching operations.
Syntax
The RegexMatch method has the following format:
Netegrity::PolicyMgtRule‑>RegexMatch([enableFlag])
Parameters
The RegexMatch method accepts the following parameters:
enableFlag (int)
(Optional) Specifies whether to allow regular expression pattern matching:
Return Value
The RegexMatch method returns one of the following values:
The Resource method sets or retrieves the resource protected by the rule.
Syntax
The Resource method has the following format:
Netegrity::PolicyMgtRule‑>Resource()
Parameters
The Resource method accepts no parameters.
Return Value
The Resource method returns one of the following values:
The following methods act on PolicyMgtSAMLAffiliation objects:
The GetAffiliatedSAMLAuthSchemes method retrieves all the SAML 2.0 authentication schemes associated with this SAML affiliation.
Syntax
The GetAffiliatedSAMLAuthSchemes method has the following format:
Netegrity::PolicyMgtSAMLAffiliation‑>GetAffiliatedSAMLAuthSchemes()
Parameters
The GetAffiliatedSAMLAuthSchemes method accepts no parameters.
Return Value
The GetAffiliatedSAMLAuthSchemes method returns one of the following values:
The GetAffiliatedSAMLServiceProviders method Retrieves all the SAML 2.0 Service Providers associated with this SAML affiliation.
Syntax
The GetAffiliatedSAMLServiceProviders method has the following format:
Netegrity::PolicyMgtSAMLAffiliation‑>GetAffiliatedSAMLServiceProviders()
Parameters
The GetAffiliatedSAMLServiceProviders method accepts no parameters.
Return Value
The GetAffiliatedSAMLServiceProviders method returns one of the following values:
The Property method sets or retrieves the specified SAML 2.0 metadata property for this SAML 2.0 affiliation.
Syntax
The Property method has the following format:
Netegrity::PolicyMgtSAMLAffiliation‑>Property(name [, value])
Parameters
The Property method accepts the following parameters:
name (string)
Specifies the property to set or retrieve.
value (string)
(Optional) Specifies the value of the property being set.
Return Value
The Property method returns one of the following values:
Remarks
For a list of affiliation metadata properties, see the description of the PolicyMgtSession‑>CreateSAMLAffiliation method.
Note: After modifying one or more existing affiliation properties with this method, call PolicyMgtSAMLAffiliation‑>Save to write the changes to the policy store.
The Save method saves the changes you made to the SAML 2.0 metadata properties of this SAML 2.0 affiliation.
Syntax
The Save method has the following format:
Netegrity::PolicyMgtSAMLAffiliation‑>Save()
Parameters
The Save method accepts no parameters.
Return Value
The Save method returns one of the following values:
Remarks
To modify an affiliation property, call the PolicyMgtSAMLAffiliation‑>Property method.
The following methods act on PolicyMgtSAMLSPACS objects:
The GetACSIndex method retrieves the index value of a SAML Service Provider Assertion Consumer Service object.
Syntax
The GetACSIndex method has the following format:
Netegrity::PolicyMgtSAMLSPACS‑>GetACSIndex()
Parameters
The GetACSIndex method accepts no parameters.
Return Value
The GetACSIndex method returns one of the following values:
The GetACSBinding method retrieves the protocol binding of a SAML Service Provider Assertion Consumer Service object.
Syntax
The GetACSBinding method has the following format:
Netegrity::PolicyMgtSAMLSPACS‑>GetACSBinding()
Parameters
The GetACSBinding method accepts no parameters.
Return Value
The GetACSBinding method returns one of the following values:
The GetACSURL method retrieves the URL value of a SAML Service Provider Assertion Consumer Service object.
Syntax
The GetACSURL method has the following format:
Netegrity::PolicyMgtSAMLSPACS‑>GetACSURL()
Parameters
The GetACSURL method accepts no parameters.
Return Value
The GetACSURL method returns one of the following values:
The GetIsDefault method retrieves the value of IsDefault for the SAML Service Provider Assertion Consumer Service object.
Syntax
The GetIsDefault method has the following format:
Netegrity::PolicyMgtSAMLSPACS‑>GetIsDefault()
Parameters
The GetIsDefault method accepts no parameters.
Return Value
The GetIsDefault method returns one of the following values:
The following methods act on PolicyMgtSAMLRequesterAttr objects:
The GetAttrNameFormat method retrieves a SAML Requester attribute's name format.
Syntax
The GetAttrNameFormat method has the following format:
Netegrity::PolicyMgtSAMLRequesterAttr‑>GetAttrNameFormat()
Parameters
The GetAttrNameFormat method accepts no parameters.
Return Value
The GetAttrNameFormat method returns the following value:
The GetLocalName method retrieves a SAMLRequester attribute's local name.
Syntax
The GetLocalName method has the following format:
Netegrity::PolicyMgtSAMLRequesterAttr‑>GetLocalName()
Parameters
The GetLocalName method accepts no parameters.
Return Value
The GetLocalName method returns one of the following values:
The GetName method retrieves a SAML Requester attribute's name.
Syntax
The GetName method has the following format:
Netegrity::PolicyMgtSAMLRequesterAttr‑>GetName()
Parameters
The GetName method accepts no parameters.
Return Value
The GetName method returns one of the following values:
The following methods act on PolicyMgtSAMLServiceProvider objects:
The AddAssertionConsumerService method adds an Assertion Consumer Service to a SAML Service Provider object.
Syntax
The AddAssertionConsumerService method has the following format:
Netegrity::PolicyMgtSAMLServiceProvider‑>AddAssertionConsumerService(index, protocolBinding, URL)
Parameters
The AddAssertionConsumerService method accepts the following parameters:
index (int)
Specifies the Assertion Consumer Service Indexed Endpoint index value.
protocolBinding (string)
Specifies the protocol binding of the Assertion Consumer Service, which is one of the following:
URL (string)
Specifies the URL of the Indexed Endpoint.
Return Value
The AddAssertionConsumerService method returns one of the following values:
The AddAttribute method adds an attribute to the SAML 2.0 Service Provider.
Syntax
The AddAttribute method has the following format:
Netegrity::PolicyMgtSAMLServiceProvider‑>AddAttribute(attrNameFormat, value, nEncrypted, nMode)
Parameters
The AddAttribute method accepts the following parameters:
attrNameFormat (int)
Specifies one of the following attribute formats, as defined in the SAML 2.0 standard:
value (string)
Specifies the value specification for the attribute. This value specification appears in the Name Value Pair column of the SiteMinder SAML Service Provider Properties Dialog. The format of the value specification depends upon the kind of attribute you are adding -- Static, User Attribute, or DN Attribute:
variableName=value
variableName=<%userattr="AttrName"%>
variableName=<#dn="DNSpec" attr="AttrName"#>
To allow SiteMinder to retrieve DN attributes from a nested group, begin DNSpec with an exclamation mark ( ! ) -- for example:
dn="!ou=People,o=security.com"
nEncrypted (int)
Specifies whether the attribute is encrypted. If non-zero, the attribute is encrypted after being included in the assertion.
nMode (int)
Specifies the retrieval mode of this attribute, which is one of the following:
Return Value
The AddAttribute method returns one of the following values:
Remarks
A SAML 2.0 attribute contains information about a principal who is trying to access a resource on the Service Provider -- for example, the principal's user DN.
The defined attribute is included in an attribute statement for all SAML 2.0 assertions that are produced for this Service Provider.
The AddUser method adds a user to the SAML Service Provider. Assertions can be generated for the users associated with a Service Provider.
Syntax
The AddUser method has the following format:
Netegrity::PolicyMgtSAMLServiceProvider‑>AddUser(user)
Parameters
The AddUser method accepts the following parameter:
user (PolicyMgtUser)
Specifies the user to add.
Return Value
The AddUser method returns one of the following values:
The CreateIPConfigHostName method creates an IP configuration object for the Service Provider, based on the specified host name.
Syntax
The CreateIPConfigHostName method has the following format:
Netegrity::PolicyMgtSAMLServiceProvider‑>CreateIPConfigHostName(hostName)
Parameters
The CreateIPConfigHostName method accepts the following parameters:
hostName (string)
Specifies the host name where assertions must originate.
Return Value
The CreateIPConfigHostName method returns one of the following values:
Remarks
This method creates an IP address restriction for the assertion generation policy. With this address restriction, only assertions generated from the specified host will be accepted.
The CreateIPConfigRange method creates an IP configuration object for the Service Provider, based on the specified range of IP addresses.
Syntax
The CreateIPConfigRange method has the following format:
Netegrity::PolicyMgtSAMLServiceProvider‑>CreateIPConfigRange(ipAddr1, ipAddr2)
Parameters
The CreateIPConfigRange method accepts the following parameters:
ipAddr1 (string)
Specifies the first IP address in the range of valid IP addresses.
ipAddr2 (string)
Specifies the last IP address in the range of valid IP addresses.
Return Value
The CreateIPConfigRange method returns one of the following values:
Remarks
This method creates an IP address restriction for the assertion generation policy. With this address restriction, only assertions generated from the specified range of IP addresses will be accepted.
The CreateIPConfigSingleHost method creates an IP configuration object for the Service Provider, based on the specified IP address.
Syntax
The CreateIPConfigSingleHost method has the following format:
Netegrity::PolicyMgtSAMLServiceProvider‑>CreateIPConfigSingleHost(ipAddr)
Parameters
The CreateIPConfigSingleHost method accepts the following parameter:
ipAddr (string)
Specifies the IP address where assertions must originate.
Return Value
The CreateIPConfigSingleHost method returns one of the following values:
Remarks
This method creates an IP address restriction for the assertion generation policy. With this address restriction, only assertions generated from the specified IP address will be accepted.
The CreateIPConfigSubnetMask method creates an IP configuration object for the Service Provider, based on the specified IP address and subnet mask.
Syntax
The CreateIPConfigSubnetMask method has the following format:
Netegrity::PolicyMgtSAMLServiceProvider‑>CreateIPConfigSubnetMask(ipAddr, subnetMask)
Parameters
The CreateIPConfigSubnetMask method accepts the following parameters:
ipAddr (string)
Specifies the IP address used to derive the subnet address.
subnetMask (unsigned long)
Specifies the subnet mask used to derive the subnet address.
Return Value
The CreateIPConfigSubnetMask method returns one of the following values:
Remarks
This method creates an IP address restriction for the assertion generation policy. With this address restriction, only assertions generated from the subnet address will be accepted. The subnet address is derived from the passed IP address and subnet mask. For information about defining the subnet mask value, see the description of the PolicyMgtPolicy‑>CreateIPConfigSubnetMask method.
The DeleteIPConfig method deletes the specified IP configuration object.
Syntax
The DeleteIPConfig method has the following format:
Netegrity::PolicyMgtSAMLServiceProvider‑>DeleteIPConfig(IPConfig)
Parameters
The DeleteIPConfig method accepts the following parameter:
IPConfig (PolicyMgtIPConfig object)
Specifies the IP configuration object to delete.
Return Value
The DeleteIPConfig method returns one of the following values:
Specifies that the method is successful.
Specifies that the method is unsuccessful.
The GetAllAttributes method retrieves all attributes defined for the SAML 2.0 Service Provider.
Syntax
The GetAllAttributes method has the following format:
Netegrity::PolicyMgtSAMLServiceProvider‑>GetAllAttributes()
Parameters
The GetAllAttributes method accepts no parameters.
Return Value
The GetAllAttributes method returns one of the following values:
The GetAllIPConfigs method retrieves all IP configuration objects for the SAML 2.0 Service Provider.
Syntax
The GetAllIPConfigs method has the following format:
Netegrity::PolicyMgtSAMLServiceProvider‑>GetAllIPConfigs()
Parameters
The GetAllIPConfigs method accepts no parameters.
Return Value
The GetAllIPConfigs method returns one of the following values:
The GetAllAssertionConsumerServices method retrieves all Assertion Consumer Services from the SAML 2.0 Service Provider object.
Syntax
The GetAllAssertionConsumerServices method has the following format:
Netegrity::PolicyMgtSAMLServiceProvider‑>GetAllAssertionConsumerServices()
Parameters
The GetAllAssertionConsumerServices method accepts no parameters.
Return Value
The GetAllAssertionConsumerServices method returns one of the following values:
The GetAllUsers method retrieves all users associated with the SAML 2.0 Service Provider. If a user directory is specified, only users who belong to the specified directory are returned.
Syntax
The GetAllUsers method has the following format:
Netegrity::PolicyMgtSAMLServiceProvider‑>GetAllUsers([userDir])
Parameters
The GetAllUsers method accepts the following parameter:
userDir (PolicyMgtUserDir object)
(Optional) Specifies the user directory to which all retrieved users must belong.
Return Value
The GetAllUsers method returns one of the following values:
The Property method sets or retrieves the specified SAML 2.0 metadata property for this Service Provider.
Note: After modifying one or more Service Provider properties using this method, call the PolicyMgtSAMLServiceProvider‑>Save method to write the changes to the policy store.
Syntax
The Property method has the following format:
Netegrity::PolicyMgtSAMLServiceProvider‑>Property(name[, value])
Parameters
The Property method accepts the following parameters:
name (string)
Specifies the property to set or retrieve.
Note: For a complete list of Service Provider metadata properties, see the method PolicyMgtAffDomain‑>CreateSAMLServiceProvider.
value (string)
(Optional) Specifies a new value for the property.
Return Value
The Property method returns one of the following values:
Specifies the property's new or existing value.
Specifies that the call is unsuccessful.
The RemoveAssertionConsumer method removes an existing Assertion Consumer Service from a SAML 2.0 Service Provider.
Syntax
The RemoveAssertionConsumer method has the following format:
Netegrity::PolicyMgtSAMLServiceProvider‑>RemoveAssertionConsumer(pSAMLSPACS)
Parameters
The RemoveAssertionConsumer method accepts the following parameter:
pSAMLSPACS
Specifies the Assertion Consumer Service to remove.
Return Value
The RemoveAssertionConsumer method returns one of the following values:
Specifies that the method is successful.
Specifies that the method is unsuccessful.
The RemoveAttribute method removes the specified attribute from the SAML 2.0 Service Provider.
Syntax
The RemoveAttribute method has the following format:
Netegrity::PolicyMgtSAMLServiceProvider‑>RemoveAttribute(SAMLSPAttr)
Parameters
The RemoveAttribute method accepts the following parameter:
SAMLSPAttr (PolicyMgtSAMLSPAttr object)
Specifies the attribute to remove.
Return Value
The RemoveAttribute method returns one of the following values:
Specifies that the method is successful.
Specifies that the method is unsuccessful.
The RemoveUser method removes the specified user from the SAML 2.0 Service Provider.
Syntax
The RemoveUser method has the following format:
Netegrity::PolicyMgtSAMLServiceProvider‑>RemoveUser(user)
Parameters
The RemoveUser method accepts the following parameter:
user (PolicyMgtUser object)
Specifies the user to remove.
Return Value
The RemoveUser method returns one of the following values:
Specifies that the method is successful.
Specifies that the method is unsuccessful.
The Save method saves any changes made to the SAML 2.0 metadata properties of the Service Provider. Call this method once after making all changes to the SAML 2.0 Service Provider. You must call this method for the changes to take effect. To modify a metadata property, call the PolicyMgtSAMLServiceProvider‑>Property method.
Syntax
The Save method has the following format:
Netegrity::PolicyMgtSAMLServiceProvider‑>Save()
Parameters
The Save method accepts no parameters.
Return Value
The Save method returns one of the following values:
Specifies that the method is successful.
Specifies that the method is unsuccessful.
Specifies that the user does not have the privileges required to change metadata properties.
Specifies that the path and class are empty.
The following methods act on PolicyMgtSAMLSPAttr objects:
The GetAttrNameFormat method retrieves the format of attribute names used with the SAML 2.0 Service Provider. For more information about SAML 2.0 attributes, see the method PolicyMgtSAMLServiceProvider‑>AddAttribute.
Syntax
The GetAttrNameFormat method has the following format:
Netegrity::PolicyMgtSAMLSPAttr‑>GetAttrNameFormat()
Parameters
The GetAttrNameFormat method accepts no parameters.
Return Value
The GetAttrNameFormat method returns one of the following values:
The GetValue method retrieves the value of the SAML 2.0 Service Provider attribute. To retrieve all attributes associated with a Service Provider, call the method PolicyMgtSAMLServiceProvider‑>GetAllAttributes. For more information about SAML 2.0 attributes, see the method PolicyMgtSAMLServiceProvider‑>AddAttribute.
Syntax
The GetValue method has the following format:
Netegrity::PolicyMgtSAMLSPAttr‑>GetValue()
Parameters
The GetValue method accepts no parameters.
Return Value
The GetValue method returns one of the following values:
The following methods act on PolicyMgtSession objects:
The AddAttributeToSAMLScheme method adds a new attribute to the SAML 2.0 authentication scheme definition.
Syntax
The AddAttributeToSAMLScheme method has the following format:
Netegrity::PolicyMgtSession‑>AddAttributeToSAMLScheme(scheme, AttrNameFormat, LocalName, Name)
Parameters
The AddAttributeToSAMLScheme method accepts the following parameters:
scheme (PolicyMgtAuthScheme object)
Specifies the SAML 2.0 authentication scheme.
AttrNameFormat (int)
Specifies the attribute type:
LocalName (string)
Specifies the attribute's name as used locally.
Name (string)
Specifies the attribute's name as defined on the Attribute Authority.
Return Value
The AddAttributeToSAMLScheme method returns one of the following values:
The AddTrustedHost method creates or modifies a trusted host object in the policy store.
Syntax
The AddTrustedHost method has the following format:
Netegrity::PolicyMgtSession‑>AddTrustedHost(trustedHostName[, trustedHostDescription][, trustedHostIpAddress][, sharedSecret])
Parameters
The AddTrustedHost method accepts the following parameters:
trustedHostName (string)
Specifies the name of the trusted host.
trustedHostDescription (string)
(Optional) Specifies the description of the trusted host.
trustedHostIpAddress (string)
(Optional) Specifies the IP address of the trusted host.
sharedSecret (string)
(Optional) Specifies the shared secret.
Note: You must also define the shared secret in the host configuration file by running the SiteMinder tool smreghost with the -sh option. If you do not use the -sh option to specify the shared secret, SiteMinder automatically generates one.
Return Value
The AddTrustedHost method returns one of the following values:
Remarks
You can use the AddTrustedHost method to register the trusted host without first configuring a connection between the Policy Server and the Agent. When you use this method to register the trusted host, you must also run the SiteMinder tool smreghost to define the shared secret in the host configuration file. (The host configuration file is named SmHost.conf by default.) Run smreghost with the -sh option and the shared secret. To retrieve the shared secret in clear text, call the method PolicyMgtTrustedHost‑>GetSecret.
Alternately, you can create the trusted host by calling the method CreateTrustedHost and run smreghost without the -sh option. In this case, SiteMinder automatically creates and configures the trusted host during installation.
Important! SiteMinder generates a random 128-byte ASCII shared secret. When you create the shared secret, it can be any string value. To create a strong shared secret, we strongly recommend that you call the AddTrustedHost method with the sharedSecret parameter set to an empty string. This results in the automatic generation of a shared secret that is random, long, and hard-to-guess.
The CreateAdmin method creates and configures a system-level administrator.
Syntax
The CreateAdmin method has the following format:
Netegrity::PolicyMgtSession‑>CreateAdmin(adminName[, adminDesc][, adminPwd][, userDir][, authScheme])
Parameters
The CreateAdmin method accepts the following parameters:
adminName (string)
Specifies the administrator's name.
adminDesc (string)
(Optional) Specifies the administrator's description.
adminPwd (string)
(Optional) Specifies the administrator's password.
userDir (PolicyMgtUserDir object)
(Optional) Specifies the user directory if the administrator is stored in an external directory.
authScheme (PolicyMgtAuthScheme object)
(Optional) Specifies the authentication scheme to use if the administrator is stored in an external directory.
Note: This parameter is required if an external user directory is specified.
Return Value
The CreateAdmin method returns one of the following values:
Remarks
The Policy Management API does not allow you to create an administrator for a particular domain. However, you can add an existing administrator to a particular domain by calling the method AddAdmin. To create an administrator with domain privileges, use the Administrative UI.
The CreateAffDomain method creates an affiliate domain.
Syntax
The CreateAffDomain method has the following format:
Netegrity::PolicyMgtSession‑>CreateAffDomain(domName[, domDesc])
Parameters
The CreateAffDomain method accepts the following parameters:
domName (string)
Specifies the name of the affiliate domain.
domDesc (string)
(Optional) Specifies the description of the affiliate domain.
Return Value
The CreateAffDomain method returns one of the following values:
Remarks
To implement affiliate domains, you need Federation Security Services.
The CreateAgent method creates and configures a SiteMinder agent.
Syntax
The CreateAgent method has the following format:
Netegrity::PolicyMgtSession‑>CreateAgent(agentName, agentType[, agentDesc][, agentIP][, agentSecret][, realmHintAttrID])
Parameters
The CreateAgent method accepts the following parameters:
agentName (string)
Specifies the name of the agent.
agentType (PolicyMgtAgentType object)
Specifies the type of agent.
agentDesc (string)
(Optional) Specifies the description of the agent.
agentIP (string)
(Optional) Specifies the agent's IP address.
Note: This parameter is required for RADIUS agents.
agentSecret (string)
(Optional) Specifies the shared secret.
Note: To create a v4.x agent, specify the shared secret. To create a v5.x agent, omit this parameter.
realmHintAttrID (int)
(Optional) Specifies the realm hint attribute ID.
Note: This parameter only applies to RADIUS agents.
Return Value
The CreateAgent method returns one of the following values:
The CreateAgentConfig method creates an agent configuration object.
Syntax
The CreateAgentConfig method has the following format:
Netegrity::PolicyMgtSession‑>CreateAgentConfig(agentConfigName[, AgentConfigDesc])
Parameters
The CreateAgentConfig method accepts the following parameters:
agentConfigName (string)
Specifies the name of the agent configuration.
AgentConfigDesc (string)
(Optional) Specifies the description of the agent configuration.
Return Value
The CreateAgentConfig method returns one of the following values:
The CreateAgentGroup method creates an agent group.
Syntax
The CreateAgentGroup method has the following format:
Netegrity::PolicyMgtSession‑>CreateAgentGroup(agentGroupName, agentType[, groupDesc])
Parameters
The CreateAgentGroup method accepts the following parameters:
agentGroupName (string)
Specifies the name of the agent group.
agentType (PolicyMgtAgentType object)
Specifies the type of agent associated with the agent group.
Note: To retrieve the agent type for this method, call the method PolicyMgtSession‑>GetAgentType.
groupDesc (string)
(Optional) Specifies the description of the agent group.
Return Value
The CreateAgentGroup method returns one of the following values:
The CreateAuthAzMap method creates an authentication and authorization directory mapping object.
Syntax
The CreateAuthAzMap method has the following format:
Netegrity::PolicyMgtSession‑>CreateAuthAzMap(authDir, azDir, mapType)
Parameters
The CreateAuthAzMap method accepts the following parameters:
authDir (PolicyMgtUserDir object)
Specifies the user directory to use when authenticating the user.
azDir (PolicyMgtUserDir object)
Specifies the user directory to use when authorizing the user.
mapType (int)
Specifies the type of directory mapping.
Specifies mapping based on a DN.
Specifies mapping based on a universal identifier.
Specifies mapping based on an attribute in the user directory.
Return Value
The CreateAuthAzMap method returns one of the following values:
Remarks
SiteMinder uses the same user directory to authenticate and authorize users. In addition, SiteMinder allows you to specify one user directory for authentication and another user directory for authorization. This feature is called directory mapping. Directory mapping is especially useful, when authentication information is stored in a central directory, but authorization information is stored in multiple directories, each one associated with a particular application.
The CreateAuthScheme method creates and configures an authentication scheme.
Syntax
The CreateAuthScheme method has the following format:
Netegrity::PolicyMgtSession‑>CreateAuthScheme(schemeName, schemeTemplate[, schemeDesc][, protLevel][, schemeLib][, schemeParam][, secret][, isTemplate][, isUsedByAdmin][, saveCreds][, isRadius][, ignorePwd])
Parameters
The CreateAuthScheme method accepts the following parameters:
schemeName (string)
Specifies the authentication scheme's name.
schemeTemplate (PolicyMgtAuthScheme object)
Specifies the template on which to base the authentication scheme.
Note: To view a list of templates, see the method PolicyMgtSession‑>GetAuthScheme.
schemeDesc (string)
(Optional) Specifies the authentication scheme's description.
protLevel (int)
(Optional) Specifies the authentication scheme's protection level.
Range: 1-1000
Note: The higher the protection level value, the more secure the authentication scheme.
schemeLib (string)
(Optional) Specifies the name of the custom library to use in place of the default library shipped with each type of authentication scheme.
schemeParam (string)
(Optional) Specifies a parameter string to pass to the authentication scheme.
Note: For help constructing the parameter string, navigate to the Scheme Type Setup tab on the Authentication Scheme Properties dialog in the Administrative UI. Select the authentication scheme type, type the values in the fields, and observe the result on the Advanced tab.
secret (string)
(Optional) Specifies the authentication scheme's shared secret.
isTemplate (int)
(Optional) Specifies whether the authentication scheme is a template for other authentication schemes.
Default: A zero (0) value specifies that the authentication scheme is not a template.
Note: This parameter is deprecated as of SiteMinder v6.0 SP3.
isUsedByAdmin (int)
(Optional) Specifies whether the authentication scheme can be used to authenticate administrators.
saveCreds (int)
(Optional) Specifies whether to save user credentials.
isRadius (int)
(Optional) Specifies whether the authentication scheme type is RADIUS.
ignorePwd (int)
(Optional) Specifies whether to ignore password policies.
Return Value
The CreateAuthScheme method returns one of the following values:
The CreateCustomCertMap method creates a custom certificate map. The custom certificate map associates user attribute names defined in the certificate's Subject DN with the corresponding user attribute names in the user directory. For authentication to succeed, the values of the mapped user attribute pairs must match. Use the AttributeMap parameter to define the attribute names that are mapped.
Syntax
The CreateCustomCertMap method has the following format:
Netegrity::PolicyMgtSession‑>CreateCustomCertMap(IssuerDN, AttributeMap[, DirectoryType])
Parameters
The CreateCustomCertMap method accepts the following parameters:
IssuerDN (string)
Specifies the certificate issuer's distinguished name.
AttributeMap (string)
Specifies an expression that maps attribute names in the certificate's Subject DN to attribute names in the user directory.
Syntax: UserAttrName1=%{CertAttrName1},UserAttrName2=%{CertAttrName2}, . . . UserAttrName#=%{CertAttrName#}
Example:
Certificate's Subject DN contains: CN=John Smith, UID=JSMITH, OU=Development, O=CompanyA
AttributeMap contains: CN=%{UID}, OU=%{OU}, O=%{O}
Matching user DN in the user directory: CN=JSMITH, OU=Development, O=CompanyA
DirectoryType (int)
(Optional) Specifies the type of user directory specified as the authentication directory:
Note: This is the default.
Return Value
The CreateCustomCertMap method returns one of the following values:
Remarks
When a certificate map is created, the following flags are set to false, the default value:
For information on changing the value of these flags, see the method PolicyMgtSession‑>CreateExactCertMap.
Copyright © 2012 CA.
All rights reserved.
|
|