The GetAuthScheme method retrieves the specified authentication scheme object. Existing authentication schemes are specified by name. To create a new authentication scheme, use this method to retrieve the type of authentication scheme object or template upon which you want the new scheme to be based. Then, pass the resulting object to the PolicyMgtSession‑>CreateAuthScheme method in the schemeTemplate parameter. For information about creating a SAML 2.0 authentication scheme, see the method PolicyMgtSession‑>CreateSAMLAuthScheme.
Syntax
The GetAuthScheme method has the following format:
Netegrity::PolicyMgtSession‑>GetAuthScheme(schemeName)
Parameters
The GetAuthScheme method accepts the following parameter:
schemeName (string)
Specifies one of the following:
Return Value
The GetAuthScheme method returns one of the following values:
The GetCertMap method retrieves the certificate mapping object specified by the certificate issuer's DN.
Syntax
The GetCertMap method has the following format:
Netegrity::PolicyMgtSession‑>GetCertMap(issuerDN)
Parameters
The GetCertMap method accepts the following parameter:
issuerDN (string)
Specifies the certificate issuer's DN.
Return Value
The GetCertMap method returns one of the following values:
The GetDomain method retrieves the specified policy domain object.
Syntax
The GetDomain method has the following format:
Netegrity::PolicyMgtSession‑>GetDomain(domName)
Parameters
The GetDomain method accepts the following parameter:
domName (string)
Specifies the name of the domain to retrieve.
Return Value
The GetDomain method returns one of the following values:
The GetGlobalPolicy method retrieves the specified global policy object.
Syntax
The GetGlobalPolicy method has the following format:
Netegrity::PolicyMgtSession‑>GetGlobalPolicy(policyName)
Parameters
The GetGlobalPolicy method accepts the following parameter:
policyName (string)
Specifies the name of the global policy to retrieve.
Return Value
The GetGlobalPolicy method returns one of the following values:
The GetGlobalResponse method retrieves the specified global response object.
Syntax
The GetGlobalResponse method has the following format:
Netegrity::PolicyMgtSession‑>GetGlobalResponse(responseName)
Parameters
The GetGlobalResponse method accepts the following parameter:
responseName (string)
Specifies the name of the global response to retrieve.
Return Value
The GetGlobalResponse method returns one of the following values:
The GetGlobalRule method retrieves the specified global rule object.
Syntax
The GetGlobalRule method has the following format:
Netegrity::PolicyMgtSession‑>GetGlobalRule(ruleName)
Parameters
The GetGlobalRule method accepts the following parameter:
ruleName (string)
Specifies the name of the global rule to retrieve.
Return Value
The GetGlobalRule method returns one of the following values:
The GetHostConfig method retrieves the specified host configuration object.
Syntax
The GetHostConfig method has the following format:
Netegrity::PolicyMgtSession‑>GetHostConfig(hcName)
Parameters
The GetHostConfig method accepts the following parameter:
hcName (string)
Specifies the name of the host configuration object to retrieve.
Return Value
The GetHostConfig method returns one of the following values:
The GetODBCQueryScheme method retrieves the specified ODBC query scheme object.
Syntax
The GetODBCQueryScheme method has the following format:
Netegrity::PolicyMgtSession‑>GetODBCQueryScheme(schemeName)
Parameters
The GetODBCQueryScheme method accepts the following parameter:
schemeName (string)
Specifies the ODBC query scheme to retrieve.
Return Value
The GetODBCQueryScheme method returns one of the following values:
The GetPwdPolicy method retrieves the specified password policy object.
Syntax
The GetPwdPolicy method has the following format:
Netegrity::PolicyMgtSession‑>GetPwdPolicy(pwdPolicyName)
Parameters
The GetPwdPolicy method accepts the following parameter:
pwdPolicyName (string)
Specifies the name of the password policy to retrieve.
Return Value
The GetPwdPolicy method returns one of the following values:
The GetRegScheme method retrieves the specified registration scheme object.
Syntax
The GetRegScheme method has the following format:
Netegrity::PolicyMgtSession‑>GetRegScheme(schemeName)
Parameters
The GetRegScheme method accepts the following parameter:
schemeName (string)
Specifies the name of the registration scheme to retrieve.
Return Value
The GetRegScheme method returns one of the following values:
The GetSAMLAffiliation method retrieves the specified SAML 2.0 affiliation object.
Syntax
The GetSAMLAffiliation method has the following format:
Netegrity::PolicyMgtSession‑>GetSAMLAffiliation(affilName)
Parameters
The GetSAMLAffiliation method accepts the following parameter:
affilName (string)
Specifies the name or OID of the SAML affiliation to retrieve.
Note: When an OID is specified, it can be prefixed with the "@" character.
Return Value
The GetSAMLAffiliation method returns one of the following values:
The GetSAMLAffiliationById method retrieves the SAML 2.0 affiliation object specified by the affiliation ID passed to the method.
Syntax
The GetSAMLAffiliationById method has the following format:
Netegrity::PolicyMgtSession‑>GetSAMLAffiliationById(affilID)
Parameters
The GetSAMLAffiliationById method accepts the following parameter:
affilID (string)
Specifies the affiliation ID of the SAML affiliation to retrieve.
Return Value
The GetSAMLAffiliationById method returns one of the following values:
The GetSharedSecretPolicy method retrieves the specified shared secret rollover policy object. Because each policy store domain can have only one shared secret rollover policy, there is no need to pass the name of the policy to this method.
Syntax
The GetSharedSecretPolicy method has the following format:
Netegrity::PolicyMgtSession‑>GetSharedSecretPolicy()
Parameters
The GetSharedSecretPolicy method accepts no parameters.
Return Value
The GetSharedSecretPolicy method returns the following value:
The GetTrustedHost method retrieves the specified trusted host object.
Syntax
The GetTrustedHost method has the following format:
Netegrity::PolicyMgtSession‑>GetTrustedHost(thName)
Parameters
The GetTrustedHost method accepts the following parameter:
thName (string)
Specifies the name of the trusted host to retrieve.
Return Value
The GetTrustedHost method returns one of the following values:
The GetUserDir method retrieves the specified user directory object.
Syntax
The GetUserDir method has the following format:
Netegrity::PolicyMgtSession‑>GetUserDir(dirName)
Parameters
The GetUserDir method accepts the following parameter:
dirName (string)
Specifies the name of the user directory to retrieve.
Return Value
The GetUserDir method returns one of the following values:
The GetVariableType method retrieves the specified variable type object. To create a new variable object of the specified type, pass the resulting variable type object to the CreateVariable method in the varType parameter.
Syntax
The GetVariableType method has the following format:
Netegrity::PolicyMgtSession‑>GetVariableType(varTypeName)
Parameters
The GetVariableType method accepts the following parameter:
varTypeName (string)
Specifies one of the following variable type names:
Post
UserContext
RequestContext
Static
WebService
XMLBody
XMLAgent
XMLEnvelopeHeader
Transport
SAMLAssertion
Note: Variable type names are case-sensitive and must not contain spaces.
Return Value
The GetVariableType method returns one of the following values:
Remarks
You cannot create a TransactionMinder variable with the Command Line Interface. If you have TransactionMinder and the Option Pack installed, you can create TransactionMinder variables in the Administrative UI.
The RemoveAttributeFromSAMLScheme method removes an attribute from a SAML 2.0 authentication scheme.
Syntax
The RemoveAttributeFromSAMLScheme method has the following format:
Netegrity::PolicyMgtSession‑>RemoveAttributeFromSAMLScheme(scheme, pSAMLRequesterAttr)
Parameters
The RemoveAttributeFromSAMLScheme method accepts the following parameters:
scheme (PolicyMgtAuthScheme object)
Specifies the SAML 2.0 authentication scheme from which to remove the attribute.
pSAMLRequesterAttribute (string)
Specifies the attribute to remove.
Return Value
The RemoveAttributeFromSAMLScheme method returns one of the following values:
Specifies that the method is successful.
Specifies that the method is unsuccessful.
The SAMLAuthSchemeProperties method sets or retrieves the SAML 2.0 metadata properties that reside in an existing SAML 2.0 authentication scheme. For a complete list of SAML 2.0 metadata properties, see the method PolicyMgtSession‑>CreateSAMLAuthScheme.
Syntax
The SAMLAuthSchemeProperties method has the following format:
Netegrity::PolicyMgtSession‑>SAMLAuthSchemeProperties(scheme, propsHash_ref)
Parameters
The SAMLAuthSchemeProperties method accepts the following parameters:
scheme (PolicyMgtAuthScheme object)
Specifies the authentication scheme whose metadata properties are set or retrieved.
propsHash_ref (hash)
Specifies a reference to a hashtable of metadata properties to set or retrieve.
Return Value
The SAMLAuthSchemeProperties method returns one of the following values:
Specifies that the method is successful.
Specifies that the method is unsuccessful.
Remarks
When the hashtable is empty, the SAMLAuthSchemeProperties method retrieves all metadata properties. You can define an empty hashtable as follows:
%myhash=();
Then, you can reference the empty hashtable as follows:
\%myhash
Finally, you can pass the hashtable reference to the SAMLAuthSchemeProperties method through the propsHash_ref parameter.
The WSFEDAuthSchemeProperties method sets or retrieves the WS-Federation metadata properties in an existing WS-Federation authentication scheme. For a complete list of WS-Federation metadata properties, see the method PolicyMgtSession‑>CreateWSFEDAuthScheme.
Syntax
The WSFEDAuthSchemeProperties method has the following format:
Netegrity::PolicyMgtSession‑>WSFEDAuthSchemeProperties(scheme, propsHash_ref)
Parameters
The WSFEDAuthSchemeProperties method accepts the following parameters:
scheme (PolicyMgtAuthScheme object)
Specifies the authentication scheme whose WS-Federation metadata properties are set or retrieved.
propsHash_ref (hash)
Specifies a reference to a hashtable of metadata properties to set or retrieve.
Return Value
The WSFEDAuthSchemeProperties method returns one of the following values:
Specifies that the method is successful.
Specifies that the method is unsuccessful.
Remarks
When the hashtable is empty, the WSFEDAuthSchemeProperties method retrieves all metadata properties. You can define an empty hashtable as follows:
%myhash=();
Then, you can reference the empty hashtable as follows:
\%myhash
Finally, you can pass the hashtable reference to the WSFEDAuthSchemeProperties method through the propsHash_ref parameter.
The following methods act on PolicyMgtSharedSecretPolicy objects:
The Enabled method sets or retrieves the flag that specifies whether the shared secret rollover policy is enabled.
Syntax
The Enabled method has the following format:
Netegrity::PolicyMgtSharedSecretPolicy‑>Enabled([enableFlag])
Parameters
The Enabled method accepts the following parameter:
enableFlag (int)
(Optional) Specifies a new value for the enabled flag.
Specifies enabling the shared secret rollover policy.
Specifies disabling the shared secret rollover policy.
Return Value
The Enabled method returns the new or existing value for the enabled flag:
Specifies that the shared secret rollover policy is enabled.
Specifies that the shared secret rollover policy is disabled.
Remarks
If the shared secret rollover policy is enabled, rollover must also be enabled for any trusted host whose shared secret needs to be synchronized with the rollover policy's shared secret. To enable rollover for a trusted host object, call the method PolicyMgtTrustedHost‑>RolloverEnabled.
The RolloverFrequency method sets or retrieves the rollover frequency for the rollover policy. This value determines how often the shared secret is automatically updated in the time period specified by the method PolicyMgtSharedSecretPolicy‑>RolloverPeriod.
Syntax
The RolloverFrequency method has the following format:
Netegrity::PolicyMgtSharedSecretPolicy‑>RolloverFrequency([rollFreq])
Parameters
The RolloverFrequency method accepts the following parameter:
rollFreq (int)
(Optional) Specifies a new value for the rollover frequency.
Range: rollFreq >= 1
Return Value
The RolloverFrequency method returns the following value:
Specifies the new or existing value for the rollover frequency.
The RolloverPeriod method sets or retrieves the rollover period for the rollover policy. The rollover period can have one of four values: hourly, daily, weekly, or monthly. The rollover period is used with the rollover frequency to specify how often the shared secret is automatically changed. For example, if the rollover frequency is two and the rollover period is weekly, then the shared secret is automatically changed every two weeks. To set the rollover frequency, call the PolicyMgtSharedSecretPolicy‑>RolloverFrequency method.
Syntax
The RolloverPeriod method has the following format:
Netegrity::PolicyMgtSharedSecretPolicy‑>RolloverPeriod([rollPeriod])
Parameters
The RolloverPeriod method accepts the following parameter:
rollPeriod (int)
(Optional) Specifies a new value for the rollover period.
Specifies that the rollover period is hourly.
Specifies that the rollover period is daily.
Specifies that the rollover period is weekly.
Specifies that the rollover period is monthly.
Return Value
The RolloverPeriod method returns one of the following values:
Specifies the new or existing value for the rollover period.
Range: 0-3
Specifies that the return value is not in the 0-3 range.
The Save method saves the shared secret policy object to the policy store. Call this method once after making all changes to the shared secret policy object. You must call this method for the changes to take effect.
Syntax
The Save method has the following format:
Netegrity::PolicyMgtSharedSecretPolicy‑>Save()
Parameters
The Save method accepts no parameters.
Return Value
The Save method returns one of the following values:
Specifies that the call is successful.
Specifies that the call is unsuccessful.
The following methods act on PolicyMgtTrustedHost objects:
The GetDescription method retrieves the description of the trusted host.
Syntax
The GetDescription method has the following format:
Netegrity::PolicyMgtTrustedHost‑>GetDescription()
Parameters
The GetDescription method accepts no parameters.
Return Value
The GetDescription method returns the following value:
The GetIPAddress method retrieves the IP address of the trusted host.
Syntax
The GetIPAddress method has the following format:
Netegrity::PolicyMgtTrustedHost‑>GetIPAddress()
Parameters
The GetIPAddress method accepts no parameters.
Return Value
The GetIPAddress method returns the following value:
The GetName method retrieves the name of the trusted host.
Syntax
The GetName method has the following format:
Netegrity::PolicyMgtTrustedHost‑>GetName()
Parameters
The GetName method accepts no parameters.
Return Value
The GetName method returns the following value:
The GetSecret method retrieves the shared secret of the trusted host in clear text.
Syntax
The GetSecret method has the following format:
Netegrity::PolicyMgtTrustedHost‑>GetSecret()
Parameters
The GetSecret method accepts no parameters.
Return Value
The GetSecret method returns one of the following values:
The RolloverEnabled method sets or retrieves the shared secret rollover flag that specifies whether shared secret rollover is enabled for this trusted host.
Syntax
The RolloverEnabled method has the following format:
Netegrity::PolicyMgtTrustedHost‑>RolloverEnabled([rolloverEnabled])
Parameters
The RolloverEnabled method accepts the following parameter:
rolloverEnabled (int)
(Optional) Specifies a new value for the shared secret rollover flag.
Specifies that shared secret rollover is enabled for this trusted host.
Specifies that shared secret rollover is not enabled for this trusted host.
Return Value
The RolloverEnabled method returns the new or existing value for the shared secret rollover flag:
Specifies that shared secret rollover is enabled for this trusted host.
Specifies that shared secret rollover is not enabled for this trusted host.
Specifies that the call is unsuccessful.
Remarks
If shared secret rollover is enabled for this trusted host, it must also be enabled in the PolicyMgtSharedSecretPolicy object in the policy store domain where the trusted host is registered. If shared secret rollover is not enabled in this object, call the method PolicyMgtSharedSecretPolicy‑>Enabled to enable it.
The SetSecret method sets the shared secret of the trusted host.
Syntax
The SetSecret method has the following format:
Netegrity::PolicyMgtTrustedHost‑>SetSecret([sharedSecret])
Parameters
The SetSecret method accepts the following parameter:
sharedSecret (string)
(Optional) Specifies the shared secret to set for the trusted host.
Note: If no shared secret is specified, SiteMinder generates a random 128-byte ASCII shared secret for the trusted host.
Return Value
The SetSecret method returns one of the following values:
Specifies the new shared secret for the trusted host.
Specifies that the call is unsuccessful.
Remarks
When you use this method to set the shared secret, you must also run the SiteMinder tool smreghost to define the new shared secret in the host configuration file. (The host configuration file is named SmHost.conf by default.) Run smreghost with the -sh option. For more information, see the method PolicyMgtSession‑>AddTrustedHost.
Note: You can schedule shared secret rollovers, so that they happen automatically. For more information about this feature, see the Policy Server Configuration Guide.
The following methods act on PolicyMgtUser objects:
The DisableByAdmin method sets or retrieves the disabled-by-administrator flag which specifies whether the user account is disabled by the administrator.
Syntax
The DisableByAdmin method has the following format:
Netegrity::PolicyMgtUser‑>DisableByAdmin([disableFlag])
Parameters
The DisableByAdmin method accepts the following parameter:
disableFlag (int)
(Optional) Specifies a new value for the disabled-by-administrator flag.
Specifies that the user account is disabled by the administrator.
Specifies that the user account is not disabled by the administrator.
Note: The user account can be disabled for other reasons. For more information, see Remarks.
Return Value
The DisableByAdmin method returns the new or existing value for the disabled-by-administrator flag:
Specifies that the user account is disabled by the administrator.
Specifies that the user account is not disabled by the administrator.
Note: The user account can be disabled for other reasons. For more information, see Remarks.
Specifies that the call is unsuccessful.
Remarks
User accounts can be disabled for one or more of the following reasons:
For more information, see the method PolicyMgtUser‑>DisableInactive.
For more information, see the method PolicyMgtUser‑>DisableMaxLoginFail.
For more information, see the method PolicyMgtUser‑>DisablePwdExpired.
The DisableInactive method sets or retrieves the disabled-by-inactivity flag which specifies whether the user account is disabled because account inactivity exceeded the time allowed.
Syntax
The DisableInactive method has the following format:
Netegrity::PolicyMgtUser‑>DisableInactive([disableFlag])
Parameters
The DisableInactive method accepts the following parameter:
disableFlag (int)
(Optional) Specifies a new value for the disabled-by-inactivity flag.
Specifies that the user account is disabled because of inactivity.
Specifies that the user account is not disabled because of inactivity.
Note: The user account can be disabled for other reasons. For more information, see Remarks.
Return Value
The DisableInactive method returns the new or existing value for the disabled-by-inactivity flag:
Specifies that the user account is disabled because of inactivity.
Specifies that the user account is not disabled because of inactivity.
Note: The user account can be disabled for other reasons. For more information, see Remarks.
Specifies that the call is unsuccessful.
Remarks
User accounts can be disabled for one or more of the following reasons:
For more information, see the method PolicyMgtUser‑>DisableByAdmin.
For more information, see the method PolicyMgtUser‑>DisableMaxLoginFail.
For more information, see the method PolicyMgtUser‑>DisablePwdExpired.
The DisableMaxLoginFail method sets or retrieves the disabled-by-max-login-failure flag which specifies whether the user account is disabled because the number of login failures exceeded the maximum allowed.
Syntax
The DisableMaxLoginFail method has the following format:
Netegrity::PolicyMgtUser‑>DisableMaxLoginFail([disableFlag])
Parameters
The DisableMaxLoginFail method accepts the following parameter:
disableFlag (int)
(Optional) Specifies a new value for the disabled-by-max-login-failure flag.
Specifies that the user account is disabled because the number of login failures exceeded the maximum allowed.
Specifies that the user account is not disabled because the number of login failures exceeded the maximum allowed.
Note: The user account can be disabled for other reasons. For more information, see Remarks.
Return Value
The DisableMaxLoginFail method returns the new or existing value for the disabled-by-max-login-failure flag:
Specifies that the user account is disabled because the number of login failures exceeded the maximum allowed.
Specifies that the user account is not disabled because the number of login failures exceeded the maximum allowed.
Note: The user account can be disabled for other reasons. For more information, see Remarks.
Specifies that the call is unsuccessful.
Remarks
User accounts can be disabled for one or more of the following reasons:
For more information, see the method PolicyMgtUser‑>DisableByAdmin.
For more information, see the method PolicyMgtUser‑>DisableInactive.
For more information, see the method PolicyMgtUser‑>DisablePwdExpired.
The DisablePwdExpired method sets or retrieves the disabled-by-password-expired flag that specifies whether the user account is disabled because the password expired.
Syntax
The DisablePwdExpired method has the following format:
Netegrity::PolicyMgtUser‑>DisablePwdExpired([disableFlag])
Parameters
The DisablePwdExpired method accepts the following parameter:
disableFlag (int)
(Optional) Specifies a new value for the disabled-by-password-expired flag.
Specifies that the user account is disabled because the password expired.
Specifies that the user account is not disabled because the password expired.
Return Value
The DisablePwdExpired method returns the new or existing value for the disabled-by-password-expired flag:
Specifies that the user account is disabled because the password expired.
Specifies that the user account is not disabled because the password expired.
Note: The user account can be disabled for other reasons. For more information, see Remarks.
Specifies that the call is unsuccessful.
Remarks
User accounts can be disabled for one or more of the following reasons:
For more information, see the method PolicyMgtUser‑>DisableByAdmin.
For more information, see the method PolicyMgtUser‑>DisableInactive.
For more information, see the method PolicyMgtUser‑>DisableMaxLoginFail.
The ForcePwdChange method sets or retrieves the force-password-change flag that specifies whether to force a password change at the next user login.
Syntax
The ForcePwdChange method has the following format:
Netegrity::PolicyMgtUser‑>ForcePwdChange([forceFlag])
Parameters
The ForcePwdChange method accepts the following parameter:
forceFlag (int)
(Optional) Specifies whether to force a password change at the next user login.
Specifies forcing a password change at the next user login.
Specifies not forcing a password change at the next user login.
Return Value
The ForcePwdChange method returns the new or existing value for the force-password-change flag.
Specifies forcing a password change at the next user login.
Specifies not forcing a password change at the next user login.
Specifies that the call is unsuccessful.
The GetClass method retrieves the user class.
Syntax
The GetClass method has the following format:
Netegrity::PolicyMgtUser‑>GetClass()
Parameters
The GetClass method accepts no parameters.
Return Value
The GetClass method returns one of the following values:
Example: "organization"
The GetPath method retrieves the user path. The user path is the distinguished name (DN).
Syntax
The GetPath method has the following format:
Netegrity::PolicyMgtUser‑>GetPath()
Parameters
The GetPath method accepts no parameters.
Return Value
The GetPath method returns one of the following values:
Specifies the user path or distinguished name (DN).
Specifies that the call is unsuccessful.
The SetPassword method sets a new password for the user.
Syntax
The SetPassword method has the following format:
Netegrity::PolicyMgtUser‑>SetPassword(newPwd[, oldPwd])
Parameters
The SetPassword method accepts the following parameters:
newPwd (string)
Specifies the new password.
oldPwd (string)
(Optional) Specifies the old password to change.
Note: If provided, this value must match the existing password in the user directory.
Return Value
The SetPassword method returns one of the following values:
Specifies that the password change is successful.
Specifies that the password change is unsuccessful.
The UserPasswordState method sets or retrieves the password state object for the current user. Setting a new password state object updates the object's attributes with any changes that have been made. This method also clears the password history if specified by the empty-history flag.
Syntax
The UserPasswordState method has the following format:
Netegrity::PolicyMgtUser‑>UserPasswordState([pPwState][, emptyHistoryFlag])
Parameters
The UserPasswordState method accepts the following parameters:
pPwState (PolicyMgtUserPasswordState)
(Optional) Specifies the new password state object to set.
emptyHistoryFlag (int)
(Optional) Specifies whether to clear the password history.
Specifies not clearing the password history.
Specifies clearing the password history.
Note: Clearing the password history sets the last-password-change-time attribute to 0. For more information, see the method PolicyMgtUserPasswordState‑>LastPWChangeTime.
Return Value
The UserPasswordState method returns one of the following values:
The ValidatePassword method determines whether the user's password conforms to the password policy. Call ValidatePassword before calling the method SetPassword.
Syntax
The ValidatePassword method has the following format:
Netegrity::PolicyMgtUser‑>ValidatePassword(password)
Parameters
The ValidatePassword method accepts the following parameters:
password (string)
Specifies the password to validate.
Return Value
The ValidatePassword method returns one of the following values:
Specifies that the password is valid.
Specifies that the password is not valid.
The following methods act on PolicyMgtUserDir objects:
The AnonymousIDAttr method sets or retrieves the name of the user directory's anonymous user DN attribute. The DN, which is defined in the anonymous authentication scheme, gives anonymous users access to resources protected by the anonymous authentication scheme. You can use the AnonymousIDAttr method with LDAP directories and some custom directories.
Syntax
The AnonymousIDAttr method has the following format:
Netegrity::PolicyMgtUserDir‑>AnonymousIDAttr([anonIDAttr])
Parameters
The AnonymousIDAttr method accepts the following parameter:
anonIDAttr (string)
(Optional) Specifies a new name for the anonymous user DN attribute.
Return Value
The AnonymousIDAttr method returns one of the following values:
Specifies the new or existing name of the anonymous user DN attribute.
Specifies that the call is unsuccessful.
The ChalRespAttr method sets or retrieves the name of the user directory's challenge/response attribute. You can use the ChalRespAttr method with LDAP directories and some custom directories.
Syntax
The ChalRespAttr method has the following format:
Netegrity::PolicyMgtUserDir‑>ChalRespAttr([chalRespAttr])
Parameters
The ChalRespAttr method accepts the following parameter:
chalRespAttr (string)
(Optional) Specifies a new name for the user directory's challenge/response attribute.
Return Value
The ChalRespAttr method returns one of the following values:
Specifies the new or existing name of the user directory's challenge/response attribute.
Specifies that the call is unsuccessful.
The Description method sets or retrieves the description of the user directory.
Syntax
The Description method has the following format:
Netegrity::PolicyMgtUserDir‑>Description([userDirDesc])
Parameters
The Description method accepts the following parameter:
userDirDesc (string)
(Optional) Specifies a new description for the user directory.
Return Value
The Description method returns one of the following values:
Specifies the new or existing description of the user directory.
Specifies that the call is unsuccessful.
The DisabledAttr method sets or retrieves the name of the user directory attribute that contains the user's disabled state. This method applies to LDAP and ODBC directories and some custom directories.
Syntax
The DisabledAttr method has the following format:
Netegrity::PolicyMgtUserDir‑>DisabledAttr([disabledAttr])
Parameters
The DisabledAttr method accepts the following parameter:
disabledAttr (string)
(Optional) Specifies a new name for the user directory attribute that contains the user's disabled state.
Return Value
The DisabledAttr method returns one of the following values:
Specifies the new or existing name of the user directory attribute that contains the user's disabled state.
Specifies that the call is unsuccessful.
The EmailAttr method sets or retrieves the name of the email attribute.
Note: This method is reserved for future use.
Syntax
The EmailAttr method has the following format:
Netegrity::PolicyMgtUserDir‑>EmailAttr([emailAttr])
Parameters
The EmailAttr method accepts the following parameter:
emailAttr (string)
(Optional) Specifies a new name for the email attribute.
Return Value
The EmailAttr method returns one of the following values:
Specifies the new or existing name of the email attribute.
Specifies that the call is unsuccessful.
The EnableSecurityContext method sets or retrieves the user directory flag that specifies whether security context is enabled.
Syntax
The EnableSecurityContext method has the following format:
Netegrity::PolicyMgtUserDir‑>EnableSecurityContext([securityctxflag])
Parameters
The EnableSecurityContext method accepts the following parameter:
securityctxflag (int)
(Optional) Specifies a new value for the user directory's security context flag :
Return Value
The EnableSecurityContext method returns the new or existing value for the security context flag:
Specifies that security context is enabled.
Specifies that security context is disabled.
Specifies that the call is unsuccessful.
The GetContents method retrieves all users in the user directory.
Syntax
The GetContents method has the following format:
Netegrity::PolicyMgtUserDir‑>GetContents()
Parameters
The GetContents method accepts no parameters.
Return Value
The GetContents method returns one of the following values:
The GetNamespace method retrieves the user directory namespace.
Syntax
The GetNamespace method has the following format:
Netegrity::PolicyMgtUserDir‑>GetNamespace()
Parameters
The GetNamespace method accepts no parameters.
Return Value
The GetNamespace method returns one of the following values:
The IsSecure method sets or retrieves the flag that specifies whether SiteMinder performs secure authentication for an LDAP or custom user directory. When this flag is enabled, SiteMinder authentication is secure and transmissions are encrypted. Enable this flag when using SSL.
Syntax
The IsSecure method has the following format:
Netegrity::PolicyMgtUserDir‑>IsSecure([secureFlag])
Parameters
The IsSecure method accepts the following parameter:
secureFlag (int)
(Optional) Specifies whether SiteMinder performs secure authentication:
Return Value
The IsSecure method returns the new or existing value for the secure authentication flag:
Specifies that secure authentication is enabled.
Specifies that secure authentication is disabled.
Specifies that the call is unsuccessful.
The LookupEntry method retrieves the user or users in the user directory that match the specified search pattern.
Syntax
The LookupEntry method has the following format:
Netegrity::PolicyMgtUserDir‑>LookupEntry(srchPattern)
Parameters
The LookupEntry method accepts the following parameter:
srchPattern (string)
Specifies the pattern to match when searching for users in the user directory.
Return Value
The LookupEntry method returns one of the following values:
The MaxResults method sets or retrieves the maximum number of search results to return from a search of an LDAP or custom user directory.
Syntax
The MaxResults method has the following format:
Netegrity::PolicyMgtUserDir‑>MaxResults([nResults])
Parameters
The MaxResults method accepts the following parameter:
nResults (int)
(Optional) Specifies a new number for the maximum results to return from a user directory search.
Return Value
The MaxResults method returns one of the following values:
Specifies the new or existing maximum number of results to return from a user directory search.
Specifies that the call is unsuccessful.
The Name method sets or retrieves the name of the user directory.
Syntax
The Name method has the following format:
Netegrity::PolicyMgtUserDir‑>Name([userDirName])
Parameters
The Name method accepts the following parameter:
userDirName (string)
(Optional) Specifies a new name for the user directory.
Return Value
The Name method returns one of the following values:
Specifies the new or existing name of the user directory.
Specifies that the call is unsuccessful.
The ODBCQueryScheme method sets or retrieves the ODBC query scheme for the user directory.
Syntax
The ODBCQueryScheme method has the following format:
Netegrity::PolicyMgtUserDir‑>ODBCQueryScheme([odbcScheme])
Parameters
The ODBCQueryScheme method accepts the following parameters:
odbcScheme (PolicyMgtODBCQueryScheme)
(Optional) Specifies a new ODBC query scheme for the user directory.
Return Value
The ODBCQueryScheme method returns one of the following values:
The Password method sets or retrieves the user password for access to the user directory.
Syntax
The Password method has the following format:
Netegrity::PolicyMgtUserDir‑>Password([pwd])
Parameters
The Password method accepts the following parameter:
pwd (string)
(Optional) Specifies a new user password for access to the user directory.
Return Value
The Password method returns one of the following values:
Specifies the new or existing user password.
Specifies that the call is unsuccessful.
The PwdAttr method sets or retrieves the name of the user directory's password attribute.
Syntax
The PwdAttr method has the following format:
Netegrity::PolicyMgtUserDir‑>PwdAttr([pwdAttr])
Parameters
The PwdAttr method accepts the following parameter:
pwdAttr (string)
(Optional) Specifies a new name for the user directory's password attribute.
Return Value
The PwdAttr method returns one of the following values:
Specifies the new or existing name of the user directory's password attribute.
Specifies that the call is unsuccessful.
The PwdDataAttr method sets or retrieves the name of the user directory's password data attribute.
Syntax
The PwdDataAttr method has the following format:
Netegrity::PolicyMgtUserDir‑>PwdDataAttr([pwdDataAttr])
Parameters
The PwdDataAttr method accepts the following parameter:
pwdDataAttr (string)
(Optional) Specifies a new name for the user directory's password data attribute.
Return Value
The PwdDataAttr method returns one of the following values:
Specifies the new or existing name of the user directory's password data attribute.
Specifies that the call is unsuccessful.
The RequireCredentials method sets or retrieves the flag that specifies whether SiteMinder is required to check user credentials.
Syntax
The RequireCredentials method has the following format:
Netegrity::PolicyMgtUserDir‑>RequireCredentials([credFlag])
Parameters
The RequireCredentials method accepts the following parameter:
credFlag (int)
(Optional) Specifies whether SiteMinder is required to check user credentials:
Return Value
The RequireCredentials method returns the new or existing value for the require credentials flag:
Specifies that credentials are required.
Specifies that credentials are not required.
Specifies that the call is unsuccessful.
The SearchRoot method sets or retrieves different values for different directory types:
The SearchRoot method sets or retrieves the location in the LDAP tree that is the starting point for the directory connection, for example, the organization (o) or organizational unit (ou). This location, called the search root, is the point where the Policy Server starts the search for a user.
The SearchRoot method sets or retrieves a string of parameters to pass to the custom library.
Syntax
The SearchRoot method has the following format:
Netegrity::PolicyMgtUserDir‑>SearchRoot([srchRoot])
Parameters
The SearchRoot method accepts the following parameter:
srchRoot (string)
Specifies a new search root for an LDAP directory or parameter string for a custom directory.
Return Value
The SearchRoot method returns one of the following values:
Specifies the new or existing search root for an LDAP directory or parameter string for a custom directory.
Specifies that the call is unsuccessful.
The SearchScope method sets or retrieves the search scope for an LDAP user directory. The search scope specifies how many levels SiteMinder searches for users or user groups in the LDAP directory.
Syntax
The SearchScope method has the following format:
Netegrity::PolicyMgtUserDir‑>SearchScope([searchScope])
Parameters
The SearchScope method accepts the following parameter:
searchScope (int)
(Optional) Specifies a new search scope for an LDAP user directory:
Specifies searching the root and all levels below.
Specifies searching the root and one level below.
Return Value
The SearchScope method returns one of the following new or existing values:
Specifies searching the root and all levels below.
Specifies searching the root and one level below.
Specifies that the call is unsuccessful.
The SearchTimeout method sets or retrieves the maximum time, in seconds, allowed for searching an LDAP or custom user directory.
Syntax
The SearchTimeout method has the following format:
Netegrity::PolicyMgtUserDir‑>SearchTimeout([maxTimeout])
Parameters
The SearchTimeout method accepts the following parameter:
maxTimeout (int)
(Optional) Specifies a new maximum time (in seconds) allowed for searching an LDAP or custom user directory.
Return Value
The SearchTimeout method returns one of the following values:
Specifies the new or existing maximum time (in seconds) allowed for searching an LDAP or custom user directory.
Specifies that the call is unsuccessful.
The Server method sets or retrieves a value. The type of value depends on the type of user directory, as follows:
The Server method sets or retrieves the LDAP server's IP address and port number.
The Server method sets or retrieves the data source name.
The Server method sets or retrieves the domain name.
The Server method sets or retrieves the library name.
Syntax
The Server method has the following format:
Netegrity::PolicyMgtUserDir‑>Server([server])
Parameters
The Server method accepts the following parameter:
server (string)
(Optional) Specifies a new value for one of the following types of directories:
Specifies a new IP address and port number for the LDAP server.
Format: IP_address:port_number
Default port number: 389
Specifies a new data source name.
Specifies a new domain name.
Specifies a new library name.
Return Value
The Server method returns one of the following values:
Specifies the new or existing value for the user directory.
Specifies that the call is unsuccessful.
The UIDAttr method sets or retrieves the name of the user directory's universal ID attribute. The universal ID is different from the user's login ID and is used to look up user information. This method applies to LDAP, ODBC, and WinNT directories and to some custom directories.
Syntax
The UIDAttr method has the following format:
Netegrity::PolicyMgtUserDir‑>UIDAttr([uidAttr])
Parameters
The UIDAttr method accepts the following parameter:
uidAttr (string)
(Optional) Specifies a new name for the universal ID attribute.
Return Value
The UIDAttr method returns one of the following values:
Specifies the new or existing name of the universal ID attribute.
Specifies that the call is unsuccessful.
The UserLookupEnd method sets or retrieves the endpoint for a user DN lookup in an LDAP directory.
Syntax
The UserLookupEnd method has the following format:
Netegrity::PolicyMgtUserDir‑>UserLookupEnd([lookupEnd])
Parameters
The UserLookupEnd method accepts the following parameter:
lookupEnd (string)
(Optional) Specifies a new value for the user DN lookup endpoint.
Return Value
The UserLookupEnd method returns one of the following values:
Specifies the new or existing user DN lookup endpoint.
Specifies that the call is unsuccessful.
Remarks
Specifying values for the user DN lookup starting point and endpoint allows users to enter part of the DN string when authenticating. In the following example, the user only needs to specify the string "JSmith" and not the whole DN string when logging in:
The UserLookupStart method sets or retrieves the starting point for a user DN lookup in an LDAP directory.
Syntax
The UserLookupStart method has the following format:
Netegrity::PolicyMgtUserDir‑>UserLookupStart([lookupStart])
Parameters
The UserLookupStart method accepts the following parameter:
lookupStart (string)
(Optional) Specifies a new value for the user DN lookup starting point.
Return Value
The UserLookupStart method returns one of the following values:
Specifies the new or existing user DN lookup starting point.
Specifies that the call is unsuccessful.
Remarks
Specifying values for the user DN lookup starting point and endpoint allows users to enter part of the DN string when authenticating. In the following example, the user only needs to specify the string "JSmith" and not the whole DN string when logging in:
The Username method sets or retrieves the username required for accessing the user directory. Set the username only if the RequireCredentials method returns the value of 1.
Syntax
The Username method has the following format:
Netegrity::PolicyMgtUserDir‑>Username([username])
Parameters
The Username method accepts the following parameters:
username (string)
(Optional) Specifies a new name for the user.
Return Value
The Username method returns one of the following values:
Specifies the new or existing name of the user.
Specifies that the call is unsuccessful.
The ValidateEntry method validates a user directory entry.
Syntax
The ValidateEntry method has the following format:
Netegrity::PolicyMgtUserDir‑>ValidateEntry(path)
Parameters
The ValidateEntry method accepts the following parameter:
path (string)
Specifies the path of the user or user group to validate.
Return Value
The ValidateEntry method returns one of the following values:
Specifies that the method is successful.
Specifies that the method is unsuccessful.
The following methods act on PolicyMgtUserPasswordState objects:
The DisabledTime method sets or retrieves the time that the user object was disabled. The time is represented as the number of seconds that have elapsed since a particular instant in time that varies from system to system. One common representation is the number of seconds that have elapsed since 00:00:00 1/1/1970 UTC (Coordinated Universal Time).
Syntax
The DisabledTime method has the following format:
Netegrity::PolicyMgtUserPasswordState‑>DisabledTime([time])
Parameters
The DisabledTime method accepts the following parameter:
time (long)
(Optional) Specifies a new time for when the user object was disabled.
Return Value
The DisabledTime method returns the following value:
Specifies the new or existing time that the user object was disabled.
The LastPWChangeTime method sets or retrieves the time that the user's password was last changed. The time is represented as the number of seconds that have elapsed since a particular instant in time that varies from system to system. One common representation is the number of seconds that have elapsed since 00:00:00 1/1/1970 UTC (Coordinated Universal Time).
Syntax
The LastPWChangeTime method has the following format:
Netegrity::PolicyMgtUserPasswordState‑>LastPWChangeTime([time])
Parameters
The LastPWChangeTime method accepts the following parameter:
time (long)
Specifies a new time for when the user's password was last changed.
Return Value
The LastPWChangeTime method returns one of the following values:
Specifies the new or existing time that the user's password was changed.
Specifies that the user started to change the password, but did not complete the procedure.
The LastLoginTime method sets or retrieves the time that the user last logged in successfully. The time is represented as the number of seconds that have elapsed since a particular instant in time that varies from system to system. One common representation is the number of seconds that have elapsed since 00:00:00 1/1/1970 UTC (Coordinated Universal Time).
Syntax
The LastLoginTime method has the following format:
Netegrity::PolicyMgtUserPasswordState‑>LastLoginTime([time])
Parameters
The LastLoginTime method accepts the following parameter:
time (long)
(Optional) Specifies a new time for when the user last logged in successfully.
Return Value
The LastLoginTime method returns the following value:
Specifies the new or existing time that the user last logged in successfully.
The LoginFailures method sets or retrieves the number of times the user failed to log in since the user's last successful login.
Syntax
The LoginFailures method has the following format:
Netegrity::PolicyMgtUserPasswordState‑>LoginFailures([count])
Parameters
The LoginFailures method accepts the following parameter:
count (int)
(Optional) Specifies a new value for the number of login failures.
Return Value
The LoginFailures method returns one of the following values:
Specifies the new or existing number of login failures since the user's last successful login.
The following methods act on PolicyMgtVariableType objects. PolicyMgtVariableType objects are read-only:
The GetName method retrieves the name of the variable type object. The variable type object is read-only. See the PolicyMgtSession‑>GetVariableType method for the list of variable type object names that GetName can return.
Syntax
The GetName method has the following format:
Netegrity::PolicyMgtVariableType‑>GetName()
Parameters
The GetName method accepts no parameters.
Return Value
The GetName method returns one of the following values:
The following methods act on PolicyMgtWSFEDResourcePartner objects:
The AddAttribute method adds an attribute to the WS-Federation Resource Partner.
Syntax
The AddAttribute method has the following format:
Netgerity::PolicyMgtWSFEDResourcePartner‑>AddAttribute(attrNameFormat, value)
Parameters
The AddAttribute method accepts the following parameters:
attrNameFormat (int)
Specifies one of the following attribute types:
value (string)
Specifies an attribute value in one of the following formats:
Note: The value's format must match the attribute's type, unless the type is WSFEDRP_NAMEVALUE. In this case, the value can be in any format.
Note: To allow SiteMinder to retrieve DN attributes from a nested group, preface DNSpec with an exclamation point (!), as follows: dn="!ou=People,o=security.com"
Return Value
The AddAttribute method returns one of the following values:
The AddUser method adds a user to the WS-Federation Resource Partner.
Syntax
The AddUser method has the following format:
Netegrity::PolicyMgtWSFEDResourcePartner‑>AddUser(user)
Parameters
The AddUser method accepts the following parameter:
user (PolicyMgtUser object)
Specifies the user to add to the Resource Partner.
Return Value
The AddUser method returns one of the following values:
Specifies that the method is successful.
Specifies that the method is unsuccessful.
The CreateIPConfigHostName method creates an IP configuration object for the WS-Federation Resource Partner based on the specified host name. This method creates an IP address restriction for the assertion generation policy. With this address restriction, only assertions generated from the specified host are accepted.
Syntax
The CreateIPConfigHostName method has the following format:
Netegrity::PolicyMgtWSFEDResourcePartner‑>CreateIPConfigHostName(hostName)
Parameters
The CreateIPConfigHostName method accepts the following parameter:
hostName (string)
Specifies the name of the host where assertions must originate.
Return Value
The CreateIPConfigHostName method returns one of the following values:
The CreateIPConfigSingleHost method creates an IP configuration object for the WS-Federation Resource Partner based on the specified IP address. This method creates an IP address restriction for the assertion generation policy. With this address restriction, only assertions generated from the specified IP address are accepted.
Syntax
The method has the following format:
Netegrity::PolicyMgtWSFEDResourcePartner‑>CreateIPConfigSingleHost(ipAddr)
Parameters
The CreateIPConfigSingleHost method accepts the following parameter:
ipAddr (string)
Specifies the IP address where assertions must originate.
Return Value
The CreateIPConfigSingleHost method returns one of the following values:
The CreateIPConfigSubnetMask method creates an IP configuration object for the WS-Federation Resource Partner based on the specified IP address and subnet mask. This method creates an IP address restriction for the assertion generation policy. With this address restriction, only assertions generated from the subnet address are accepted. The subnet address is derived from the specified IP address and subnet mask.
Syntax
The CreateIPConfigSubnetMask method has the following format:
Netegrity::PolicyMgtWSFEDResourcePartner‑>CreateIPConfigSubnetMask(ipAddr, subnetMask)
Parameters
The CreateIPConfigSubnetMask method accepts the following parameters:
ipAddr (string)
Specifies the IP address used to derive the subnet address.
subnetMask (unsigned long)
Specifies the subnet mask used to derive the subnet address.
Note: For more information about the subnet mask, see the method PolicyMgtPolicy‑>CreateIPConfigSubnetMask.
Return Value
The CreateIPConfigSubnetMask method returns one of the following values:
The DeleteIPConfig method deletes the specified IP configuration object.
Syntax
The DeleteIPConfig method has the following format:
Netegrity::PolicyMgtWSFEDResourcePartner‑>DeleteIPConfig(IPConfig)
Parameters
The DeleteIPConfig method accepts the following parameter:
IPConfig (PolicyMgtIPConfig object)
Specifies the IP configuration object to delete.
Return Value
The DeleteIPConfig method returns one of the following values:
Specifies that the method is successful.
Specifies that the method is unsuccessful.
The GetAllAttributes method retrieves all attributes defined for the WS-Federation Resource Partner.
Syntax
The GetAllAttributes method has the following format:
Netegrity::PolicyMgtWSFEDResourcePartner‑>GetAllAttributes()
Parameters
The GetAllAttributes method accepts no parameters.
Return Value
The GetAllAttributes method returns one of the following values:
The GetAllIPConfigs method retrieves all IP configuration objects for the Service Provider.
Syntax
The GetAllIPConfigs method has the following format:
Netegrity::PolicyMgtWSFEDResourcePartner‑>GetAllIPConfigs()
Parameters
The GetAllIPConfigs method accepts no parameters.
Return Value
The GetAllIPConfigs method returns one of the following values:
The GetAllUsers method retrieves all users associated with the WS-Federation Resource Partner. If a user directory is specified, this method only returns the users associated with the specified directory.
Syntax
The GetAllUsers method has the following format:
Netegrity::PolicyMgtWSFEDResourcePartner‑>GetAllUsers([userDir])
Parameters
The GetAllUsers method accepts the following parameter:
userDir (PolicyMgtUserDir object)
(Optional) Specifies only those users associated with the user directory.
Return Value
The GetAllUsers method returns one of the following values:
The Property method sets or retrieves the value of the specified WS-Federation Resource Partner property. For a list of metadata properties, see the WS-Federation Property Reference in this guide.
Note: After modifying one or more properties, call Save to write the changes to the policy store.
Syntax
The Property method has the following format:
Netegrity::PolicyMgtWSFEDResourcePartner‑>Property(name, [newvalue])
Parameters
The Property method accepts the following parameters:
name (string)
Specifies the property to set or retrieve.
newvalue (string)
(Optional) Specifies a new value for the Resource Partner property.
Return Value
The Property method returns one of the following values:
Specifies the new or existing value of the property.
Specifies that the call is unsuccessful.
The RemoveAttribute method removes an attribute from the WS-Federation Resource Partner.
Syntax
The RemoveAttribute method has the following format:
Netgerity::PolicyMgtWSFEDResourcePartner‑>RemoveAttribute(attrName)
Parameters
The RemoveAttribute method accepts the following parameter:
attrName (PolicyMgtWSFEDRPAttr)
Specifies the attribute to remove.
Return Value
The RemoveAttribute method returns one of the following values:
The RemoveUser method removes the specified user from the WS-Federation Resource Partner.
Syntax
The RemoveUser method has the following format:
Netegrity::PolicyMgtWSFEDResourcePartner‑>RemoveUser(user)
Parameters
The RemoveUser method accepts the following parameter:
user (PolicyMgtUser object)
Specifies the user to remove from the Resource Partner.
Return Value
The RemoveUser method returns one of the following values:
Specifies that the method is successful.
Specifies that the method is unsuccessful.
The Save method writes the WS-Federation Resource Partner's metadata to the policy store. To modify the metadata, call the PolicyMgtWSFEDResourcePartner‑>Property method. Then, call Save to save the changes.
Syntax
The Save method has the following format:
Netegrity::PolicyMgtWSFEDResourcePartner‑>Save()
Parameters
The Save method accepts no parameters.
Return Value
The Save method returns one of the following values:
Specifies that the method is successful.
Specifies that the method is unsuccessful.
Specifies that the user lacks the privileges required to save the changes.
Specifies that the path and class are empty.
The following methods act on PolicyMgtWSFEDResourcePartnerAttr objects:
The GetAttrNameFormat method retrieves the format of attribute names used with this WS-Federation Resource Partner.
Syntax
The GetAttrNameFormat method has the following format:
Netegrity::PolicyMgtWSFEDRPattr‑>GetAttrNameFormat()
Parameters
The GetAttrNameFormat method accepts no parameters.
Return Value
The GetAttrNameFormat method returns one of the following format values:
The GetValue method retrieves the value of the WS-Federation Resource Partner attribute.
Syntax
The GetValue method has the following format:
Netegrity::PolicyMgtWSFEDRPAttr‑>GetValue()
Parameters
The GetValue method accepts no parameters.
Return Value
The GetValue method returns one of the following values:
|
Copyright © 2012 CA.
All rights reserved.
|
|