The following methods enable you to migrate policy data between remote Policy Servers. Unless otherwise specified, these methods are in the class SmPolicyApiImpl.
Functionally, the remote policy data export and import methods behave in the same manner as the smobjexport and smobjimport utilities.
Policy export attributes are set with SmExportAttr. Policy import parameters are set with SmImportAttr.
Method |
Description |
---|---|
doExport() |
Exports an entire policy store or a single policy domain from a remote Policy Server and writes the output on the client’s local file system. |
doImport() |
Imports an entire policy store or a single policy domain onto a remote Policy Server. |
The following methods act on realm objects. Realm objects are created with SmRealm.
Method |
Description |
---|---|
addRealm(() |
Adds a realm object to the policy store. |
deleteRealm() |
Deletes a realm. |
getRealm() |
Gets the contents of a realm. |
getRealmRules() |
Gets all the rules for the specified realm and domain. |
getRealmUserPolicies() |
Gets a list of user policies that can access a realm. |
modifyRealm() |
Modifies the specified realm. |
The following methods act on response and response attribute objects. Unless otherwise specified, these methods are in the class SmPolicyApiImpl. Response objects are created with SmResponse. Response attribute objects are created with SmResponseAttr.
Method |
Description |
---|---|
addResponse() |
Adds a response object to the policy store. |
addResponseAttr() |
Creates a response attribute and associates it with a response. |
deleteResponse() |
Deletes a response. |
deleteResponseAttribute() |
Deletes a response attribute. |
getResponse() |
Gets the contents of a response. |
getResponseAttrs() |
Gets a list of attributes for the specified response. |
modifyResponse() |
Modify the specified response. |
setResponseInPolicyLink() |
Changes the response for the specified policy link. |
The following methods act on root configuration objects. Unless otherwise specified, the methods listed in this table are in the class SmPolicyApiImpl. You create root configuration objects by instantiating SmRootConfig.
Method |
Description |
---|---|
addRootConfig() |
Adds a root configuration object to the policy store. |
deleteRootConfig() |
Deletes a root configuration. |
getRootConfig() |
Gets the contents of a root configuration. |
modifyRootConfig() |
Modifies a root configuration. |
The following methods act on rule objects. Unless otherwise specified, the methods listed in this table are in the class SmPolicyApiImpl. You create rule objects by instantiating SmRule.
Method |
Description |
---|---|
addRule() |
Adds a rule object to the policy store. |
deleteRule() |
Deletes a rule. |
getRule() |
Gets the contents of a rule. |
modifyRule() |
Modifies a rule. |
The following methods act on self-registration objects. Unless otherwise specified, the methods listed in this table are in the class SmPolicyApiImpl. You create self-registration objects by instantiating SmSelfReg.
Method |
Description |
---|---|
addSelfReg() |
Adds a self-registration object to the policy store. |
deleteSelfReg() |
Deletes a self-registration object. |
getSelfReg() |
Gets the contents of a self-registration object. |
modifySelfReg() |
Modifies a self-registration object. |
The following methods act on Trusted Host objects. Unless otherwise specified, the methods listed in this table are in the class SmPolicyApiImpl. You define a Trusted Host object by instantiating SmTrustedHost.
Method |
Description |
---|---|
addTrustedHost() |
Registers a trusted host with the Policy Server. |
deleteTrustedHost() |
Deletes a trusted host object. |
User management functionality is provided in the DMS API. However, the Policy Management API provides methods for getting and setting user attributes. These methods are in the SmUserDirectory class.
For example:
The following methods act on user directory objects. Unless otherwise specified, the methods listed in this section are in the class SmPolicyApiImpl. You create user directory objects by instantiating SmUserDirectory.
Method |
Description |
---|---|
addUserDirectory() |
Adds a user directory object to the policy store. |
addUserDirToDomain() |
Associates an existing user directory with a domain. |
deleteUserDirectory() |
Deletes a user directory. |
getDirectoryContents() |
Gets a list of distinguished names and classes for the specified user directory. |
getUserDirectory() |
Gets the contents of a user directory. |
getUserDirSearchOrder() |
Retrieves the search order of user directories for a domain by retrieving a vector of user directory names. |
lookupDirectory() |
Gets a list of distinguished names and classes for the specified user directory and search pattern. |
modifyUserDirectory() |
Modifies a user directory. |
removeUserDirFromDomain() |
Disassociates an existing user directory from a domain. |
setUserDirSearchOrder() |
Sets the search order of user directories in a domain. |
The following methods act on user policy objects. Unless otherwise specified, the methods listed in this table are in the class SmPolicyApiImpl. You create user policy objects by instantiating SmUserPolicy.
Method |
Description |
---|---|
addUserPolicy() |
Adds a user policy object to the policy store. |
deleteUserPolicy() |
Deletes a user policy for a specified domain. |
getUserPolicies() |
Gets all the user policies for the specified policy and domain. |
The following methods provide a variety of services, including cache and encryption key management. Unless otherwise specified, the methods listed in this table are in the class SmPolicyApiImpl.
Method |
Description |
---|---|
changeDynamicKey() |
Changes a dynamic encryption key. |
changePersistentKey() |
Changes the persistent encryption key. |
changeSessionKey() |
Changes the session encryption key. |
flushAll() |
Flushes all SiteMinder caches. |
flushRealm() |
Flushes a realm from the resource cache. |
flushRealms() |
Flushes all realms from the resource cache. |
flushUser() |
Flushes a user from the user information cache. |
flushUsers() |
Flushes all users from the information cache. |
search() |
Searches the specified object. |
setApiSession() |
Sets the API session object. |
Some objects can be associated with or disassociated from one another—for example, AddAdminToDomain() adds an administrator object to a domain, and RemoveAdminFromDomain() removes an administrator object from a domain. An add-to operation requires that both objects exist prior to the call. After a remove-from operation, both objects still exist, but they are no longer associated with one other.
When you are looking for a method that associates or disassociates two objects, look in the category of the method that you are adding or removing. For example, AddAdminToDomain() and RemoveAdminFromDomain() are both found in Administrator Methods.
After creating a Policy Management API object, you can create objects to add to the policy store.
To add objects to the policy store
For example, if you want to create an agent object:
SmAgent agent = new SmAgent();
agent.setName ("myAgent"); agent.setSecret ("siteminder"); agent.setDescription ("Sample agent"); agent.setAgentType (SmAgentType.DefaultAgentType);
For example:
result = policyApi.addAgent(agent);
If the call is successful:
To retrieve an object from the policy store
SmAgent myAgent = new SmAgent();
result = myPolicyApi.getAgent ("myAgent", myAgent);
If the method succeeds, it populates myAgent with the properties of the specified agent object. (If a get... method retrieves a list, the list is written to a vector.) If no matching objects are found, the properties of the receiving object retain their initial values.
A delete operation deletes an object from the policy store. You can only delete one object at a time from the policy store.
To delete an object, use the object-deletion method for the object you’re deleting—for example, deleteAgent() for an agent object, or deleteDomain() for a domain object
When you configure an authentication scheme programmatically, you provide information that would otherwise be provided through the Authentication Scheme Properties dialog box of the Policy Server UI.
When you configure an authentication scheme, you use the get... and set... methods in the SmScheme class to provide the following information:
SiteMinder provides a number of standard authentication scheme types (also called templates). Each authentication scheme type is configured differently. The scheme types are descibed in subsequent topics.
Brief description of the authentication scheme.
Protection level values can range from 1 through 1000. The higher the number, the greater the degree of protection provided by the scheme.
An authentication scheme library performs authentication processing for the associated authentication scheme type. Each pre-defined authentication scheme is shipped with a default library, which you typically will use. But optionally, you can use a custom library instead of the default.
Additional information that the authentication scheme requires, such as the URL of an HTML login page.
With some authentication schemes, the parameter information is constructed from field values in the Scheme Type Setup tab of the Authentication Scheme Properties dialog box. To see how a parameter string might be constructed for a given scheme type, open this dialog box, choose the appropriate scheme type, provide values to the fields in the Scheme Type Setup tab, and view the constructed parameter in the Advanced tab.
For information on providing parameter values for different authentication scheme types, see the chapter on authentication schemes in the Policy Design Guide.
Information that is known to both the authentication scheme and the Policy Server. Different authentication schemes use different kinds of secrets. Most schemes use no secret.
A flag that specifies whether the authentication scheme is a template.
A flag that specifies whether the authentication scheme can be used to authenticate administrators.
A flag that specifies whether the user’s credentials will be saved.
A flag that specifies whether the scheme can be used with RADIUS agents.
A flag that specifies whether password policies for the scheme are enabled. If True (1), password policies will be disabled.
Note: These categories of information can be used for different purposes in different authentication schemes. For example, with the TeleID authentication scheme, the shared secret is used to supply the encryption seed.
Use this table when configuring an authentication scheme based on the scheme type Anonymous. The Java methods referenced in the table are in the class SmScheme.
Information Type |
Value Assignment and Meaning |
---|---|
Scheme type |
setType(TypeAnonymous) The scheme type Anonymous. |
Description |
setDescription(description) The description of the authentication scheme. |
Protection level |
setLevel(0) Set to 0. Not applicable to this scheme type. |
Library |
setLibrary("smauthanon") The default library for this scheme type. |
Parameter |
setParameter(param) A string containing the guest DN. Policies associated with the guest DN must apply to anonymous users. |
Shared secret |
setSecret("") Set to an empty string. Not applicable to this scheme. |
Is template? |
setIsTemplate(0) Set to false (0) to indicate that the scheme is not a template. |
Is used by administrator? |
setIsUsedByAdmin(0) Set to false (0)—scheme is not used to authenticate administrators. |
Save credentials? |
setAllowSaveCreds(0) Set to false (0) to indicate that user credentials won’t be saved. |
Is RADIUS? |
setIsRadius(0) Set to false (0)—scheme is not used with RADIUS agents. |
Ignore password check? |
setIgnorePwCheck(1) Set to true (1)—ignore password checking. |
Use this table when configuring an authentication scheme based on the scheme type Basic. The Java methods referenced in the table are in the class SmScheme.
Information Type |
Value Assignment and Meaning |
---|---|
Scheme type |
setType(TypeBasic) The scheme type Basic. |
Description |
setDescription(description) The description of the authentication scheme. |
Protection level |
setLevel(value) A value of 1 through 1000. The higher the number, the greater degree of protection provided by the scheme. Default is 5. |
Library |
setLibrary("smauthdir") The default library for this scheme type. |
Parameter |
setParameter("") Set to an empty string. Not applicable to this scheme. |
Shared secret |
setSecret("") Set to an empty string. Not applicable to this scheme. |
Is template? |
setIsTemplate(0) Set to false (0) to indicate that the scheme is not a template. |
Is used by administrator? |
setIsUsedByAdmin(1) Set to true (1)—scheme can be used to authenticate administrators. |
Save credentials? |
setAllowSaveCreds(0) Set to false (0) to indicate that user credentials won’t be saved. |
Is RADIUS? |
setIsRadius(1) Set to true (1)—scheme can be used with RADIUS agents. |
Ignore password check? |
setIgnorePwCheck(flag) Set to true (1) to ignore password checking, or false (0) to check passwords. Default is 0. |
Use this table when configuring an authentication scheme based on the scheme type Basic over SSL. The Java methods referenced in the table are in the class SmScheme.
Information Type |
Value Assignment and Meaning |
---|---|
Scheme type |
setType(TypeBasicOverSSL) The scheme type Basic over SSL. |
Description |
setDescription(description) The description of the authentication scheme. |
Protection level |
setLevel(value) A value of 1 through 1000. The higher the number, the greater degree of protection provided by the scheme. Default is 10. |
Library |
setLibrary("smauthcert") The default library for this scheme type. |
Parameter |
setParameter(param) A string containing the domain or IP address of the SSL server and the name of the SSL Credentials Collector (SCC). Format: https://server/SCC?basic The following example uses the default SCC: https://my.server.com/siteminderagent/ |
Shared secret |
setSecret("") Set to an empty string. Not applicable to this scheme. |
Is template? |
setIsTemplate(0) Set to false (0) to indicate that the scheme is not a template. |
Is used by administrator? |
setIsUsedByAdmin(0) Set to false (0) for this scheme. |
Save credentials? |
setAllowSaveCreds(0) Set to false (0) to indicate that user credentials won’t be saved. |
Is RADIUS? |
setIsRadius(0) Set to false (0)—scheme is not used with RADIUS agents. |
Ignore password check? |
setIgnorePwCheck(flag) Set to true (1) to ignore password checking, or false (0) to check passwords. Default is 0. |
Use this table when configuring an authentication scheme based on the scheme type Custom. You create custom schemes using the C Authentication API. For more information, see the Developer’s Guide for C. The Java methods referenced in the table are in the class SmScheme.
Information Type |
Value Assignment and Meaning |
---|---|
Scheme type |
setType(TypeCustom) The scheme type Custom. |
Description |
setDescription(description) The description of the authentication scheme. |
Protection level |
setLevel(value) A value of 0 through 1000. The higher the number, the greater degree of protection provided by the scheme. Default is 5. |
Library |
setLibrary(customLibName) The name of the custom shared library you created using the C Authentication API. |
Parameter |
setParameter(param) Any string of one or more parameters required by your custom authentication scheme. For a custom authentication scheme that uses SSL, you must supply a URL that points to a SiteMinder Web Agent library required for the SSL-based authentication. |
Shared secret |
setSecret(secret) The shared secret, if any, that your custom authentication scheme uses for encryption of credentials. |
Is template? |
setIsTemplate(0) Set to false (0) to indicate that the scheme is not a template. |
Is used by administrator? |
setIsUsedByAdmin(flag) Set to true (1) to specify that the scheme can be used to authenticate administrators, or to false (0) to specify that the scheme cannot be used to authenticate administrators. Default is 0. |
Save credentials? |
setAllowSaveCreds(0) Set to false (0) to indicate that user credentials won’t be saved. |
Is RADIUS? |
setIsRadius(0) Set to false (0)—scheme is not used with RADIUS agents. |
Ignore password check? |
setIgnorePwCheck(flag) Set to true (1) to ignore password checking, or false (0) to check passwords. Default is 0. |
Use this table when configuring an authentication scheme based on the scheme type HTML Form. The Java methods referenced in the table are in the class SmScheme.
Information Type |
Value Assignment and Meaning |
---|---|
Scheme type |
setType(TypeHTMLForm) The scheme type HTML Form. |
Description |
setDescription(description) The description of the authentication scheme. |
Protection level |
setLevel(value) A value of 1 through 1000. The higher the number, the greater degree of protection provided by the scheme. Default is 5. |
Library |
setLibrary("smauthhtml") The default library for this scheme type. |
Parameter |
setParameter(param) A string containing a user attribute list plus the location of the forms credential collector (FCC). The attribute list must begin with AL= and use commas as the list delimiter character, and it must end with a semicolon—for example: AL=Password,SSN,age,zipcode; The complete parameter format is: attr-list;https:/server/fcc The following example uses the default FCC: AL=PASSWORD,SSN,age,zipcode; |
Shared secret |
setSecret("") Set to an empty string. Not applicable to this scheme. |
Is template? |
setIsTemplate(0) Set to false (0) to indicate that the scheme is not a template. |
Is used by administrator? |
setIsUsedByAdmin(0) Set to false (0)—scheme is not used to authenticate administrators. |
Save credentials? |
setAllowSaveCreds(flag) Set to true (1) to indicate that user credentials should be saved, or false (0) to indicate that user credentials should not be saved. Default is 0. |
Is RADIUS? |
setIsRadius(0) Set to false (0)—scheme is not used with RADIUS agents. |
Ignore password check? |
setIgnorePwCheck(flag) Set to true (1) to ignore password checking, or false (0) to check passwords. Default is 0. |
Use this table when configuring an authentication scheme based on scheme type Impersonation. The Java methods referenced in the table are in the class SmScheme.
Information Type |
Value Assignment and Meaning |
---|---|
Scheme type |
setType(TypeImpersonation) The scheme type Impersonation. |
Description |
setDescription(description) The description of the authentication scheme. |
Protection level |
setLevel(value) A value of 1 through 1000. The higher the number, the greater degree of protection provided by the scheme. Default is 5. |
Library |
setLibrary("smauthimpersonate") The default library for this scheme type. |
Parameter |
setParameter(param) A string containing a user attribute list plus the location of the forms credential collector (FCC). The attribute list must begin with AL= and use commas as the list delimiter character, and it must end with a semicolon—for example: AL=Password,SSN,age,zipcode; The complete parameter format is: attr-list;https:/server/fcc The following example uses the default FCC: AL=PASSWORD,SSN,age,zipcode; |
Shared secret |
setSecret("") Set to an empty string. Not applicable to this scheme. |
Is template? |
setIsTemplate(templateFlag) Set to false (0) to indicate that the scheme is not a template. |
Is used by administrator? |
setIsUsedByAdmin(0) Set to false (0)—scheme is not used to authenticate administrators. |
Save credentials? |
setAllowSaveCreds(0) Set to false (0) to indicate that user credentials won’t be saved. |
Is RADIUS? |
setIsRadius(0) Set to false (0)—scheme is not used with RADIUS agents. |
Ignore password check? |
setIgnorePwCheck(1) Set to true (1)—ignore password checking. |
Copyright © 2012 CA.
All rights reserved.
|
|