CLI Session Methods

This content describes CLI session methods.
casso10
This content describes CLI session methods.
AddAttributeToSAMLScheme Method Adds New Attribute to Authentication Scheme
The AddAttributeToSAMLScheme method adds a new attribute to the SAML 2.0 authentication scheme definition.
Syntax
The AddAttributeToSAMLScheme method has the following format:
Netegrity::PolicyMgtSession->AddAttributeToSAMLScheme(scheme, AttrNameFormat, LocalName, Name)
Parameters
The AddAttributeToSAMLScheme method accepts the following parameters:
  1. scheme
    (PolicyMgtAuthScheme object)
    Specifies the SAML 2.0 authentication scheme.
  2. AttrNameFormat
    (int)
    Specifies the attribute type:
    • SAMLSP_UNSPECIFIED
    • SAMLSP_URI
    • SAMLSP_BASIC
  3. LocalName
    (string)
    Specifies the attribute's name as used locally.
  4. Name
    (string)
    Specifies the attribute's name as defined on the Attribute Authority.
Return Value
The AddAttributeToSAMLScheme method returns one of the following values:
  • PolicyMgtSAMLRequesterAttr (object)
  • undef
    if the call is unsuccessful
AddTrustedHost Method Creates or Modifies Trusted Host Object
The AddTrustedHost method creates or modifies a trusted host object in the policy store.
Syntax
The AddTrustedHost method has the following format:
Netegrity::PolicyMgtSession->AddTrustedHost(trustedHostName[, trustedHostDescription][, trustedHostIpAddress][, sharedSecret])
Parameters
The AddTrustedHost method accepts the following parameters:
  1. trustedHostName
    (string)
    Specifies the name of the trusted host.
  2. trustedHostDescription
    (string)
    (Optional) Specifies the description of the trusted host.
  3. trustedHostIpAddress
    (string)
    (Optional) Specifies the IP address of the trusted host.
  4. sharedSecret
    (string)
    (Optional) Specifies the shared secret.
    Note:
    You must also define the shared secret in the host configuration file by running the
    CA Single Sign-On
    tool smreghost with the -sh option. If you do not use the -sh option to specify the shared secret,
    CA Single Sign-On
    automatically generates one.
Return Value
The AddTrustedHost method returns one of the following values:
  • PolicyMgtTrustedHost (object)
  • undef
    if the trusted host name already exists
Remarks
You can use the AddTrustedHost method to register the trusted host without first configuring a connection between the Policy Server and the Agent. When you use this method to register the trusted host, you must also run the
CA Single Sign-On
tool smreghost to define the shared secret in the host configuration file. (The host configuration file is named SmHost.conf by default.) Run smreghost with the -sh option and the shared secret. To retrieve the shared secret in clear text, call the method PolicyMgtTrustedHost->GetSecret.
Alternately, you can create the trusted host by calling the method CreateTrustedHost and run smreghost without the -sh option. In this case,
CA Single Sign-On
automatically creates and configures the trusted host during installation.
CA Single Sign-On
generates a random 128-byte ASCII shared secret. When you create the shared secret, it can be any string value. To create a strong shared secret, we strongly recommend that you call the AddTrustedHost method with the
sharedSecret
parameter set to an empty string. This results in the automatic generation of a shared secret that is random, long, and hard-to-guess.
CreateAdmin Method Creates System-Level Administrator
The CreateAdmin method creates and configures a system-level administrator.
Syntax
The CreateAdmin method has the following format:
Netegrity::PolicyMgtSession->CreateAdmin(adminName[, adminDesc][, adminPwd][, userDir][, authScheme])
Parameters
The CreateAdmin method accepts the following parameters:
  1. adminName
    (string)
    Specifies the administrator's name.
  2. adminDesc
    (string)
    (Optional) Specifies the administrator's description.
  3. adminPwd
    (string)
    (Optional) Specifies the administrator's password.
  4. userDir
    (PolicyMgtUserDir object)
    (Optional) Specifies the user directory if the administrator is stored in an external directory.
  5. authScheme
    (PolicyMgtAuthScheme object)
    (Optional) Specifies the authentication scheme to use if the administrator is stored in an external directory.
    Note:
    This parameter is required if an external user directory is specified.
Return Value
The CreateAdmin method returns one of the following values:
  • PolicyMgtAdmin (object)
  • undef
    if the call is unsuccessful or the administrator name already exists
Remarks
The Policy Management API does not allow you to create an administrator for a particular domain. However, you can add an existing administrator to a particular domain by calling the method AddAdmin. To create an administrator with domain privileges, use the Administrative UI.
CreateAffDomain Method Creates Affiliate Domain
The CreateAffDomain method creates an affiliate domain.
Syntax
The CreateAffDomain method has the following format:
Netegrity::PolicyMgtSession->CreateAffDomain(domName[, domDesc])
Parameters
The CreateAffDomain method accepts the following parameters:
  1. domName
    (string)
    Specifies the name of the affiliate domain.
  2. domDesc
    (string)
    (Optional) Specifies the description of the affiliate domain.
Return Value
The CreateAffDomain method returns one of the following values:
  • PolicyMgtAffDomain (object)
  • undef
    if the call is unsuccessful or the affiliate domain name already exists
Remarks
To implement affiliate domains, you need eTrust
CA Single Sign-On
FSS.
CreateAgent Method Creates
CA Single Sign-On
Agent
The CreateAgent method creates and configures a
CA Single Sign-On
agent.
Syntax
The CreateAgent method has the following format:
Netegrity::PolicyMgtSession->CreateAgent(agentName, agentType[, agentDesc][, agentIP][, agentSecret][, realmHintAttrID])
Parameters
The CreateAgent method accepts the following parameters:
  1. agentName
    (string)
    Specifies the name of the agent.
  2. agentType
    (PolicyMgtAgentType object)
    Specifies the type of agent.
  3. agentDesc
    (string)
    (Optional) Specifies the description of the agent.
  4. agentIP
    (string)
    (Optional) Specifies the agent's IP address.
    Note:
    This parameter is required for RADIUS agents.
  5. agentSecret
    (string)
    (Optional) Specifies the shared secret.
    Note:
    To create a v4.x agent, specify the shared secret. To create a v5.x agent, omit this parameter.
  6. realmHintAttrID
    (int)
    (Optional) Specifies the realm hint attribute ID.
    Note:
    This parameter only applies to RADIUS agents.
Return Value
The CreateAgent method returns one of the following values:
  • PolicyMgtAgent (object)
  • undef
    if the call is unsuccessful or the
    CA Single Sign-On
    agent name already exists
CreateAgentConfig Method Creates Agent Configuration Object
The CreateAgentConfig method creates an agent configuration object.
Syntax
The CreateAgentConfig method has the following format:
Netegrity::PolicyMgtSession->CreateAgentConfig(agentConfigName[, AgentConfigDesc])
Parameters
The CreateAgentConfig method accepts the following parameters:
  1. agentConfigName
    (string)
    Specifies the name of the agent configuration.
  2. AgentConfigDesc
    (string)
    (Optional) Specifies the description of the agent configuration.
Return Value
The CreateAgentConfig method returns one of the following values:
  • PolicyMgtAgentConfig (object)
  • undef
    if the call is unsuccessful or the agent configuration name already exists
CreateAgentGroup Method Creates Agent Group
The CreateAgentGroup method creates an agent group.
Syntax
The CreateAgentGroup method has the following format:
Netegrity::PolicyMgtSession->CreateAgentGroup(agentGroupName, agentType[, groupDesc])
Parameters
The CreateAgentGroup method accepts the following parameters:
  1. agentGroupName
    (string)
    Specifies the name of the agent group.
  2. agentType
    (PolicyMgtAgentType object)
    Specifies the type of agent associated with the agent group.
    Note:
    To retrieve the agent type for this method, call the method PolicyMgtSession->GetAgentType.
  3. groupDesc
    (string)
    (Optional) Specifies the description of the agent group.
Return Value
The CreateAgentGroup method returns one of the following values:
  • PolicyMgtGroup (object)
  • undef
    if the agent group name already exists
CreateAuthAzMap Method Creates Directory Mapping Object
The CreateAuthAzMap method creates an authentication and authorization directory mapping object.
Syntax
The CreateAuthAzMap method has the following format:
Netegrity::PolicyMgtSession->CreateAuthAzMap(authDir, azDir, mapType)
Parameters
The CreateAuthAzMap method accepts the following parameters:
  1. authDir
    (PolicyMgtUserDir object)
    Specifies the user directory to use when authenticating the user.
  2. azDir
    (PolicyMgtUserDir object)
    Specifies the user directory to use when authorizing the user.
  3. mapType
    (int)
    Specifies the type of directory mapping.
    • AUTHAZMAPTYPE_DN (value = 1)
      Specifies mapping based on a DN.
    • AUTHAZMAPTYPE_UNIVERSALID (value = 2)
      Specifies mapping based on a universal identifier.
    • AUTHAZMAPTYPE_ATTR (value = 3)
      Specifies mapping based on an attribute in the user directory.
Return Value
The CreateAuthAzMap method returns one of the following values:
  • PolicyMgtAuthAzMap (object)
  • undef
    if the call is unsuccessful
Remarks
CA Single Sign-On
uses the same user directory to authenticate and authorize users. In addition,
CA Single Sign-On
allows you to specify one user directory for authentication and another user directory for authorization. This feature is called directory mapping. Directory mapping is especially useful, when authentication information is stored in a central directory, but authorization information is stored in multiple directories, each one associated with a particular application.
CreateAuthScheme Method Creates Authentication Scheme
The CreateAuthScheme method creates and configures an authentication scheme.
Syntax
The CreateAuthScheme method has the following format:
Netegrity::PolicyMgtSession->CreateAuthScheme(schemeName, schemeTemplate[, schemeDesc][, protLevel][, schemeLib][, schemeParam][, secret][, isTemplate][, isUsedByAdmin][, saveCreds][, isRadius][, ignorePwd])
Parameters
The CreateAuthScheme method accepts the following parameters:
  1. schemeName
    (string)
    Specifies the authentication scheme's name.
  2. schemeTemplate
    (PolicyMgtAuthScheme object)
    Specifies the template on which to base the authentication scheme.
    Note:
    To view a list of templates, see the method PolicyMgtSession>GetAuthScheme.
  3. schemeDesc
    (string)
    (Optional) Specifies the authentication scheme's description.
  4. protLevel
    (int)
    (Optional) Specifies the authentication scheme's protection level.
    Range:
    1-1000
    Note:
    The higher the protection level value, the more secure the authentication scheme.
  5. schemeLib
    (string)
    (Optional) Specifies the name of the custom library to use in place of the default library shipped with each type of authentication scheme.
  6. schemeParam
    (string)
    (Optional) Specifies a parameter string to pass to the authentication scheme.
    Note:
    For help constructing the parameter string, navigate to the Scheme Type Setup tab on the Authentication Scheme Properties dialog in the Administrative UI. Select the authentication scheme type, type the values in the fields, and observe the result on the Advanced tab.
  7. secret
    (string)
    (Optional) Specifies the authentication scheme's shared secret.
  8. isTemplate
    (int)
    (Optional) Specifies whether the authentication scheme is a template for other authentication schemes.
    Default:
    A zero (0) value specifies that the authentication scheme is not a template.
    Note:
    This parameter is deprecated as of
    CA Single Sign-On
    v6.0 SP3.
  9. isUsedByAdmin
    (int)
    (Optional) Specifies whether the authentication scheme can be used to authenticate administrators.
  10. saveCreds
    (int)
    (Optional) Specifies whether to save user credentials.
  11. isRadius
    (int)
    (Optional) Specifies whether the authentication scheme type is RADIUS.
  12. ignorePwd
    (int)
    (Optional) Specifies whether to ignore password policies.
Return Value
The CreateAuthScheme method returns one of the following values:
  • PolicyMgtAuthScheme (object)
  • undef
    if the call is unsuccessful or the authentication scheme name already exists
CreateCustomCertMap Method Creates Custom Certificate Map
The CreateCustomCertMap method creates a custom certificate map. The custom certificate map associates user attribute names defined in the certificate's Subject DN with the corresponding user attribute names in the user directory. For authentication to succeed, the values of the mapped user attribute pairs must match. Use the
AttributeMap
parameter to define the attribute names that are mapped.
Syntax
The CreateCustomCertMap method has the following format:
Netegrity::PolicyMgtSession->CreateCustomCertMap(IssuerDN, AttributeMap[, DirectoryType])
Parameters
The CreateCustomCertMap method accepts the following parameters:
  1. IssuerDN
    (string)
    Specifies the certificate issuer's distinguished name.
  2. AttributeMap
    (string)
    Specifies an expression that maps attribute names in the certificate's Subject DN to attribute names in the user directory.
    Syntax:
    UserAttrName1=%{CertAttrName1},UserAttrName2=%{CertAttrName2}, . . . UserAttrName#=%{CertAttrName#}
    Example:
    Certificate's Subject DN contains: CN=John Smith, UID=JSMITH, OU=Development, O=CompanyA
    AttributeMap
    contains: CN=%{UID}, OU=%{OU}, O=%{O}
    Matching user DN in the user directory: CN=JSMITH, OU=Development, O=CompanyA
  3. DirectoryType
    (int)
    (Optional) Specifies the type of user directory specified as the authentication directory:
    • Sm_PolicyApi_DirType_LDAP
      Note:
      This is the default.
    • Sm_PolicyApi_DirType_WinNT
    • Sm_PolicyApi_DirType_ODBC
Return Value
The CreateCustomCertMap method returns one of the following values:
  • PolicyMgtCertMap (object)
  • undef
    if the call is unsuccessful
Remarks
When a certificate map is created, the following flags are set to false, the default value:
  • certificate_required_flag
  • use_distributionpoints_flag
  • verify_signature_flag
  • check_certificate_revocation_list_flag
  • cache_certificate_revocation_list_entries_flag
For information on changing the value of these flags, see the method PolicyMgtSession>CreateExactCertMap.
CreateDomain Method Creates Policy Domain Object
The CreateDomain method creates a policy domain object.
Syntax
The CreateDomain method has the following format:
Netegrity::PolicyMgtSession->CreateDomain(domName[, domDesc][, globalPoliciesApply])
Parameters
The CreateDomain method accepts the following parameters:
  1. domName
    (string)
    Specifies the name of the domain.
  2. domDesc
    (string)
    (Optional) Specifies the description of the domain.
  3. globalPoliciesApply
    (int)
    (Optional) Specifies whether the domain can accept global policies:
    • value = 1 (default)
      Specifies that the domain can accept global policies.
    • value = 0
      Specifies that the domain cannot accept global policies.
Return Value
The CreateDomain method returns one of the following values:
  • PolicyMgtDomain (object)
  • undef
    if the call is unsuccessful or the policy domain name already exists
CreateExactCertMap Method Creates Certificate Map Matching User Directory Attributes
The CreateExactCertMap method creates a certificate map object whose Subject DN attributes match the corresponding user directory attributes exactly. When the certificate map object is created, the following flags are set to FALSE:
  • Certificate required
    Note:
    To change the value of this flag, call the method PolicyMgtCertMap->CertRequired.
  • Use distribution points
    Note:
    To change the value of this flag, call the method PolicyMgtCertMap->UseDistributionPoints.
  • Verify signature
    Note:
    To change the value of this flag, call the method PolicyMgtCertMap->VerifySignature.
  • Check Certificate Revocation List (CRL)
    Note:
    To change the value of this flag, call the method PolicyMgtCertMap->EnableCRL.
  • Cache CRL entries
    Note:
    To change the value of this flag, call the method PolicyMgtCertMap->CacheCRL.
Syntax
The CreateExactCertMap method has the following format:
Netegrity::PolicyMgtSession->CreateExactCertMap(IssuerDN[, DirectoryType])
Parameters
The CreateExactCertMap method accepts the following parameters:
  1. IssuerDN
    (string)
    Specifies the distinguished name of the certificate issuer.
  2. DirectoryType (int)
    (Optional) Specifies one of the following user directory types used for authentication:
    • Sm_PolicyApi_DirType_LDAP (default)
    • Sm_PolicyApi_DirType_WinNT
    • Sm_PolicyApi_DirType_ODBC
Return Value
The CreateExactCertMap method returns one of the following values:
  • PolicyMgtCertMap (object)
  • undef
    if the call is unsuccessful
CreateGlobalPolicy Method Creates Global Policy
The CreateGlobalPolicy method creates a policy that has a global scope.
Syntax
The CreateGlobalPolicy method has the following format:
Netegrity::PolicyMgtSession->CreateGlobalPolicy(policyName[, enableFlag][, activeExpr][, policyDesc])
Parameters
The CreateGlobalPolicy method accepts the following parameters:
  1. policyName
    (string)
    Specifies the global policy's name.
  2. enableFlag
    (type)
    (Optional) Specifies whether to enable the global policy:
    • value = 1 (default)
      Specifies that the global policy is enabled.
    • value = 0
      Specifies that the global policy is disabled.
  3. activeExpr
    (string)
    (Optional) Specifies ...
  4. policyDesc
    (string)
    (Optional) Specifies the global policy's description.
Return Value
The CreateGlobalPolicy method returns one of the following values:
  • PolicyMgtPolicy (object)
  • undef
    if the call is unsuccessful
CreateGlobalResponse Method Creates Global Response
The CreateGlobalResponse method creates a response that has a global scope.
Syntax
The CreateGlobalResponse method has the following format:
Netegrity::PolicyMgtSession->CreateGlobalResponse(respName, agentType[, respDesc])
Parameters
The CreateGlobalResponse method accepts the following parameters:
  1. respName
    (string)
    Specifies the global response's name.
  2. agentType
    (PolicyMgtAgentType object)
    Specifies the type of agent associated with the global response.
    Note:
    To retrieve the agent type object, call the method PolicyMgtSession->GetAgentType.
  3. respDesc
    (string)
    (Optional) Specifies the global response's description.
Return Value
The CreateGlobalResponse method returns one of the following values:
  • PolicyMgtResponse (object)
  • undef
    if the call is unsuccessful
CreateGlobalResponseGroup Method--Creates a Domain-Specific Rule Group
The CreateGlobalResponseGroup method creates a rule group that is specific to a particular domain.
Syntax
The CreateGlobalResponseGroup method has the following format:
Netegrity::PolicyMgtSession->CreateGlobalResponseGroup(groupName, agentType, domain)
Parameters
The CreateGlobalResponseGroup method accepts the following parameters:
  1. groupName
    (string)
    Specifies the global rule group name.
  2. agentType
    (PolicyMgtAgentType)
    Specifies the type of agent.
  3. domain
    (PolicyMgtDomain)
    Specifies the domain for which the rule group applies.
Return Value
The CreateGlobalResponseGroup method returns one of the following values:
  • PolicyMgtGroup (object)
  • undef
    if the call is unsuccessful
CreateGlobalRule Method Creates Global Rule
The CreateGlobalRule method creates a rule that has a global scope.
Syntax
The CreateGlobalRule method has the following format:
Netegrity::PolicyMgtSession->CreateGlobalRule(ruleName, resource, event, agent[, ruleDesc][, allowAccess][, regexMatch][, activeExpr][, isEnabled])
Parameters
The CreateGlobalRule method accepts the following parameters:
  1. ruleName
    (string)
    Specifies the global rule's name.
  2. resource
    (string)
    Specifies the filter for the resource that the global rule is protecting.
  3. event
    (string)
    Specifies the type of event that the global rule is executing.
  4. agent
    (PolicyMgtAgent | PolicyMgtGroup)
    Specifies the agent or agent group associated with the global rule.
  5. ruleDesc
    (string)
    (Optional) Specifies the global rule's description.
  6. allowAccess
    (int)
    (Optional) Specifies whether to allow or deny access to the resource protected by the rule:
    • value = 1 (default)
      Specifies allowing access.
    • value = 0
      Specifies denying access.
  7. regexMatch
    (int)
    (Optional) Specifies whether to perform regular expression pattern matching:
    • value = 1
      Specifies performing regular expression pattern matching.
    • value = 0 (default)
      Specifies
      not
      performing regular expression pattern matching.
  8. activeExpr
    (string)
    (Optional) Specifies the global rule's active expression.
  9. isEnabled
    (int)
    (Optional) Specifies whether to enable or disable the global rule:
    • value = 1 (default)
      Specifies that the global rule is enabled.
    • value = 0
      Specifies that the global rule is disabled.
Return Value
The CreateGlobalRule method returns one of the following values:
  • PolicyMgtRule (object)
  • undef
    if the call is unsuccessful
CreateGlobalRuleGroup Method--Creates a Domain-Specific Rule Group
The CreateGlobalRuleGroup method creates a rule group that is specific to a particular domain.
Syntax
The CreateGlobalRuleGroup method has the following format:
Netegrity::PolicyMgtSession->CreateGlobalRuleGroup(groupName, agentType, domain)
Parameters
The CreateGlobalRuleGroup method accepts the following parameters:
  1. groupName
    (string)
    Specifies the global rule group name.
  2. agentType
    (PolicyMgtAgentType)
    Specifies the type of agent.
  3. domain
    (PolicyMgtDomian)
    Specifies the domain for which the rule group applies.
Return Value
The CreateGlobalRuleGroup method returns one of the following values:
  • PolicyMgtGroup (object)
  • undef
    if the call is unsuccessful
CreateHostConfig Method Creates Host Configuration Object
The CreateHostConfig method creates a host configuration object.
Syntax
The CreateHostConfig method has the following format:
Netegrity::PolicyMgtSession->CreateHostConfig(hostConfigName[, hostConfDesc][, enableFailover][, maxSocketsPerPort][, minSocketsPerPort][, newSocketstep][, requestTimeout])
Parameters
The CreateHostConfig method accepts the following parameters:
  1. hostConfigName
    (string)
    Specifies the name of the host configuration object.
  2. hostConfDesc
    (string)
    (Optional) Specifies the description of the host configuration object.
  3. enableFailover
    (int)
    (Optional) Specifies whether to use failover or round-robin communication between the Policy Server and the agent:
    • value = 1
      Specifies failover communication.
    • value = 0
      Specifies round-robin communication.
  4. maxSocketsPerPort
    (int)
    (Optional) Specifies the maximum number of TCP/IP sockets that can be opened between an agent and the Policy Server.
  5. minSocketsPerPort
    (int)
    (Optional) Specifies the minimum number of TCP/IP sockets that can be opened between an agent and the Policy Server.
  6. newSocketstep
    (int)
    (Optional) Specifies how many sockets to open when additional sockets are required.
  7. requestTimeout
    (int)
    (Optional) Specifies how long, in seconds, an agent can wait for a response from the Policy Server.
Return Value
The CreateHostConfig method returns one of the following values:
  • PolicyMgtHostConfig (object)
  • undef
    if the call is unsuccessful or the host configuration name already exists
CreateODBCQueryScheme Method Creates ODBC Query Scheme
The CreateODBCQueryScheme method creates and configures an ODBC query scheme. ODBC query schemes are also called SQL query schemes.
Note:
Create a unique data source for each ODBC query scheme.
Syntax
The CreateODBCQueryScheme method has the following format:
Netegrity::PolicyMgtSession->CreateODBCQueryScheme(schemeName[, schemeDesc][, queryEnumerate][, queryGetObjInfo][, queryLookup][, queryInitUser][, queryAuthenticateUser][, queryGetUserProp][, querySetUserProp][, queryGetUserProps][, queryLookupUser][, queryGetGroups][, queryIsGroupMember][, queryGetGroupProp][, querySetGroupProp][, queryGetGroupProps][, queryLookupGroup][, querySetPassword])
Parameters
The CreateODBCQueryScheme method accepts the following parameters:
  1. schemeName
    (string)
    Specifies the ODBC query scheme's name.
  2. schemeDesc
    (string)
    (Optional) Specifies the ODBC query scheme's description.
  3. queryEnumerate
    (string)
    (Optional) Specifies a query that lists the names of user objects in the directory.
    Note:
    For more information, see the method PolicyMgtODBCQueryScheme>QueryEnumerate.
  4. queryGetObjInfo
    (string)
    (Optional) Specifies a query that fetches the object's class.
    Note:
    For more information, see the method PolicyMgtODBCQueryScheme>QueryGetObjInfo.
  5. queryLookup
    (string)
    (Optional) Specifies a query that returns objects based on the value of an attribute in a group table.
    Note:
    For more information, see the method PolicyMgtODBCQueryScheme>QueryLookup.
  6. queryInitUser
    (string)
    (Optional) Specifies a query that determines if a user with a given name exists in the database.
    Note:
    For more information, see the method PolicyMgtODBCQueryScheme>QueryInitUser.
  7. queryAuthenticateUser
    (string)
    (Optional) Specifies a query that retrieves the user's password.
    Note:
    For more information, see the method PolicyMgtODBCQueryScheme>QueryAuthenticateUser.
  8. queryGetUserProp
    (string)
    (Optional) Specifies a query that retrieves the value of a user property.
    Note:
    The property must be listed in the
    queryGetUserProps
    parameter string. For more information, see the method PolicyMgtODBCQueryScheme>QueryGetUserProp.
  9. querySetUserProp
    (string)
    (Optional) Specifies a query that sets the value of a user property.
    Note:
    The property must be listed in the
    queryGetUserProps
    parameter string. For more information, see the method PolicyMgtODBCQueryScheme>QuerySetUserProp.
  10. queryGetUserProps
    (string)
    (Optional) Specifies a comma-separated list of user attributes that reside in the same table as the user name.
    Note:
    For more information, see the method PolicyMgtODBCQueryScheme>QueryGetUserProps.
  11. queryLookupUser
    (string)
    (Optional) Specifies a query that retrieves a user name through an attribute of the user table.
    Note:
    For more information, see the method PolicyMgtODBCQueryScheme>QueryLookupUser.
  12. queryGetGroups
    (string)
    (Optional) Specifies a query that retrieves the names of the groups to which the user belongs.
    Note:
    For more information, see the method PolicyMgtODBCQueryScheme>QueryGetGroups.
  13. queryIsGroupMember
    (string)
    (Optional) Specifies a query that determines whether a particular user is a member of a group.
    Note:
    For more information, see the method PolicyMgtODBCQueryScheme>QueryIsGroupMember.
  14. queryGetGroupProp
    (string)
    (Optional) Specifies a query that returns the value of a group property.
    Note:
    The property must be listed in the
    queryGetGroupProps
    parameter string. For more information, see the method PolicyMgtODBCQueryScheme>QueryGetGroupProp.
  15. querySetGroupProp
    (string)
    (Optional) Specifies a query that sets the value of a group property.
    Note:
    The property must be listed in the
    queryGetGroupProps
    parameter string. For more information, see the method PolicyMgtODBCQueryScheme>QuerySetGroupProp.
  16. queryGetGroupProps
    (string)
    (Optional) Specifies a comma-separated list of group attributes.
    Note:
    For more information, see the method PolicyMgtODBCQueryScheme>QueryGetGroupProps.
  17. queryLookupGroup
    (string)
    (Optional) Specifies a query that retrieves a group name through an attribute of the group table.
    Note:
    For more information, see the method PolicyMgtODBCQueryScheme>QueryLookupGroup.
  18. querySetPassword
    (string)
    (Optional) Specifies a query that changes a user's password.
    Note:
    For more information, see the method PolicyMgtODBCQueryScheme>QuerySetPassword.
Return Value
The CreateODBCQueryScheme method returns one of the following values:
  • PolicyMgtODBCQueryScheme (object)
  • undef
    if the call is unsuccessful or the ODBC query scheme name already exists
CreatePwdPolicy Method Creates Password Policy
The CreatePwdPolicy method creates and configures a password policy.
Syntax
The CreatePwdPolicy method has the following format:
Netegrity::PolicyMgtSession->CreatePwdPolicy(pwdPolName, userDir[, pwdPolDesc][, enabledFlag][, entireDirFlag][, path][, class][, allowNestedGroups][, maxLoginFailures][, maxLoginInactive][, expDelay][, expWarningDays][, dicName][, dicMatchLength][, userwait][, pwdSvcRedirect][maxPwdLength][, minPwdLength][, maxPwdRepeatChar][, minPwdAlphaNum][, minPwdAlpha][, minPwdNonAlpha][, minPwdNonPrint][, minPwdNum][, minPwdPunc][, pwdReuseCount][, pwdReuseDelay][, pwdPctDiff][, pwdIgnoreSeq][, profileAttrMatch])
Parameters
The CreatePwdPolicy method accepts the following parameters:
  1. pwdPolName
    (string)
    Specifies the name of the password policy.
  2. userDir
    (PolicyMgtUserDir object)
    Specifies the user directory to which the password policy applies.
  3. pwdPolDesc
    (string)
    (Optional) Specifies the description of the password policy.
  4. enabledFlag
    (int)
    (Optional) Specifies whether the password policy is enabled.
  5. entireDirFlag
    (int)
    (Optional) Specifies whether the password policy applies to the entire LDAP directory or only part of the directory.
    • value = 1
      Specifies that the password policy applies to the entire LDAP directory.
    • value = 0
      Specifies that the password policy only applies to part of the LDAP directory.
    Note:
    For part of the LDAP directory, specify the directory path in the
    path
    parameter and the class in the
    class
    parameter.
  6. path
    (string)
    (Optional) Specifies the part of the directory to which the password policy applies.
    Note:
    Include this parameter when the
    entireDirFlag
    parameter is set to 0.
  7. class
    (string)
    (Optional) Specifies the class to which the password policy applies.
    Note:
    Include this parameter when the
    entireDirFlag
    parameter is set to 0.
  8. allowNestedGroups
    (int)
    (Optional) Specifies whether the password policy is associated with the nested groups in the LDAP directory.
    Note:
    Include this parameter when the
    entireDirFlag
    parameter is set to 0.
  9. maxLoginFailures
    (int)
    (Optional) Specifies the maximum number of login failures allowed before the user's account is disabled.
  10. maxLoginInactive
    (int)
    (Optional) Specifies the maximum number of days of inactivity allowed before the user's password expires.
  11. expDelay (int)
    (Optional) Specifies the number of days a password can be unchanged before it expires.
  12. expWarningDays
    (int)
    (Optional) Specifies the number of days in advance to notify the user that the password is due to expire.
  13. dicName
    (string)
    (Optional) Specifies the location of the dictionary file that lists the words that cannot be used in a password.
  14. dicMatchLength
    (int)
    (Optional) Specifies the minimum number of letters required for dictionary checking.
  15. userwait
    (int)
    (Optional) Specifies the number of minutes an account is disabled before the account is enabled and the user is allowed to attempt logging in again.
  16. pwdSvcRedirect
    (string)
    (Optional) Specifies the URL where the user is redirected when an invalid password is entered.
    Note:
    This must be the URL of the Password Services CGI.
  17. maxPwdLength
    (int)
    (Optional) Specifies the maximum length of a user password.
    Note:
    This value must be greater than the value specified by the parameter
    minPwdLength
    .
  18. minPwdLength
    (int)
    (Optional) Specifies the minimum length of a user password.
  19. maxPwdRepeatChar
    (int)
    (Optional) Specifies the maximum number of identical characters that can appear consecutively in a password.
  20. minPwdAlphaNum
    (int)
    (Optional) Specifies the minimum number of alphanumeric characters (A-Z, a-z, 0-9) that a password must contain.
  21. minPwdAlpha
    (int)
    (Optional) Specifies the minimum number of alphabetic characters (A-Z, a-z) that a password must contain.
  22. minPwdNonAlpha
    (int)
    (Optional) Specifies the minimum number of non-alphanumeric characters that a password must contain.
    Note:
    The following are examples of non-alphanumeric characters: "@", "$", and "*".
  23. minPwdNonPrint
    (int)
    (Optional) Specifies the minimum number of non-printable characters that a password must contain.
    Note:
    Non-printable characters are not displayed on a computer screen.
  24. minPwdNum
    (int)
    (Optional) Specifies the minimum number of numeric characters (0-9) that a password must contain.
  25. minPwdPunc
    (int)
    (Optional) Specifies the minimum number of punctuation marks that a password must contain.
    Note:
    Punctuation marks include periods, commas, exclamation points, slashes, hyphens, and dashes.
  26. pwdReuseCount
    (int)
    (Optional) Specifies the number of new passwords that must be used before an old one can be reused.
  27. pwdReuseDelay
    (int)
    (Optional) Specifies the number of days a user must wait before reusing a password.
  28. pwdPctDiff
    (int)
    (Optional) Specifies the percentage of characters contained in a new password that must differ from the characters in the previous password.
    Note:
    A value of 100 specifies that the new password cannot contain any of the characters in the previous password. For more information, see the parameter
    pwdIgnoreSeq
    .
  29. pwdIgnoreSeq
    (int)
    (Optional) Specifies whether character position is ignored when the new password is compared to the previous password and the percentage of characters that are different is calculated.
    • value = 1
      Specifies that character sequence is ignored.
    • value = 0
      Specifies that character sequence is considered.
      Example:
      If the character "c" is in both the new and previous passwords, but its position in each password is different, then it is considered to be two different characters when the percentage is calculated.
  30. profileAttrMatch
    (int)
    (Optional) Specifies that the minimum character sequence that
    CA Single Sign-On
    checks when checking the password against attributes in the user's directory entry.
Return Value
The CreatePwdPolicy method returns one of the following values:
  • PolicyMgtPwdPolicy (object)
  • undef
    if the call is unsuccessful or the password policy name already exists
CreateRegScheme Method Creates Registration Scheme
The CreateRegScheme method creates and configures a registration scheme.
Syntax
The CreateRegScheme method has the following format:
Netegrity::PolicyMgtSession->CreateRegScheme(regName, userDir[, regDesc][, welcomeURL][, templatePath][, enableLogging])
Parameters
The CreateRegScheme method accepts the following parameters:
  1. regName
    (string)
    Specifies the registration scheme's name.
  2. userDir
    (string)
    Specifies the user directory associated with the registration scheme.
  3. regDesc
    (string)
    (Optional) Specifies the registration scheme's description.
  4. welcomeURL (string)
    (Optional) Specifies the URL for the welcome page.
    Note:
    Users are redirected to this page after successfully registering.
    Example:
    http://my.acme.com/hr/welcome.htm
  5. templatePath
    (string)
    (Optional) Specifies the path where the registration templates are located.
    Note:
    For more information about the
    templePath
    parameter, see Remarks.
  6. enableLogging
    (int)
    (Optional) Specifies whether to enable logging.
    • value = 1
      Specifies enabling logging.
    • value = 0 (default)
      Specifies disabling logging.
Return Value
The CreateRegScheme method returns one of the following values:
  • PolicyMgtRegScheme (object)
  • undef
    if the call is unsuccessful or the registration scheme name already exists
Remarks
When you install a
CA Single Sign-On
Web Agent, the registration templates are installed in the samples/selfreg subdirectory of the Web Agent installation directory by default. During
CA Single Sign-On
installation, the virtual directory /siteminderagent is created and pointed to the samples directory in the Web Agent installation directory. Therefore, when using the default directory, specify
templePath
as follows: /siteminderagent/selfreg (without the final slash).
If you are using SSL for registration, you must provide the absolute path for the registration templates. The default paths are as follows:
  • Windows platforms: install-dir\Netegrity\Siteminder Web Agent\Samples\SelfReg\
  • Solaris/Hpux platforms: install-dir/netegrity/siteminder/webagent/samples/selfreg/
CreateSAMLAffiliation Method Creates SAML 2.0 Affiliation Object
The CreateSAMLAffiliation method creates a SAML 2.0 affiliation object. A SAML 2.0 affiliation is a set of entities that share a single federated namespace of unique Name IDs for principals. To modify the properties of an existing SAML affiliation, call the method PolicyMgtSAMLAffiliation->Property.
Syntax
The CreateSAMLAffiliation method has the following format:
Netegrity::PolicyMgtSession->CreateSAMLAffiliation(propsHash_ref)
Parameters
The CreateSAMLAffiliation method accepts the following parameter:
  1. propsHash_ref
    (hash)
    Specifies a reference to a hashtable of metadata properties for the SAML 2.0 affiliation.
    Example:
    \%myhash
Return Value
The CreateSAMLAffiliation method returns one of the following values:
  • PolicyMgtSAMLAffiliation (object)
  • undef
    if the call is unsuccessful
Remarks
The SAML 2.0 affiliation properties are grouped as follows:
  • General Properties
    SAML_NAME
    SAML_DESCRIPTION
    SAML_KEY_AFFILIATION_ID
    SAML_MAJOR_VERSION
    SAML_MINOR_VERSION
    SAML_OID
  • Name ID Properties
    SAML_SP_NAMEID_FORMAT
    SAML_SP_NAMEID_TYPE
    SAML_SP_NAMEID_STATIC
    SAML_SP_NAMEID_ATTRNAME
    SAML_SP_NAMEID_DNSPEC
  • User Properties
    SAML_IDP_XPATH
    SAML_IDP_LDAP_SEARCH_SPEC
    SAML_IDP_ODBC_SEARCH_SPEC
    SAML_IDP_WINNT_SEARCH_SPEC
    SAML_IDP_CUSTOM_SEARCH_SPEC
    SAML_IDP_AD_SEARCH_SPEC.
CreateSAMLAuthScheme Method Creates SAML Authentication Scheme Object
The CreateSAMLAuthScheme method creates a SAML 2.0 authentication scheme object with its properties set to specified values. There are two types of properties associated with the object: authentication scheme properties and metadata properties.
Authentication Scheme Properties
The authentication scheme properties are based on the SAML 2.0 template and have the following initial values:
  • Library
    Default:
    smauthsaml
  • Is_Template
    Default:
    FALSE
  • Is_Used_by_Administrator
    Default:
    FALSE
  • Save_Credentials
    Default:
    FALSE
  • Is_RADIUS
    Default:
    FALSE
  • Ignore_Password_Check
    Default:
    TRUE
  • Protection_Level
    Default:
    5
Note:
You can modify the default protection level by calling the CreateSAMLAuthScheme method with the optional
protLevel
parameter set to a new value.
Metadata Properties
The metadata properties are the properties of the Identity Provider associated with the SAML 2.0 authentication scheme and are stored with the authentication scheme. To specify them, pass the reference to the hashtable of metadata properties to the CreateSAMLAuthScheme method in the
propsHash_ref
parameter. To update the metadata properties of an existing SAML 2.0 authentication scheme, call the method PolicyMgtSession->SAMLAuthSchemeProperties.
Syntax
The CreateSAMLAuthScheme method has the following format:
Netegrity::PolicyMgtSession->CreateSAMLAuthScheme(schemeName, propsHash_ref[, schemeDesc][, protLevel])
Parameters
The CreateSAMLAuthScheme method accepts the following parameters:
  1. schemeName
    (string)
    Specifies the name of the authentication scheme.
  2. propsHash_ref
    (hash)
    Specifies a reference to a hashtable of metadata properties to associate with the SAML 2.0 authentication scheme.
    Example:
    \%myhash
    Note:
    For a complete list of metadata properties, see Remarks.
  3. schemeDesc
    (string)
    (Optional) Specifies the description of the authentication scheme.
  4. protLevel
    (int)
    (Optional) Specifies the protection level of the authentication scheme.
Return Value
The CreateSAMLAuthScheme method returns one of the following values:
  • PolicyMgtAuthScheme (object)
  • undef
    if the call is unsuccessful or the SAML authentication scheme name already exists
Remarks
The metadata properties associated with the SAML 2.0 authentication scheme are listed following.
  • General Properties
    SAML_NAME
    SAML_DESCRIPTION
  • Scheme Setup Properties
    SAML_IDP_SPID
    SAML_KEY_IDPID
    SAML_MAJOR_VERSION
    SAML_MINOR_VERSION
    SAML_SKEWTIME
    SAML_DISABLE_SIGNATURE_PROCESSING
    SAML_DSIG_VERINFO_ISSUER_DN
    SAML_DSIG_VERINFO_SERIAL_NUMBER
  • User Properties
    SAML_IDP_XPATH
    SAML_IDP_LDAP_SEARCH_SPEC
    SAML_IDP_ODBC_SEARCH_SPEC
    SAML_IDP_WINNT_SEARCH_SPEC
    SAML_IDP_CUSTOM_SEARCH_SPEC
    SAML_IDP_AD_SEARCH_SPEC
    SAML_AFFILIATION
  • SSO Properties
    SAML_IDP_SSO_REDIRECT_MODE
    SAML_IDP_SSO_DEFAULT_SERVICE
    SAML_AUDIENCE
    SAML_IDP_SSO_TARGET
    SAML_ENABLE_SSO_ARTIFACT_BINDING
    SAML_KEY_IDP_SOURCEID
    SAML_IDP_ARTIFACT_RESOLUTION_DEFAULT_SERVICE
    SAML_IDP_BACKCHANNEL_AUTH_TYPE
    SAML_IDP_SPNAME
    SAML_IDP_PASSWORD
    SAML_ENABLE_SSO_POST_BINDING
    SAML_IDP_SSO_ENFORCE_SINGLE_USE_POLICY
    SAML_SSOECPPROFILE
    SAML_IDP_SIGN_AUTHNREQUESTS
  • SLO Properties
    SAML_SLO_REDIRECT_BINDING
    SAML_SLO_SERVICE_VALIDITY_DURATION
    SAML_SLO_SERVICE_URL
    SAML_SLO_SERVICE_RESPONSE_URL
    SAML_SLO_SERVICE_CONFIRM_URL
  • Encryption Properties
    SAML_IDP_REQUIRE_ENCRYPTED_ASSERTION
    SAML_IDP_REQUIRE_ENCRYPTED_NAMEID
  • Attribute Properties
    SAML_IDP_SAMLREQ_ENABLE
    SAML_IDP_SAMLREQ_REQUIRE_SIGNED_ASSERTION
    SAML_IDP_SAMLREQ_ATTRIBUTE_SERVICE
    SAML_IDP_SAMLREQ_GET_ALL_ATTRIBUTES
  • NameID Properties
    SAML_IDP_SAMLREQ_NAMEID_FORMAT
    SAML_IDP_SAMLREQ_NAMEID_TYPE
    SAML_IDP_SAMLREQ_NAMEID_STATIC
    SAML_IDP_SAMLREQ_NAMEID_ATTR_NAME
    SAML_IDP_SAMLREQ_NAMEID_DN_SPEC
    SAML_IDP_SAMLREQ_NAMEID_ALLOW_NESTED
  • Advanced Properties
    SAML_SP_PLUGIN_CLASS
    SAML_SP_PLUGIN_PARAMS
    SAML_IDP_REDIRECT_URL_USER_NOT_FOUND
    SAML_IDP_REDIRECT_MODE_USER_NOT_FOUND
    SAML_IDP_REDIRECT_URL_FAILURE
    SAML_IDP_REDIRECT_MODE_FAILURE
    SAML_IDP_REDIRECT_URL_INVALID
    SAML_IDP_REDIRECT_MODE_INVALID
CreateSingleCertMap Method Creates Single-Attribute Certificate Map
The CreateSingleCertMap method creates a certificate map between a single attribute in the certificate's Subject DN and the corresponding user attribute in the user directory. For authentication to succeed, the attribute's value in the Subject DN must match the value of the corresponding user attribute in the user directory.
Syntax
The CreateSingleCertMap Method method has the following format:
Netegrity::PolicyMgtSession->CreateSingleCertMap(IssuerDN, Attribute[, DirectoryType])
Parameters
The CreateSingleCertMap Method method accepts the following parameters:
  1. IssuerDN
    (string)
    Specifies the distinguished name of the certificate issuer.
  2. Attribute
    (string)
    Specifies the name of the attribute whose values in the certificate's Subject DN and in the user directory must match.
    Syntax:
    %{
    attribute_name
    }
    Example:
    %{uid}
  3. DirectoryType
    (int)
    (Optional) Specifies the type of the user directory specified for authentication.
    • Sm_PolicyApi_DirType_LDAP (default)
    • Sm_PolicyApi_DirType_WinNT
    • Sm_PolicyApi_DirType_ODBC
Return Value
The CreateSingleCertMap Method method returns one of the following values:
  • PolicyMgtCertMap (object)
  • undef
    if the call is unsuccessful
Remarks
When a certificate map is created, the following flags are set to false, the default value:
  • certificate_required_flag
  • use_distributionpoints_flag
  • verify_signature_flag
  • check_certificate_revocation_list_flag
  • cache_certificate_revocation_list_entries_flag
For information on changing the value of these flags, see the method PolicyMgtSession>CreateExactCertMap.
CreateTrustedHost Method Creates Trusted Host Object
The CreateSAMLAuthScheme method creates a trusted host object in the policy store, registers the trusted host with the Policy Server, and if registration is successful, creates the local registration file. Use this method when the Policy Server is connected to the agent host. When there is no connection between the Policy Server and the agent host, call the method PolicyMgtSession->AddTrustedHost instead.
Syntax
The CreateTrustedHost method has the following format:
Netegrity::PolicyMgtSession->CreateTrustedHost(trustedHostName [,ipAddress][, adminName][, adminPassword][, hostConfigName][, registrationDataFileName])
Parameters
The CreateTrustedHost method accepts the following parameters:
  1. trustedHostName
    (string)
    Specifies the name of the trusted host.
  2. ipAddress
    (string)
    (Optional) Specifies the IP address of the Policy Server.
  3. adminName
    (string)
    (Optional) Specifies the name of a Policy Server administrator.
  4. adminPassword
    (string)
    (Optional) Specifies the administrator's password.
  5. hostConfigName
    (string)
    (Optional) Specifies the name of the host configuration object.
  6. registrationDataFileName
    (string)
    (Optional) Specifies the name of the file where registration data is written when the host is successfully registered with the Policy Server.
    Note:
    This filename is specified by calling the Agent API method Connect. The file is stored and managed by
    CA Single Sign-On
    .
Return Value
The CreateTrustedHost method returns one of the following values:
  • PolicyMgtTrustedHost (object)
  • undef
    if the call is unsuccessful or if the trusted host name already exists
CreateUserDir Method Creates User Directory Object
The CreateUserDir method creates and configures a user directory object.
Syntax
The CreateUserDir method has the following format:
Netegrity::PolicyMgtSession->CreateUserDir(dirName, namespace, server[, ODBCQueryScheme][, domDesc][, searchRoot][, usrLookStart][, usrLookEnd][, username][, password][, searchResults][, searchScope][, searchTimeout][, secureConn][, requireCreds][, disabledAttr][, UIDAttr][, anonID][, pwdData][, pwdAttr][, emailAttr][, chalRespAttr])
Parameters
The CreateUserDir method accepts the following parameters:
  1. dirName
    (string)
    Specifies the user directory object's name.
  2. namespace
    (string)
    Specifies the user directory's namespace:
    • LDAP
    • AD
    • ODBC
    • WinNT
    • Custom
  3. server
    (string)
    Specifies one of the following directory-dependent values:
    • LDAP and AD
      Specifies the IP address and port number of the LDAP server.
      Syntax:
      IP_address:port_number
      Note:
      The default port number is 389.
    • ODBC
      Specifies the data source name.
    • WinNT
      Specifies the domain name.
    • Custom
      Specifies the name of the library that corresponds to the custom directory.
  4. ODBCQueryScheme
    (PolicyMgtODBCQueryScheme object)
    (Optional) Specifies a set of queries that
    CA Single Sign-On
    uses to query the ODBC directory.
    Note:
    If the user directory is not an ODBC directory, this parameter's value is undef.
  5. domDesc
    (string)
    (Optional) Specifies the description of the user directory.
  6. searchRoot
    (string)
    (Optional) Specifies one of the following directory-dependent values:
    • LDAP
      Specifies the location in the LDAP tree that is the starting point for the directory connection, for example, the organization (o) or organizational unit (ou). This location, called the search root, is the point where the Policy Server starts the search for a user.
      Note:
      For more information about this parameter, see the parameter
      searchScope
      .
    • Custom
      Specifies a string of parameters to pass to the custom library.
  7. usrLookStart
    (string)
    (Optional) Specifies the start value for a user DN lookup in an LDAP directory.
  8. usrLookEnd
    (string)
    (Optional) Specifies the end value for a user DN lookup in an LDAP directory.
Note:
Specifying values for the user DN lookup starting point and endpoint allows users to enter part of the DN string when authenticating. In the following example, the user only needs to specify the string "JSmith" and not the whole DN string when logging in:
  • DN = "uid=JSmith,ou=marketing,o=myorg.org"
  • starting_point = "uid="
  • endpoint = ",ou=marketing,o=myorg.org"
  • login = "JSmith"
  • username
    (string)
    (Optional) Specifies the user name needed for accessing the user directory.
    Note:
    When using this parameter, set
    requireCreds
    to 1.
  • password
    (string)
    (Optional) Specifies the password required for accessing the user directory.
    Note:
    When using this parameter, set
    requireCreds
    to 1.
  • searchResults
    (int)
    (Optional) Specifies the maximum number of results to return from a search of an LDAP or custom directory.
  • searchScope
    (int)
    (Optional) Specifies how many levels
    CA Single Sign-On
    searches when looking for users or user groups in an LDAP directory:
    • USERDIR_SCOPE_SUBTREE
      Specifies searching the root and all levels below.
    • USERDIR_SCOPE_ONELEVEL
      Specifies searching the root and one level below.
    Note:
    For more information, see the
    searchRoot
    parameter.
  • searchTimeout
    (int)
    (Optional) Specifies the maximum time, in seconds, allowed for searching an LDAP or custom directory.
  • secureConn
    (int)
    (Optional) Specifies whether an LDAP or custom user directory connection is secured by SSL:
    • value = 1
      Specifies a connection secured by SSL.
    • value = 0 (default)
      Specifies a connection that is not secure.
    Note:
    When this flag is enabled,
    CA Single Sign-On
    authentication is secure and transmissions are encrypted. Enable this flag when using SSL.
  • requireCreds
    (int)
    (Optional) Specifies whether user credentials are required for authentication:
    • value = 1
      Specifies that credentials are required.
    • value = 0 (default)
      Specifies that credentials are not required.
  • disabledAttr
    (string)
    (Optional) Specifies the name of the user directory attribute that contains the user's disabled state.
    Note:
    This parameter applies to LDAP and ODBC directories and some custom directories.
  • UIDAttr
    (string)
    (Optional) Specifies the name of the user directory's universal ID attribute.
    Note:
    The universal ID is different from the user's login ID and is used to look up user information. This parameter applies to LDAP, ODBC, and WinNT directories and to some custom directories.
  • anonID
    (string)
    (Optional) Specifies the name of the user directory's anonymous user DN attribute.
    Note:
    The DN, which is defined in the anonymous authentication scheme, gives anonymous users access to resources protected by the anonymous authentication scheme. This parameter applies to LDAP directories and some custom directories.
  • pwdData
    (string)
    (Optional) Specifies the name of the user directory's password data attribute.
    Note:
    This parameter applies to LDAP and ODBC directories and some custom directories.
  • pwdAttr
    (string)
    (Optional) Specifies the name of the user directory's password attribute.
    Note:
    This parameter applies to LDAP and ODBC directories and some custom directories.
  • emailAttr
    (string)
    Note:
    This optional parameter is reserved for future use.
  • chalRespAttr
    (string)
    (Optional) Specifies the name of the user directory's challenge/response attribute.
    Example:
    The challenge/response can be a hint that
    CA Single Sign-On
    sends the user when the user forgets the password.
    Note:
    This parameter applies to LDAP directories and some custom directories.
Return Value
The CreateUserDir method returns one of the following values:
  • PolicyMgtUserDir (object)
  • undef
    if the call is unsuccessful
CreateWSFEDAuthScheme Method Creates WS-Federation Authentication Scheme
The CreateWSFEDAuthScheme method creates an instance of a WS-Federation authentication scheme and sets the authentication scheme's properties.
Syntax
The CreateWSFEDAuthScheme method has the following format:
Netegrity::PolicyMgtSession->CreateWSFEDAuthScheme(name, propsHash[, desc][, level])
Parameters
The CreateWSFEDAuthScheme method accepts the following parameters:
  1. name
    (string)
    Specifies the name of the WS-Federation authentication scheme.
  2. propsHash
    (hashtable)
    Specifies a reference to the hashtable of WS-Federation authentication scheme properties to set.
    Note:
    For a complete list of WS-Federation authentication scheme properties, see Remarks.
  3. desc
    (string)
    (Optional) Specifies a description of the authentication scheme.
  4. level
    (int)
    (Optional) Specifies the authentication scheme level.
Return Value
The CreateWSFEDAuthScheme method returns one of the following values:
  • PolicyMgtAuthScheme (object)
  • undef
    if the call is unsuccessful
Remarks
The WS-Federation authentication scheme properties are grouped in the FSS Administrative UI as follows:
  • General Properties
    WSFED_NAME
    WSFED_DESCRIPTION
  • Scheme Setup Tab
    WSFED_KEY_APID
    WSFED_RPID
    WSFED_SKEW_TIME
    WSFED_DISABLE_SIGNATURE_PROCESSING
    WSFED_DSIG_VERINFO_ALIAS
  • Additional Configuration, Users Tab
    WSFED_AP_XPATH
    WSFED_AP_LDAP_SEARCH_SPEC
    WSFED_AP_ODBC_SEARCH_SPEC
    WSFED_AP_WINNT_SEARCH_SPEC
    WSFED_AP_CUSTOM_SEARCH_SPEC
    WSFED_AP_ADD_SEARCH_SPEC
  • Additional Configuration, SSO Tab
    WSFED_AP_SSO_REDIRECT_MODE
    WSFED_AP_SSO_DEFAULT_SERVICE
    WSFED_AP_SSO_TARGET
    WSFED_ENFORCE_SINGLE_USE_POLICY
  • Additional Configuration, Signout Tab
    WSFED_AP_SLO_ENABLED
    WSFED_AP_SIGNOUT_URL
  • Additional Configuration, Advanced Tab
    WSFED_AP_PLUGIN_CLASS
    WSFED_AP_PLUGIN_PARAMS
    WSFED_AP_USER_NOT_FOUND_REDIRECT_URL
    WSFED_AP_USER_NOT_FOUND_REDIRECT_MODE
    WSFED_AP_FAILURE_REDIRECT_URL
    WSFED_AP_FAILURE_REDIRECT_MODE
    WSFED_AP_INVALID_REDIRECT_URL
    WSFED_AP_INVALID_REDIRECT_MODE
DeleteAdmin Method Deletes Administrator
The DeleteAdmin method deletes an administrator from the policy store.
Syntax
The DeleteAdmin method has the following format:
Netegrity::PolicyMgtSession->DeleteAdmin(admin)
Parameters
The DeleteAdmin method accepts the following parameter:
  1. admin
    (PolicyMgtAdmin object)
    Specifies the administrator object to delete.
Return Value
The DeleteAdmin method returns one of the following values:
  • value = 0
    Specifies that the method is successful or that the administrator is not found.
  • value = -1
    Specifies that the method is unsuccessful.
Remarks
To remove an administrator from a particular domain, see the method PolicyMgtAffDomain>RemoveAdmin.
DeleteAffDomain Method Deletes Affiliate Domain
The DeleteAffDomain method deletes an affiliate domain.
Syntax
The DeleteAffDomain method has the following format:
Netegrity::PolicyMgtSession->DeleteAffDomain(affDomain)
Parameters
The DeleteAffDomain method accepts the following parameter:
  1. affDomain
    (PolicyMgtAffDomain object)
    Specifies the affiliate domain object to delete.
Return Value
The DeleteAffDomain method returns one of the following values:
  • value = 0
    Specifies that the method is successful or that the affiliate domain is not found.
  • value = -1
    Specifies that the method is unsuccessful.
DeleteAgent Method Deletes Agent
The DeleteAgent method deletes an agent.
Syntax
The DeleteAgent method has the following format:
Netegrity::PolicyMgtSession->DeleteAgent(agent)
Parameters
The DeleteAgent method accepts the following parameter:
  1. agent
    (PolicyMgtAgent object)
    Specifies the agent object to delete.
Return Value
The DeleteAgent method returns one of the following values:
  • value = 0
    Specifies that the method is successful or that the agent is not found.
  • value = -1
    Specifies that the method is unsuccessful.
DeleteAgentConfig Method Deletes Agent Configuration Object
The DeleteAgentConfig method deletes an agent configuration object.
Syntax
The DeleteAgentConfig method has the following format:
Netegrity::PolicyMgtSession->DeleteAgentConfig(AgentConfig)
Parameters
The DeleteAgentConfig method accepts the following parameter:
  1. AgentConfig
    (PolicyMgtAgentConfig object)
    Specifies the agent configuration object to delete.
Return Value
The DeleteAgentConfig method returns one of the following values:
  • value = 0
    Specifies that the method is successful or that the agent configuration object was not found.
  • value = -1
    Specifies that the method is unsuccessful.
DeleteAuthAzMap Method Deletes Authentication and Authorization Map
The DeleteAuthAzMap method deletes an authentication and authorization map.
Syntax
The DeleteAuthAzMap method has the following format:
Netegrity::PolicyMgtSession->DeleteAuthAzMap(map)
Parameters
The DeleteAuthAzMap method accepts the following parameter:
  1. map
    (PolicyMgtAuthAzMap object)
    Specifies the authentication and authorization map object to delete.
Return Value
The DeleteAuthAzMap method returns one of the following values:
  • value = 0
    Specifies that the method is successful or that the authentication and authorization map is not found.
  • value = -1
    Specifies that the method is unsuccessful.
DeleteAuthScheme Method Deletes Authentication Scheme
The DeleteAuthScheme method deletes an authentication scheme.
Syntax
The DeleteAuthScheme method has the following format:
Netegrity::PolicyMgtSession->DeleteAuthScheme(authScheme)
Parameters
The DeleteAuthScheme method accepts the following parameter:
  1. authScheme
    (PolicyMgtAuthScheme object)
    Specifies the authentication scheme object to delete.
Return Value
The DeleteAuthScheme method returns one of the following values:
  • value = 0
    Specifies that the method is successful or that the authentication scheme is not found.
  • value = -1
    Specifies that the method is unsuccessful.
DeleteCertMap Method Deletes Certificate Map
The DeleteCertMap method deletes a certificate map.
Syntax
The DeleteCertMap method has the following format:
Netegrity::PolicyMgtSession->DeleteCertMap(map)
Parameters
The DeleteCertMap method accepts the following parameter:
  1. map
    (PolicyMgtCertMap object)
    Specifies the certificate map object to delete.
Return Value
The DeleteCertMap method returns one of the following values:
  • value = 0
    Specifies that the method is successful or that the certificate map is not found.
  • value = -1
    Specifies that the method is unsuccessful.
DeleteDomain Method Deletes Policy Domain
The DeleteDomain method deletes a policy domain.
Syntax
The DeleteDomain method has the following format:
Netegrity::PolicyMgtSession->DeleteDomain(domain)
Parameters
The DeleteDomain method accepts the following parameter:
  1. domain
    (PolicyMgtDomain object)
    Specifies the domain object to delete.
Return Value
The DeleteDomain method returns one of the following values:
  • value = 0
    Specifies that the method is successful or that the domain is not found.
  • value = -1
    Specifies that the method is unsuccessful.
DeleteGlobalPolicy Method Deletes Global Policy
The DeleteGlobalPolicy method deletes a global policy.
Syntax
The DeleteGlobalPolicy method has the following format:
Netegrity::PolicyMgtSession->DeleteGlobalPolicy(policy)
Parameters
The DeleteGlobalPolicy method accepts the following parameter:
  1. policy
    (PolicyMgtPolicy object)
    Specifies the global policy object to delete.
Return Value
The DeleteGlobalPolicy method returns one of the following values:
  • value = 0
    Specifies that the method is successful.
  • value = -1
    Specifies that the method is unsuccessful.
DeleteGlobalResponse Method Deletes Global Response
The DeleteGlobalResponse method deletes a global response.
Syntax
The DeleteGlobalResponse method has the following format:
Netegrity::PolicyMgtSession->DeleteGlobalResponse(response)
Parameters
The DeleteGlobalResponse method accepts the following parameter:
  1. response
    (PolicyMgtResponse object)
    Specifies the global response object to delete.
Return Value
The DeleteGlobalResponse method returns one of the following values:
  • value = 0
    Specifies that the method is successful.
  • value = -1
    Specifies that the method is unsuccessful.
DeleteGlobalRule Method Deletes Global Rule
The DeleteGlobalRule method deletes a global rule.
Syntax
The DeleteGlobalRule method has the following format:
Netegrity::PolicyMgtSession->DeleteGlobalRule(rule)
Parameters
The DeleteGlobalRule method accepts the following parameter:
  1. rule
    (PolicyMgtRule object)
    Specifies the global rule object to delete.
Return Value
The DeleteGlobalRule method returns one of the following values:
  • value = 0
    Specifies that the method is successful.
  • value = -1
    Specifies that the method is unsuccessful.
DeleteGroup Method Deletes Agent Group
The DeleteGroup method deletes an agent group.
Syntax
The DeleteGroup method has the following format:
Netegrity::PolicyMgtSession->DeleteGroup(group)
Parameters
The DeleteGroup method accepts the following parameter:
  1. group
    (PolicyMgtGroup object)
    Specifies the agent group object to delete.
Return Value
The DeleteGroup method returns one of the following values:
  • value = 0
    Specifies that the method is successful or that the agent group is not found.
  • undef
    Specifies that the method is unsuccessful.
DeleteHostConfig Method Deletes Host Configuration Object
The DeleteHostConfig method deletes a host configuration object.
Syntax
The DeleteHostConfig method has the following format:
Netegrity::PolicyMgtSession->DeleteHostConfig(HostConfig)
Parameters
The DeleteHostConfig method accepts the following parameter:
  1. HostConfig
    (PolicyMgtHostConfig object)
    Specifies the host configuration object to delete.
Return Value
The DeleteHostConfig method returns one of the following values:
  • value = 0
    Specifies that the method is successful or that the host configuration object is not found.
  • value = -1
    Specifies that the method is unsuccessful.
DeleteODBCQueryScheme Method Deletes ODBC Query Scheme
The DeleteODBCQueryScheme method deletes an ODBC query scheme.
Syntax
The DeleteODBCQueryScheme method has the following format:
Netegrity::PolicyMgtSession->DeleteODBCQueryScheme(scheme)
Parameters
The DeleteODBCQueryScheme method accepts the following parameter:
  1. scheme
    (PolicyMgtODBCQueryScheme object)
    Specifies the ODBC query scheme object to delete.
Return Value
The DeleteODBCQueryScheme method returns one of the following values:
  • value = 0
    Specifies that the method is successful or that the ODBC query scheme is not found.
  • value = -1
    Specifies that the method is unsuccessful.
DeletePwdPolicy Method Deletes Password Policy
The DeletePwdPolicy method deletes a password policy.
Syntax
The DeletePwdPolicy method has the following format:
Netegrity::PolicyMgtSession->DeletePwdPolicy(pwdPolicy)
Parameters
The DeletePwdPolicy method accepts the following parameter:
  1. pwdPolicy
    (PolicyMgtPwdPolicy object)
    Specifies the password policy object to delete.
Return Value
The DeletePwdPolicy method returns one of the following values:
  • value = 0
    Specifies that the method is successful or that the password policy is not found.
  • value = -1
    Specifies that the method is unsuccessful.
DeleteRegScheme Method Deletes Registration Scheme
The DeleteRegScheme method deletes a registration scheme.
Syntax
The DeleteRegScheme method has the following format:
Netegrity::PolicyMgtSession->DeleteRegScheme(regScheme)
Parameters
The DeleteRegScheme method accepts the following parameter:
  1. regScheme
    (PolicyMgtRegScheme object)
    Specifies the registration scheme object to delete.
Return Value
The DeleteRegScheme method returns one of the following values:
  • value = 0
    Specifies that the method is successful or that the registration scheme is not found.
  • value = -1
    Specifies that the method is unsuccessful.
DeleteSAMLAffiliation Method Deletes SAML Affiliation
The DeleteSAMLAffiliation method deletes a SAML 2.0 affiliation object.
Syntax
The DeleteSAMLAffiliation method has the following format:
Netegrity::PolicyMgtSession->DeleteSAMLAffiliation(SAMLAffil)
Parameters
The DeleteSAMLAffiliation method accepts the following parameter:
  1. SAMLAffil
    (PolicyMgtSAMLAffiliation object)
    Specifies the SAML 2.0 affiliation object to delete.
Return Value
The DeleteSAMLAffiliation method returns one of the following values:
  • value = 0
    Specifies that the method is successful or that the SAML affiliation object is not found.
  • value = -1
    Specifies that the method is unsuccessful.
DeleteTrustedHost Method Deletes Trusted Host
The DeleteTrustedHost method deletes a trusted host.
Syntax
The DeleteTrustedHost method has the following format:
Netegrity::PolicyMgtSession->DeleteTrustedHost(TrustedHost)
Parameters
The DeleteTrustedHost method accepts the following parameter:
  1. TrustedHost
    (PolicyMgtTrustedHost object)
    Specifies the trusted host object to delete.
Return Value
The DeleteTrustedHost method returns one of the following values:
  • value = 0
    Specifies that the method is successful or that the trusted host is not found.
  • value = -1
    Specifies that the method is unsuccessful.
DeleteUserDir Method Deletes User Directory
The DeleteUserDir method
Syntax
The DeleteUserDir method has the following format:
Netegrity::PolicyMgtSession->DeleteUserDir(userdir)
Parameters
The DeleteUserDir method accepts the following parameter:
  1. userdir
    (PolicyMgtUserDir object)
    Specifies the user directory object to delete.
Return Value
The DeleteUserDir method returns one of the following values:
  • value = 0
    Specifies that the method is successful or that the user directory is not found.
  • value = -1
    Specifies that the method is unsuccessful.
GetAdmin Method Retrieves Administrator
The GetAdmin method retrieves the specified administrator.
Syntax
The GetAdmin method has the following format:
Netegrity::PolicyMgtSession->GetAdmin(adminName)
Parameters
The GetAdmin method accepts the following parameter:
  1. adminName
    (string)
    Specifies the name of the administrator to retrieve.
Return Value
The GetAdmin method returns one of the following values:
  • PolicyMgtAdmin object if the call is successful
  • undef
    if the call is unsuccessful or the specified administrator does not exist
GetAffDomain Method Retrieves Affiliate Domain
The GetAffDomain method retrieves the specified affiliate domain.
Syntax
The GetAffDomain method has the following format:
Netegrity::PolicyMgtSession->GetAffDomain(domName)
Parameters
The GetAffDomain method accepts the following parameter:
  1. domName
    (string)
    Specifies the name of the affiliate domain to retrieve.
Return Value
The GetAffDomain method returns one of the following values:
  • PolicyMgtAffDomain object
  • undef
    if the call is unsuccessful or the specified affiliate domain does not exist
GetAgent Method Retrieves Agent
The GetAgent method retrieves the specified agent.
Syntax
The GetAgent method has the following format:
Netegrity::PolicyMgtSession->GetAgent(agentName)
Parameters
The GetAgent method accepts the following parameter:
  1. agentName
    (string)
    Specifies the name of the agent to retrieve.
Return Value
The GetAgent method returns one of the following values:
  • PolicyMgtAgent object if the call is successful
  • undef
    if the call is unsuccessful or the specified agent does not exist
GetAgentConfig Method Retrieves Agent Configuration Object
The GetAgentConfig method retrieves the specified agent configuration object.
Syntax
The GetAgentConfig method has the following format:
Netegrity::PolicyMgtSession->GetAgentConfig(acName)
Parameters
The GetAgentConfig method accepts the following parameter:
  1. acName
    (string)
    Specifies the name of the agent configuration object to retrieve.
Return Value
The GetAgentConfig method returns one of the following values:
  • PolicyMgtAgentConfig object if the call is successful
  • undef
    if the call is unsuccessful or the specified agent configuration object does not exist
GetAgentGroup Method Retrieves Agent Group
The GetAgentGroup method retrieves the specified agent group.
Syntax
The GetAgentGroup method has the following format:
Netegrity::PolicyMgtSession->GetAgentGroup(agentGroup)
Parameters
The GetAgentGroup method accepts the following parameter:
  1. agentGroup
    (string)
    Specifies the name of the agent group to retrieve.
Return Value
The GetAgentGroup method returns one of the following values:
  • PolicyMgtGroup object
  • undef
    if the call is unsuccessful or the specified agent group does not exist
GetAgentType Method Retrieves Agent Type
The GetAgentType method retrieves the specified agent type.
Syntax
The GetAgentType method has the following format:
Netegrity::PolicyMgtSession->GetAgentType(agentTypeName)
Parameters
The GetAgentType method accepts the following parameter:
  1. agentTypeName
    (string)
    Specifies one of the following pre-defined agent types to retrieve:
    • 3Com (RADIUS agent)
    • Affiliate Agent (
      CA Single Sign-On
      Affiliate agent)
    • AffiliateMinder (AffiliateMinder agent)
    • Ascend (RADIUS agent)
    • Bay Networks (RADIUS agent)
    • CheckPoint (RADIUS agent)
    • Cisco (RADIUS agent)
    • EJB Agent (
      CA Single Sign-On
      EJB agent)
    • Generic RADIUS (RADIUS agent)
    • Livingston (RADIUS agent)
    • Network Associates Sniffer (RADIUS agent)
    • Servlet Agent (
      CA Single Sign-On
      Servlet agent)
    • Shiva (RADIUS agent)
    • TeleBit (RADIUS agent)
    • U.S. Robotics (RADIUS agent)
    • Web Agent (
      CA Single Sign-On
      Web agent)
Return Value
The GetAgentType method returns one of the following values:
  • PolicyMgtAgentType object if the call is successful
  • undef
    if the call is unsuccessful or the specified agent type does not exist
GetAllAdmins Method Retrieves List of All Administrators
The GetAllAdmins method retrieves a list of all administrators configured on the Policy Server.
Syntax
The GetAllAdmins method has the following format:
Netegrity::PolicyMgtSession->GetAllAdmins()
Parameters
The GetAllAdmins method accepts no parameters.
Return Value
The GetAllAdmins method returns one of the following values:
  • PolicyMgtAdmin (array)
  • undef
    if the call is unsuccessful or no administrators exist
GetAllAffDomains Method Retrieves List of All Affiliate Domains
The GetAllAffDomains method retrieves a list of all configured affiliate domains.
Syntax
The GetAllAffDomains method has the following format:
Netegrity::PolicyMgtSession->GetAllAffDomains()
Parameters
The GetAllAffDomains method accepts no parameters.
Return Value
The GetAllAffDomains method returns one of the following values:
  • PolicyMgtAffDomain (array)
  • undef
    if the call is unsuccessful or no affiliate domains exist
GetAllAgentConfigs Method Retrieves List of All Agent Configuration Objects
The GetAllAgentConfigs method retrieves a list of all agent configuration objects.
Syntax
The GetAllAgentConfigs method has the following format:
Netegrity::PolicyMgtSession->GetAllAgentConfigs()
Parameters
The GetAllAgentConfigs method accepts no parameters.
Return Value
The GetAllAgentConfigs method returns one of the following values:
  • PolicyMgtAgentConfig (array)
  • undef
    if the call is unsuccessful or no agent configuration objects exist
GetAllAgentGroups Method Retrieves List of All Agent Group Objects
The GetAllAgentGroups method retrieves a list of all agent group objects.
Syntax
The GetAllAgentGroups method has the following format:
Netegrity::PolicyMgtSession->GetAllAgentGroups()
Parameters
The GetAllAgentGroups method accepts no parameters.
Return Value
The GetAllAgentGroups method returns one of the following values:
  • PolicyMgtGroup (array)
  • undef
    if the call is unsuccessful
GetAllAgents Method Retrieves List of All Agents
The GetAllAgents method retrieves a list of all agents configured on the Policy Server.
Syntax
The GetAllAgents method has the following format:
Netegrity::PolicyMgtSession->GetAllAgents()
Parameters
The GetAllAgents method accepts no parameters.
Return Value
The GetAllAgents method returns one of the following values:
  • PolicyMgtAgent (array)
  • undef
    if the call is unsuccessful or no agents exist
GetAllAuthAzMaps Method Retrieves List of All AuthAz Maps
The GetAllAuthAzMaps method retrieves a list of all authentication and authorization maps.
Syntax
The GetAllAuthAzMaps method has the following format:
Netegrity::PolicyMgtSession->GetAllAuthAzMaps()
Parameters
The GetAllAuthAzMaps method accepts no parameters.
Return Value
The GetAllAuthAzMaps method returns one of the following values:
  • PolicyMgtAuthAzMap (array)
  • undef
    if the call is unsuccessful or no authentication and authorization maps exist
GetAllAuthSchemes Method Retrieves List of Authentication Schemes
The GetAllAuthSchemes method retrieves a list of all authentication schemes on the Policy Server.
Syntax
The GetAllAuthSchemes method has the following format:
Netegrity::PolicyMgtSession->GetAllAuthSchemes([showTemplates])
Parameters
The GetAllAuthSchemes method accepts the following parameter:
  1. showTemplates
    (int)
    (Optional) Specifies whether to include template schemes in the list of authentication schemes.
    • value = 0
      Specifies not including template schemes in the list of authentication schemes.
    • value = 1
      Specifies including template schemes in the list of authentication schemes.
Return Value
The GetAllAuthSchemes method returns one of the following values:
  • PolicyMgtAuthScheme (array)
  • undef
    if the call is unsuccessful or no authentication schemes exist
GetAllCertMaps Method Retrieves List of Certificate Mapping Objects
The GetAllCertMaps method retrieves a list of all certificate mapping objects.
Syntax
The GetAllCertMaps method has the following format:
Netegrity::PolicyMgtSession->GetAllCertMaps()
Parameters
The GetAllCertMaps method accepts no parameters.
Return Value
The GetAllCertMaps method returns one of the following values:
  • PolicyMgtCertMap (array)
  • undef
    if the call is unsuccessful or no certificate mapping objects exist
GetAllDomains Method Retrieves List of All Domains
The GetAllDomains method retrieves a list of all domains configured on the Policy Server.
Syntax
The GetAllDomains method has the following format:
Netegrity::PolicyMgtSession->GetAllDomains()
Parameters
The GetAllDomains method accepts no parameters.
Return Value
The GetAllDomains method returns one of the following values:
  • PolicyMgtDomain (array)
  • undef
    if the call is unsuccessful or no domains exist
GetAllGlobalPolicies Method Retrieves List of Global Policy Objects
The GetAllGlobalPolicies method retrieves a list of all global policy objects.
Syntax
The GetAllGlobalPolicies method has the following format:
Netegrity::GetAllGlobalPolicies()
Parameters
The GetAllGlobalPolicies method accepts no parameters.
Return Value
The GetAllGlobalPolicies method returns one of the following values:
  • PolicyMgtPolicy (array)
  • undef
    if the call is unsuccessful
GetAllGlobalResponses Method Retrieves List of All Global Response Objects
The GetAllGlobalResponses method retrieves a list of all global response objects.
Syntax
The GetAllGlobalResponses method has the following format:
Netegrity::PolicyMgtSession->GetAllGlobalResponses()
Parameters
The GetAllGlobalResponses method accepts no parameters.
Return Value
The GetAllGlobalResponses method returns one of the following values:
  • PolicyMgtResponse (array)
  • undef
    if the call is unsuccessful
GetAllGlobalRules Method Retrieves List of All Global Rule Objects
The GetAllGlobalRules method retrieves a list of all global rule objects.
Syntax
The GetAllGlobalRules method has the following format:
Netegrity::PolicyMgtSession->GetAllGlobalRules()
Parameters
The GetAllGlobalRules method accepts no parameters.
Return Value
The GetAllGlobalRules method returns one of the following values:
  • PolicyMgtRule (array)
  • undef
    if the call is unsuccessful
GetAllHostConfigs Method Retrieves List of All Host Configuration Objects
The GetAllHostConfigs method retrieves a list of all host configuration objects.
Syntax
The GetAllHostConfigs method has the following format:
Netegrity::PolicyMgtSession->GetAllHostConfigs()
Parameters
The GetAllHostConfigs method accepts no parameters.
Return Value
The GetAllHostConfigs method returns one of the following values:
  • PolicyMgtHostConfig (array)
  • undef
    if the call is unsuccessful or no host configuration objects exist
GetAllODBCQuerySchemes Method Retrieves List of All ODBC Query Schemes
The GetAllODBCQuerySchemes method retrieves a list of all ODBC query schemes on the Policy Server.
Syntax
The GetAllODBCQuerySchemes method has the following format:
Netegrity::PolicyMgtSession->GetAllODBCQuerySchemes()
Parameters
The GetAllODBCQuerySchemes method accepts no parameters.
Return Value
The GetAllODBCQuerySchemes method returns one of the following values:
  • PolicyMgtODBCQueryScheme (array)
  • undef
    if the call is unsuccessful or no ODBC query schemes exist
GetAllPwdPolicies Method Retrieves List of All Password Policies
The GetAllPwdPolicies method retrieves a list of all configured password policies.
Syntax
The GetAllPwdPolicies method has the following format:
Netegrity::PolicyMgtSession->GetAllPwdPolicies()
Parameters
The GetAllPwdPolicies method accepts no parameters.
Return Value
The GetAllPwdPolicies method returns one of the following values:
  • PolicyMgtPwdPolicy (array)
  • undef
    if the call is unsuccessful or no password policies exist
GetAllRegSchemes Method Retrieves List of All Registration Schemes
The GetAllRegSchemes method retrieves a list of all registration schemes configured on the Policy Server.
Syntax
The GetAllRegSchemes method has the following format:
Netegrity::PolicyMgtSession->GetAllRegSchemes()
Parameters
The GetAllRegSchemes method accepts no parameters.
Return Value
The GetAllRegSchemes method returns one of the following values:
  • PolicyMgtRegScheme (array)
  • undef
    if the call is unsuccessful or no registration schemes exist
GetAllSAMLAffiliations Method Retrieves List of All SAML 2.0 Affiliations
The GetAllSAMLAffiliations method retrieves a list of all SAML 2.0 affiliations.
Syntax
The GetAllSAMLAffiliations method has the following format:
Netegrity::PolicyMgtSession->GetAllSAMLAffiliations()
Parameters
The GetAllSAMLAffiliations method accepts no parameters.
Return Value
The GetAllSAMLAffiliations method returns one of the following values:
  • PolicyMgtSAMLAffiliation (array)
  • undef
    if the call is unsuccessful
GetAllSAMLSchemeAttributes Method Retrieves List of All Requester Attributes
The GetAllSAMLSchemeAttributes method retrieves a list of all defined SAML 2.0 Requester attributes.
Syntax
The GetAllSAMLSchemeAttributes method has the following format:
Netegrity::PolicyMgtSession->GetAllSAMLSchemeAttributes(scheme)
Parameters
The GetAllSAMLSchemeAttributes method accepts the following parameter:
  1. scheme
    (PolicyMgtAuthScheme object)
    Specifies the SAML 2.0 authentication scheme object.
Return Value
The GetAllSAMLSchemeAttributes method returns one of the following values:
  • PolicyMgtSAMLRequesterAttr (array)
  • undef
    if the call is unsuccessful
GetAllTrustedHosts Method Retrieves List of All Trusted Host Objects
The GetAllTrustedHosts method retrieves a list of all trusted host objects.
Syntax
The GetAllTrustedHosts method has the following format:
Netegrity::PolicyMgtSession->GetAllTrustedHosts()
Parameters
The GetAllTrustedHosts method accepts no parameters.
Return Value
The GetAllTrustedHosts method returns one of the following values:
  • PolicyMgtTrustedHost (array)
  • undef
    if the call is unsuccessful or no trusted host objects exist
GetAllUserDirs Method Retrieves List of All User Directories
The GetAllUserDirs method retrieves a list of all user directories associated with the Policy Server.
Syntax
The GetAllUserDirs method has the following format:
Netegrity::PolicyMgtSession->GetAllUserDirs()
Parameters
The GetAllUserDirs method accepts no parameters.
Return Value
The GetAllUserDirs method returns one of the following values:
  • PolicyMgtUserDir (array)
  • undef
    if the call is unsuccessful or no user directories exist
GetAllVariableTypes Method Retrieves List of All Variable Type Objects
The GetAllVariableTypes method retrieves a list of all variable type objects configured on the Policy Server.
Syntax
The GetAllVariableTypes method has the following format:
Netegrity::PolicyMgtSession->GetAllVariableTypes()
Parameters
The GetAllVariableTypes method accepts no parameters.
Return Value
The GetAllVariableTypes method returns one of the following values:
  • PolicyMgtVariableType (array)
  • undef
    if the call is unsuccessful or no variable type objects exist
GetAuthScheme Method Retrieves Authentication Scheme Object
The GetAuthScheme method retrieves the specified authentication scheme object. Existing authentication schemes are specified by name. To create a new authentication scheme, use this method to retrieve the type of authentication scheme object or template upon which you want the new scheme to be based. Then, pass the resulting object to the PolicyMgtSession>CreateAuthScheme method in the
schemeTemplate
parameter. For information about creating a SAML 2.0 authentication scheme, see the method PolicyMgtSession>CreateSAMLAuthScheme.
Syntax
The GetAuthScheme method has the following format:
Netegrity::PolicyMgtSession->GetAuthScheme(schemeName)
Parameters
The GetAuthScheme method accepts the following parameter:
  1. schemeName
    (string)
    Specifies one of the following:
    • The name of an existing authentication scheme.
    • The type of authentication scheme that you want to create:
      • Anonymous Template
      • Basic over SSL Template
      • Basic Template
      • Custom Template
      • HTML Form Template
      • Impersonation Template
      • RADIUS CHAP/PAP Template
      • RADIUS Server Template
      • SafeWord HTML Form Template
      • SafeWord Template
      • SAML Artifact Template
      • SAML POST Template
      • SAML 2.0 Template
      • SecurID HTML Form Template
      • SecurID Template
      • Windows Authentication Template
      • X509 Client Cert and Basic Template
      • X509 Client Cert and Form Template
      • X509 Client Cert or Basic Template
      • X509 Client Cert or Form Template
      • X509 Client Cert Template
Return Value
The GetAuthScheme method returns one of the following values:
  • PolicyMgtAuthScheme (object)
  • undef
    if the call is unsuccessful or the specified authentication scheme does not exist
GetCertMap Method Retrieves Certificate Mapping Object
The GetCertMap method retrieves the certificate mapping object specified by the certificate issuer's DN.
Syntax
The GetCertMap method has the following format:
Netegrity::PolicyMgtSession->GetCertMap(issuerDN)
Parameters
The GetCertMap method accepts the following parameter:
  1. issuerDN
    (string)
    Specifies the certificate issuer's DN.
Return Value
The GetCertMap method returns one of the following values:
  • PolicyMgtCertMap (object)
  • undef
    if the call is unsuccessful or the certificate issuer's DN does not exist
GetDomain Method Retrieves Domain Object
The GetDomain method retrieves the specified policy domain object.
Syntax
The GetDomain method has the following format:
Netegrity::PolicyMgtSession->GetDomain(domName)
Parameters
The GetDomain method accepts the following parameter:
  1. domName
    (string)
    Specifies the name of the domain to retrieve.
Return Value
The GetDomain method returns one of the following values:
  • PolicyMgtDomain (object)
  • undef
    if the call is unsuccessful or the specified domain does not exist
GetGlobalPolicy Method Retrieves Global Policy Object
The GetGlobalPolicy method retrieves the specified global policy object.
Syntax
The GetGlobalPolicy method has the following format:
Netegrity::PolicyMgtSession->GetGlobalPolicy(policyName)
Parameters
The GetGlobalPolicy method accepts the following parameter:
  1. policyName
    (string)
    Specifies the name of the global policy to retrieve.
Return Value
The GetGlobalPolicy method returns one of the following values:
  • PolicyMgtPolicy (object)
  • undef
    if the call is unsuccessful or the specified global policy does not exist
GetGlobalResponse Method Retrieves Global Response Object
The GetGlobalResponse method retrieves the specified global response object.
Syntax
The GetGlobalResponse method has the following format:
Netegrity::PolicyMgtSession->GetGlobalResponse(responseName)
Parameters
The GetGlobalResponse method accepts the following parameter:
  1. responseName
    (string)
    Specifies the name of the global response to retrieve.
Return Value
The GetGlobalResponse method returns one of the following values:
  • PolicyMgtResponse (object)
  • undef
    if the call is unsuccessful or the specified global response does not exist
GetGlobalRule Method Retrieves Global Rule Object
The GetGlobalRule method retrieves the specified global rule object.
Syntax
The GetGlobalRule method has the following format:
Netegrity::PolicyMgtSession->GetGlobalRule(ruleName)
Parameters
The GetGlobalRule method accepts the following parameter:
  1. ruleName
    (string)
    Specifies the name of the global rule to retrieve.
Return Value
The GetGlobalRule method returns one of the following values:
  • PolicyMgtRule (object)
  • undef
    if the call is unsuccessful or the specified global rule does not exist
GetHostConfig Method Retrieves Host Configuration Object
The GetHostConfig method retrieves the specified host configuration object.
Syntax
The GetHostConfig method has the following format:
Netegrity::PolicyMgtSession->GetHostConfig(hcName)
Parameters
The GetHostConfig method accepts the following parameter:
  1. hcName
    (string)
    Specifies the name of the host configuration object to retrieve.
Return Value
The GetHostConfig method returns one of the following values:
  • PolicyMgtHostConfig (object)
  • undef
    if the call is unsuccessful or the specified host configuration object does not exist
GetODBCQueryScheme Method Retrieves ODBC Query Scheme Object
The GetODBCQueryScheme method retrieves the specified ODBC query scheme object.
Syntax
The GetODBCQueryScheme method has the following format:
Netegrity::PolicyMgtSession->GetODBCQueryScheme(schemeName)
Parameters
The GetODBCQueryScheme method accepts the following parameter:
  1. schemeName
    (string)
    Specifies the ODBC query scheme to retrieve.
Return Value
The GetODBCQueryScheme method returns one of the following values:
  • PolicyMgtODBCQueryScheme (object)
  • undef
    if the call is unsuccessful or the specified ODBC query scheme does not exist
GetPwdPolicy Method Retrieves Password Policy Object
The GetPwdPolicy method retrieves the specified password policy object.
Syntax
The GetPwdPolicy method has the following format:
Netegrity::PolicyMgtSession->GetPwdPolicy(pwdPolicyName)
Parameters
The GetPwdPolicy method accepts the following parameter:
  1. pwdPolicyName
    (string)
    Specifies the name of the password policy to retrieve.
Return Value
The GetPwdPolicy method returns one of the following values:
  • PolicyMgtPwdPolicy (object)
  • undef
    if the call is unsuccessful or the specified password policy does not exist
GetRegScheme Method Retrieves Registration Scheme Object
The GetRegScheme method retrieves the specified registration scheme object.
Syntax
The GetRegScheme method has the following format:
Netegrity::PolicyMgtSession->GetRegScheme(schemeName)
Parameters
The GetRegScheme method accepts the following parameter:
  1. schemeName
    (string)
    Specifies the name of the registration scheme to retrieve.
Return Value
The GetRegScheme method returns one of the following values:
  • PolicyMgtRegScheme (object)
  • undef
    if the call is unsuccessful or the specified registration scheme does not exist
GetSAMLAffiliation Method Retrieves SAML 2.0 Affiliation Object
The GetSAMLAffiliation method retrieves the specified SAML 2.0 affiliation object.
Syntax
The GetSAMLAffiliation method has the following format:
Netegrity::PolicyMgtSession->GetSAMLAffiliation(affilName)
Parameters
The GetSAMLAffiliation method accepts the following parameter:
  1. affilName
    (string)
    Specifies the name or OID of the SAML affiliation to retrieve.
    Note:
    When an OID is specified, it can be prefixed with the "@" character.
Return Value
The GetSAMLAffiliation method returns one of the following values:
  • PolicyMgtSAMLAffiliation (object)
  • undef
    if the call is unsuccessful or the specified SAML affiliation does not exist
GetSAMLAffiliationById Method Retrieves SAML 2.0 Affiliation Object by ID
The GetSAMLAffiliationById method retrieves the SAML 2.0 affiliation object specified by the affiliation ID passed to the method.
Syntax
The GetSAMLAffiliationById method has the following format:
Netegrity::PolicyMgtSession->GetSAMLAffiliationById(affilID)
Parameters
The GetSAMLAffiliationById method accepts the following parameter:
  1. affilID
    (string)
    Specifies the affiliation ID of the SAML affiliation to retrieve.
Return Value
The GetSAMLAffiliationById method returns one of the following values:
  • PolicyMgtSAMLAffiliation (object)
  • undef
    if the call is unsuccessful or the specified SAML affiliation does not exist.
GetSharedSecretPolicy Method Retrieves Shared Secret Policy Object
The GetSharedSecretPolicy method retrieves the specified shared secret rollover policy object. Because each policy store domain can have only one shared secret rollover policy, there is no need to pass the name of the policy to this method.
Syntax
The GetSharedSecretPolicy method has the following format:
Netegrity::PolicyMgtSession->GetSharedSecretPolicy()
Parameters
The GetSharedSecretPolicy method accepts no parameters.
Return Value
The GetSharedSecretPolicy method returns the following value:
  • PolicyMgtSharedSecretPolicy (object)
GetTrustedHost Method Retrieves Trusted Host Object
The GetTrustedHost method retrieves the specified trusted host object.
Syntax
The GetTrustedHost method has the following format:
Netegrity::PolicyMgtSession->GetTrustedHost(thName)
Parameters
The GetTrustedHost method accepts the following parameter:
  1. thName
    (string)
    Specifies the name of the trusted host to retrieve.
Return Value
The GetTrustedHost method returns one of the following values:
  • PolicyMgtTrustedHost (object)
  • undef
    if the call is unsuccessful or the specified trusted host does not exist
GetUserDir Method Retrieves User Directory Object
The GetUserDir method retrieves the specified user directory object.
Syntax
The GetUserDir method has the following format:
Netegrity::PolicyMgtSession->GetUserDir(dirName)
Parameters
The GetUserDir method accepts the following parameter:
  1. dirName
    (string)
    Specifies the name of the user directory to retrieve.
Return Value
The GetUserDir method returns one of the following values:
  • PolicyMgtUserDir (object)
  • undef
    if the call is unsuccessful or the specified user directory does not exist
GetVariableType Method Retrieves Variable Type Object
The GetVariableType method retrieves the specified variable type object. To create a new variable object of the specified type, pass the resulting variable type object to the CreateVariable method in the
varType
parameter.
Syntax
The GetVariableType method has the following format:
Netegrity::PolicyMgtSession->GetVariableType(varTypeName)
Parameters
The GetVariableType method accepts the following parameter:
  1. varTypeName
    (string)
    Specifies one of the following variable type names:
    • CA Single Sign-On
      Variable Types
      Post
      UserContext
      RequestContext
      Static
      WebService
    • TransactionMinder Variable Types
      XMLBody
      XMLAgent
      XMLEnvelopeHeader
      Transport
      SAMLAssertion
    Note:
    Variable type names are case-sensitive and must not contain spaces.
Return Value
The GetVariableType method returns one of the following values:
  • PolicyMgtVariableType (object)
  • undef
    if the call is unsuccessful
Remarks
You cannot create a TransactionMinder variable with the Command Line Interface. If you have TransactionMinder and the Option Pack installed, you can create TransactionMinder variables in the Administrative UI.
RemoveAttributeFromSAMLScheme Method Removes Attribute from SAML Scheme
The RemoveAttributeFromSAMLScheme method removes an attribute from a SAML 2.0 authentication scheme.
Syntax
The RemoveAttributeFromSAMLScheme method has the following format:
Netegrity::PolicyMgtSession->RemoveAttributeFromSAMLScheme(scheme, pSAMLRequesterAttr)
Parameters
The RemoveAttributeFromSAMLScheme method accepts the following parameters:
  1. scheme
    (PolicyMgtAuthScheme object)
    Specifies the SAML 2.0 authentication scheme from which to remove the attribute.
  2. pSAMLRequesterAttribute
    (string)
    Specifies the attribute to remove.
Return Value
The RemoveAttributeFromSAMLScheme method returns one of the following values:
  • value = 0
    Specifies that the method is successful.
  • value = -1
    Specifies that the method is unsuccessful.
SAMLAuthSchemeProperties Method Sets or Retrieves SAML Metadata Properties
The SAMLAuthSchemeProperties method sets or retrieves the SAML 2.0 metadata properties that reside in an existing SAML 2.0 authentication scheme. For a complete list of SAML 2.0 metadata properties, see the method PolicyMgtSession>CreateSAMLAuthScheme.
Syntax
The SAMLAuthSchemeProperties method has the following format:
Netegrity::PolicyMgtSession->SAMLAuthSchemeProperties(scheme, propsHash_ref)
Parameters
The SAMLAuthSchemeProperties method accepts the following parameters:
  1. scheme
    (PolicyMgtAuthScheme object)
    Specifies the authentication scheme whose metadata properties are set or retrieved.
  2. propsHash_ref
    (hash)
    Specifies a reference to a hashtable of metadata properties to set or retrieve.
Return Value
The SAMLAuthSchemeProperties method returns one of the following values:
  • value = 0
    Specifies that the method is successful.
  • value = -1
    Specifies that the method is unsuccessful.
Remarks
When the hashtable is empty, the SAMLAuthSchemeProperties method retrieves all metadata properties. You can define an empty hashtable as follows:
%myhash=();
Then, you can reference the empty hashtable as follows:
\%myhash
Finally, you can pass the hashtable reference to the SAMLAuthSchemeProperties method through the
propsHash_ref
parameter.
WSFEDAuthSchemeProperties Method Sets or Retrieves WS-Federation Properties
The WSFEDAuthSchemeProperties method sets or retrieves the WS-Federation metadata properties in an existing WS-Federation authentication scheme. For a complete list of WS-Federation metadata properties, see the method PolicyMgtSession>CreateWSFEDAuthScheme.
Syntax
The WSFEDAuthSchemeProperties method has the following format:
Netegrity::PolicyMgtSession->WSFEDAuthSchemeProperties(scheme, propsHash_ref)
Parameters
The WSFEDAuthSchemeProperties method accepts the following parameters:
  1. scheme
    (PolicyMgtAuthScheme object)
    Specifies the authentication scheme whose WS-Federation metadata properties are set or retrieved.
  2. propsHash_ref
    (hash)
    Specifies a reference to a hashtable of metadata properties to set or retrieve.
Return Value
The WSFEDAuthSchemeProperties method returns one of the following values:
  • value = 0
    Specifies that the method is successful.
  • value = -1
    Specifies that the method is unsuccessful.
Remarks
When the hashtable is empty, the WSFEDAuthSchemeProperties method retrieves all metadata properties. You can define an empty hashtable as follows:
%myhash=();
Then, you can reference the empty hashtable as follows:
\%myhash
Finally, you can pass the hashtable reference to the WSFEDAuthSchemeProperties method through the
propsHash_ref
parameter.