Sm_PolicyApi_ResponseAttr_t

Contents
casso126
Contents
Defines a
CA Single Sign-On
Response attribute object.
Syntax
typedef struct Sm_PolicyApi_ResponseAttr_s
{
int iStructId;
char pszOid[BFSIZE];
char pszAgentTypeAttrOid [BFSIZE];/* Required */
char pszValue[BFSIZE];
int iTTL;/* Required */
int iFlags;
struct Sm_PolicyApi_ResponseAttr_s* next;
char pszActiveExpr[BFSIZE];
Sm_PolicyApi_Oid_t* pVariableList;
} Sm_PolicyApi_ResponseAttr_t;
Field
Description
iStructId
Response Attribute data structure ID, defined in Sm_PolicyApi_Structs_t.
pszOid
The object identifier of the Response Attribute object.
pszAgentTypeAttrOid
The object identifier of the agent type attribute.
pszValue
A response attribute type, as described in Response Attribute Types.
iTTL
Amount of time (in seconds) that can elapse before the value of the response attribute is recalculated.
iFlags
Reserved.
next
Pointer to the next Response Attribute structure.
pszActiveExpr
Active expression associated with the response attribute. For information, see the bullet "Active Response" in the section Response Attribute Types.
pVariableList
Linked list of variable OIDs used by the active expression.
Response Attribute Types
The field
pszValue
contains one of the following response attribute types:
The non-alphanumeric characters in the formats below are required characters.
  • Static
    . A string that is part of a
    CA Single Sign-On
    response. The string has the following format:
    variable-name=variable-value
    In the format example:
    • variable-name
      is the name for the name/value pair that this response attribute will return to the Web Agent.
    • variable-value
      is the static text that will be returned as the second half of the name/value pair.
  • User Attribute
    . A string containing profile information from a user's entry in a user directory. The string has the following format:
    User-Attr-variable-name=<%userattr="user-attr-name"%>
    In the format example:
    • User-Attr-variable-name
      is the name for the name/value pair that this response attribute will return to the Web Agent.
    • user-attr-name
      is a user attribute that can be retrieved from an LDAP, WinNT, or ODBC user directory.
  • DN Attribute
    . A string containing profile information from a directory object in an LDAP or ODBC user directory. The string has the following format:
    DN-Variable-Name=<#dn="DN-Spec" attr="DN-Attribute-Name"#>
    In the format example:
    • DN-Variable-Name
      is the name for the name/value pair that this response attribute will return to the Web Agent.
    • DN-Spec
      is the distinguished name of the user group from which you want to retrieve the user attribute.
    • DN-Attribute-Name
      is an attribute associated with an LDAP or ODBC directory object to which the user is related, such as a group or an organizational unit (OU).
  • Active Response
    . An active expression associated with the Response Attribute. The expression is a string of variable definitions in the following format:
    Name=<@lib="LibName" func="FuncName" param="Param"@>
    In the format example:
    • Name
      is the name of the variable (with WebAgent-HTTP-Header-Variable response attributes) or cookie (with WebAgent-HTTP-Cookie-Variable response attributes) associated with the name/value pairs in the active expression.
    • LibName
      is the name of the shared library that supports the Active Response.
    • FuncName
      is the name of the actual function in the shared library that implements the Active Response.
    • Param
      is an optional list of parameters to be passed to the function in the shared library.
    Note:
    For information about configuring active expressions in responses, rules, or policies, see
    Policy Design
    .