CLI Affiliate Domain Methods
This content describes the CLI affiliate domain methods.
casso127
This content describes the CLI affiliate domain methods.
AddAdmin Method Associates an Administrator with an Affiliate Domain
The AddAdmin method associates an administrator with an affiliate domain.
Syntax
The AddAdmin method has the following format:
Netegrity::PolicyMgtAffDomain->AddAdmin(admin)
Parameter
The AddAdmin method accepts the following parameter:
- admin(PolicyMgtAdmin)Specifies the administrator to associate with the affiliate domain.
Return Values
The AddAdmin method returns one of the following values:
0 on success
-1 on failure
AddUserDir Method Associates a User Directory with an Affiliate Domain
The AddUserDir method associates a user directory with an affiliate domain.
Syntax
The method has the following format:
Netegrity::PolicyMgtAffDomain->AddUserDir(userDir)
Parameter
The AddUserDir method accepts the following parameter:
- userDir(PolicyMgtUserDir)Specifies the user directory to associate with the affiliate domain.
Return Values
The AddUserDir method returns one of the following values:
0 on success
-1 on failure
CreateAffiliate Method Creates an Affiliate Object
The CreateAffiliate method creates and configures an affiliate object within an affiliate domain.
Syntax
The CreateAffiliate method has the following format:
Netegrity::PolicyMgtAffDomain->CreateAffiliate( affName, password, authURL, validityDuration, skewTime [, affDesc] [, allowNotification] [, audience] [, enableFlag] [, shareSessioning] [, sessionSyncInterval] [, SAMLVersion] [, SAMLProfile] [,ConsumerURL] )
Parameters
The CreateAffiliate method accepts the following parameters:
- affName(string)Specifies the name of the affiliate object. The name should be unique across all affiliate domains.
- password(string)Specifies the password that affiliates use to accessCA Single Sign-OnFederation Web Services.
- authURL(string)Specifies the URL used to authenticate affiliate users.
- validityDuration(long)Specifies the number of seconds that aCA Single Sign-On-generated SAML assertion is valid. If an affiliate receives the assertion after the specified time, the assertion is considered invalid.
- skewTime(long)Specifies the difference, in seconds, between the system clock time of the assertion producer site and the system clock time of the affiliate site. The skew time is added to validityDuration. Times are relative to GMT.
- affDesc(string)(Optional) Specifies the description of the affiliate.
- allowNotification(int)(Optional) Specifies whether to allow event notifications. Set to 1 to enable event notifications to be sent from the affiliate toCA Single Sign-Onon the assertion producer site. Set to 0 to disable the event notification service. Default is 0 (notifications disabled).
- audience(string)
(Optional) Specifies the URI of the document that describes the agreement between the assertion producer and the affiliate. This value is included in the SAML assertion passed to the affiliate and can be used for validation purposes. Also, the affiliate can parse the audience document to obtain relevant information. The audience value must match the Assertion Audience setting in the AffiliateConfig.xml configuration file for the SAML Affiliate Agent.
- enableFlag(int)(Optional) Specifies whether to enable the affiliate object. Set to 1 to enable the affiliate object, or 0 to disable it. Default is 1 (object is enabled).
- shareSessioning(int)(Optional) Specifies whether to share session information. Set to 1 to allow the assertion producer and the affiliate to share session information, or set to 0 to have the producer and affiliate maintain separate sessions. Default is 0 (separate sessions). With shared sessions, the sessions on both sites are terminated when the session on either site ends.
- sessionSyncInterval(long)(Optional) Specifies the frequency, in seconds, at which the affiliate contacts the producer site to validate the status of a shared session.
- SAMLVersion(long)(Optional) Specifies the SAML version. One of the following values:
- AFFILIATE_SAML_VER_1_0
- AFFILIATE_SAML_VER_1_1
Specifying a SAML version has effect only if the Policy Manager API's session version is at least v6.0 SP 1. - SAMLProfile(long)(Optional) Specifies the type of profile used to send and receive SAML assertions. Valid profiles:AFFILIATE_SAML_PROFILE_ARTIFACT. The SAML assertion is retrieved from a URL associated with the assertion producer. The URL is specified during configuration of the SAML Artifact authentication scheme.AFFILIATE_SAML_PROFILE_POST. The generated SAML assertion is POSTed to the URL specified in ConsumerURL.This profile is supported only if the Policy Management API's session version is at least v6.0 SP 2. If an earlier version is involved, the POST profile request is ignored, and an attempt is made to create an affiliate object based on the artifact profile.
- ConsumerURL(string)(Optional) Specifies the URL where the requesting user's browser must POST a generated assertion. The site associated with the URL validates the assertion and uses its contents to make access decisions.
Return Value
The CreateAffiliate method returns one of the following values:
PolicyMgtAffiliate object if successful
undef
if unsuccessfulRemarks
An affiliate object represents an affiliate site in a federated business network. Affiliate objects and affiliate domains are available through
CA Single Sign-On
eTrust CA Single Sign-On
FSS.CreateSAMLServiceProvider Method Creates a SAML Service Provider
The CreateSAMLServiceProvider method creates a SAML 2.0 Service Provider object. A Service Provider object contains information that an Identity Provider needs to produce assertions for the Service Provider. The properties you can set for a SAML 2.0 Service Provider object are listed following.
To modify the properties of an existing Service Provider, call the PolicyMgtSAMLServiceProvider->Property method.
Syntax
The CreateSAMLServiceProvider method has the following format:
Netegrity::PolicyMgtAffDomain->CreateSAMLServiceProvider(propsHash_ref)
Parameters
The CreateSAMLServiceProvider method accepts the following parameter:
- propsHash_ref(hash)Specifies a reference to a hashtable of metadata properties to define for the SAML 2.0 Service Provider (for example: \%myhash).
Return Values
The CreateSAMLServiceProvider method returns one of the following values:
- A PolicyMgtSAMLServiceProvider object on success
- undefon failure
Remarks
You can define the following properties for a SAML 2.0 Service Provider:
General Properties
SAML_NAME
- SAML_DESCRIPTION
- SAML_SP_AUTHENTICATION_URL
- SAML_ENABLED
- SAML_SP_DOMAIN
- SAML_KEY_SPID
- SAML_SP_IDPID
- SAML_MAJOR_VERSION
- SAML_MINOR_VERSION
- SAML_SKEWTIME
- SAML_DISABLE_SIGNATURE_PROCESSING
- SAML_DSIG_VERINFO_ISSUER_DN
- SAML_DSIG_VERINFO_SERIAL_NUMBERSAML_KEY_SPID
Name ID Properties
SAML_SP_NAMEID_FORMAT
- SAML_SP_NAMEID_TYPE
- SAML_SP_NAMEID_STATIC
- SAML_SP_NAMEID_ATTRNAME
- SAML_SP_NAMEID_DNSPEC
- SAML_AFFILIATION
SSO Properties
SAML_AUDIENCE
- SAML_SP_ASSERTION_CONSUMER_DEFAULT_URL
- SAML_ENABLE_SSO_ARTIFACT_BINDING
- SAML_SP_ARTIFACT_ENCODING
- SAML_SP_IDP_SOURCEID
- SAML_SP_PASSWORD
- SAML_ENABLE_SSO_POST_BINDING
- SAML_SSOECPPROFILE
- SAML_SP_REQUIRE_SIGNED_AUTHNREQUESTS
- SAML_SP_AUTHENTICATION_LEVEL
- SAML_SP_AUTHN_CONTEXT_CLASS_REF
- SAML_SP_VALIDITY_DURATION
- SAML_SP_STARTTIME
- SAML_SP_ENDTIME
SLO Properties
SAML_SLO_REDIRECT_BINDING
- SAML_SLO_SERVICE_VALIDITY_DURATION
- SAML_SLO_SERVICE_URL
- SAML_SLO_SERVICE_RESPONSE_URL
- SAML_SLO_SERVICE_CONFIRM_URL
IPD Properties
SAML_SP_ENABLE_IPD
- SAML_SP_IPD_SERVICE_URL
- SAML_SP_COMMON_DOMAIN
- SAML_SP_PERSISTENT_COOKIE
Attribute Service Properties
SAML_SP_ATTRSVC_ENABLE
- SAML_SP_ATTRSVC_VALIDITY_DURATION
- SAML_SP_ATTRSVC_SIGN_ASSERTION
- SAML_SP_ATTRSVC_LDAP_SEARCH_SPEC
- SAML_SP_ATTRSVC_ODBC_SEARCH_SPEC
- SAML_SP_ATTRSVC_WINNT_SEARCH_SPEC
- SAML_SP_ATTRSVC_CUSTOM_SEARCH_SPEC
- SAML_SP_ATTRSVC_AD_SEARCH_SPEC
Encryption Properties
SAML_SP_ENCRYPT_ID
- SAML_SP_ENCRYPT_ASSERTION
- SAML_SP_ENCRYPT_BLOCK_ALGO
- SAML_SP_ENCRYPT_KEY_ALGO
- SAML_SP_ENCRYPT_CERT_ISSUER_DN
- SAML_SP_ENCRYPT_CERT_SERIAL_NUMBER
Advanced Properties
SAML_SP_PLUGIN_CLASS
- SAML_SP_PLUGIN_PARAMS
CreateWSFEDResourcePartner Method Creates a WS-Federation Resource Partner
The CreateWSFEDResourcePartner method creates a WS-Federation Resource Partner for the affiliate domain.
Syntax
The CreateWSFEDResourcePartner method has the following format:
Netegrity::PolicyMgtAffDomain->CreateWSFEDResourcePartner(propsHash_ref)
Parameters
The CreateWSFEDResourcePartner method accepts the following parameters:
- propsHash_ref(hash)Specifies a reference to a hashtable of metadata properties to define for theWS-Federation Resource Partner, (for example, C<\%myhash>|"hashref".
Return Value
The CreateWSFEDResourcePartner method returns one of the following values:
- A PolicyMgtWSFEDResourcePartner object on success
- undefon failure
Remarks
You can define the following properties for a Resource Partner:
General Properties
WSFED_NAME
- WSFED_DESCRIPTION
- WSFED_MAJOR_VERSION
- WSFED_MINOR_VERSION
- WSFED_SAML_MAJOR_VERSION
- WSFED_KEY_RPID
- WSFED_APID
- WSFED_SAML_MINOR_VERSION
- WSFED_RP_DOMAIN
- WSFED_ENABLED
- WSFED_RP_AUTHENTICATION_URL
- WSFED_KEY_RPID
- WSFED_APID
NameID Properties
WSFED_RP_NAMEID_FORMAT
- WSFED_RP_NAMEID_TYPE
- WSFED_RP_NAMEID_STATIC
- WSFED_RP_NAMEID_ATTR_NAME
- WSFED_RP_NAMEID_DN_SPEC
- WSFED_RP_NAMEID_ALLOWED_NESTED
SSO Properties
WSFED_RP_AUTHENTICATION_METHOD
- WSFED_RP_VALIDITY_DURATION
- WSFED_RP_ASSERTION_CONSUMER_DEFAULT_URL
- WSFED_RP_AUTHENTICATION_LEVEL
- WSFED_RP_STARTTIME
- WSFED_RP_ENDTIME
Signout Properties
WSFED_RP_SLO_ENABLED
- WSFED_RP_SIGNOUT_CLEANUP_URL
- WSFED_RP_SIGNOUT_CONFIRM_URL
Advanced Properties
WSFED_RP_PLUGIN_CLASS
- WSFED_RP_PLUGIN_PARAMS
DeleteAffiliate Method Deletes an Affiliate from a Domain
The DeleteAffiliate method deletes the specified affiliate object from the affiliate domain.
Syntax
The DeleteAffiliate method has the following format:
Netegrity::PolicyMgtAffDomain->DeleteAffiliate(aff)
Parameters
The DeleteAffiliate method accepts the following parameters:
- aff(PolicyMgtAffiliate)Specifies the affiliate object to delete.
Return Value
The DeleteAffiliate method returns one of the following values:
- 0 on success, or if the affiliate domain was not found
- -1 on failure
DeleteSAMLServiceProvider Method Deletes a SAML Service Provider
The DeleteSAMLServiceProvider method deletes the specified SAML 2.0 Service Provider.
Syntax
The method has the following format:
Netegrity::PolicyMgtAffDomain->DeleteSAMLServiceProvider(sp)
Parameters
The DeleteSAMLServiceProvider method accepts the following parameters:
- sp(PolicyMgtSAMLServiceProvider)Specifies the Service Provider to delete.
Return Value
The DeleteSAMLServiceProvider method returns the one of the following values:
- 0 on success, or if the Service Provider was not found
- -1 on failure
DeleteWSFEDResourcePartner Method Deletes a Resource Partner
The DeleteWSFEDResourcePartner method deletes a resource partner.
Syntax
The DeleteWSFEDResourcePartner method has the following format:
Netegrity::PolicyMgtAffDomain->DeleteWSFEDResourcePartner(rp)
Parameters
The DeleteWSFEDResourcePartner method accepts the following parameter:
- rp(PolicyMgtWSFEDResourcePartner object)Specifies the resource partner to delete.
Return Value
The DeleteWSFEDResourcePartner method returns one of the following values:
- value = 0Specifies that the method is successful.
- value = -1Specifies that the method is unsuccessful.
Description Method Retrieves or Sets a Description
The Description method sets or retrieves the description of the affiliate domain.
Syntax
The Description method has the following format:
Netegrity::PolicyMgtAffDomain->Description([domainDesc])
Parameters
The Description method accepts the following parameters:
- domainDesc(string)(Optional) Specifies the description to set.
Return Value
The Description method returns one of the following values:
- A new or existing description of the affiliate domain on success
- undefon failure
GetAffiliate Method Retrieves an Affiliate Object
The GetAffiliate method retrieves the specified affiliate object.
Syntax
The GetAffiliate method has the following format:
Netegrity::PolicyMgtAffDomain->GetAffiliate(affName)
Parameters
The GetAffiliate method accepts the following parameters:
- affName(string)Specifies the name of the affiliate object to retrieve.
Return Value
The GetAffiliate method returns one of the following objects:
- A PolicyMgtAffiliate object on success
- undefif the specified affiliate object does not exist, or if the call fails
GetAllAdmins Method Retrieves all Administrators
The GetAllAdmins method retrieves all administrators associated with the affiliate domain.
Syntax
The GetAllAdmins method has the following format:
Netegrity::PolicyMgtAffDomain->GetAllAdmins() [(returnCode)]
Parameters
The GetAllAdmins method accepts the following parameter.
- (Optional)returnCode(int)Output variable that is populated on return of the function call. The value populated is 0 if the call is a success. If the call fails, the value populated is a negative number that corresponds with the Policy Management API error code.
Return Value
The GetAllAdmins method returns one or more of the following values:
- An array of PolicyMgtAdmin objects
GetAllAffiliates Method Retrieves All Affiliates in a Domain
The GetAllAffiliates method retrieves all affiliate objects associated with the affiliate domain.
Syntax
The GetAllAffiliates method has the following format:
Netegrity::PolicyMgtAffDomain->GetAllAffiliates( ) [(returnCode)]
Parameters
The GetAllAffiliates method accepts the following parameter:
- (Optional)returnCode(int)Output variable that is populated on return of the function call. The value populated is 0 if the call is a success. If the call fails, the value populated is a negative number that corresponds with the Policy Management API error code.
Return Value
The GetAllAffiliates method returns the following value:
- An array of PolicyMgtAffiliate objects on success
GetAllSAMLServiceProviders Method Retrieves all Service Providers associated with the Affiliate Domaine
The GetAllSAMLServiceProviders method retrieves all the SAML 2.0 Service Providers associated with the affiliate domain.
Syntax
The GetAllSAMLServiceProviders method has the following format:
Netegrity::PolicyMgtAffDomain->GetAllSAMLServiceProviders( ) [(returnCode)]
Parameters
The GetAllSAMLServiceProviders method accepts the following parameter:
- (Optional)returnCode(int)Output variable that is populated on return of the function call. The value populated is 0 if the call is a success. If the call fails, the value populated is a negative number that corresponds with the Policy Management API error code.
Return Value
The GetAllSAMLServiceProviders method returns the following value:
- An array of PolicyMgtSAMLServiceProvider objects
GetAllWSFEDResourcePartners Method Retrieves all WSFED Resource Partners
The GetAllWSFEDResourcePartners method retrieves all Resource Partners associated with the domain.
Syntax
The GetAllWSFEDResourcePartners method has the following format:
Netegrity::PolicyMgtAffDomain->GetAllWSFEDResourcePartners( ) [(returnCode)]
Parameters
The GetAllWSFEDResourcePartners method accepts the following parameter.
- (Optional)returnCode(int)Output variable that is populated on return of the function call. The value populated is 0 if the call is a success. If the call fails, the value populated is a negative number that corresponds with the Policy Management API error code.
Return Value
The GetAllWSFEDResourcePartners method returns the following value:
- An array of PolicyMgtWSFEDResourcePartner objects on success
GetSAMLServiceProvider Method Retrieves a Specified Service Provider
The GetSAMLServiceProvider method retrieves the specified SAML 2.0 Service Provider.
Syntax
The GetSAMLServiceProvider method has the following format:
Netegrity::PolicyMgtAffDomain->GetSAMLServiceProvider(spName)
Parameters
The GetSAMLServiceProvider method accepts the following parameter:
- spName(string)Specifies the name of the Service Provider to retrieve.
Return Value
The GetSAMLServiceProvider method returns one of the following values:
- A PolicyMgtSAMLServiceProvider object on success
- undef if the specified Service Provider does not exist, or if the call is unsuccessful
GetSAMLServiceProviderByID Method Retrieves a Specified Service Provider
The GetSAMLServiceProviderById method retrieves the specified SAML 2.0 Service Provider by its provider ID.
Syntax
The GetSAMLServiceProviderById method has the following format:
Netegrity::PolicyMgtAffDomain->GetSAMLServiceProviderById(spID)
Parameters
The GetSAMLServiceProviderById method accepts the following parameter:
- spID(string)Specifies the provider ID of the Service Provider to retrieve.
Return Value
The GetSAMLServiceProviderById method returns one of the following values:
- A PolicyMgtSAMLServiceProvider object on success
- undefif the specified Service Provider does not exist, or if the call is unsuccessful
GetUserDirSearchOrder Method Retrieves Search Order of a User Directory
The GetUserDirSearchOrder method retrieves user directory objects associated with the affiliate domain. The order of the returned objects is the same order
CA Single Sign-On
uses when querying the directories.Syntax
The GetUserDirSearchOrder method has the following format:
Netegrity::PolicyMgtAffDomain->GetUserDirSearchOrder( )
Parameters
The GetUserDirSearchOrder method accepts the following parameter:
- (Optional)returnCode(int)Output variable that is populated on return of the function call. The value populated is 0 if the call is a success. If the call fails, the value populated is a negative number that corresponds with the Policy Management API error code.
Return Value
The GetUserDirSearchOrder method returns the following value:
- An array of PolicyMgtUserDir objects on success
GetWSFEDResourcePartner Method Retrieves Resource Partner
The GetWSFEDResourcePartner method retrieves the specified WS-Federation Resource Partner associated with the domain.
Syntax
The GetWSFEDResourcePartner method has the following format:
Netegrity::PolicyMgtAffDomain->GetWSFEDResourcePartner(rpName)
Parameters
The GetWSFEDResourcePartner method accepts the following parameters:
- rpName(string)Specifies the name of the Resource Partner to retrieve.
Return Value
The GetWSFEDResourcePartner method returns the following value:
- A PolicyMgtWSFEDResourcePartner object on success
- undefif the specified Resource Partner does not exist, or if the call is unsuccessful
GetWSFEDResourcePartnerById Method Retrieves Resource Partner by ID
The GetWSFEDResourcePartnerById method retrieves the specified Resource Partner by its Provider ID.
Syntax
The GetWSFEDResourcePartnerById method has the following format:
Netegrity::PolicyMgtAffDomain->GetWSFEDResourcePartnerById( rpID )
Parameters
The GetWSFEDResourcePartnerById method accepts the following parameters:
- rpID(string)Specifies the ID of the Resource Partner to retrieve.
Return Value
The GetWSFEDResourcePartnerById method returns the following value:
- A PolicyMgtWSFEDResourcePartner object
- undefif the specified Resource Partner does not exist, or if the call is unsuccessful
Name Method Sets or Retrieves Affiliate Domain Name
The Name method sets or retrieves the name of the affiliate domain.
Syntax
The Name method has the following format:
Netegrity::PolicyMgtAffDomain->Name( [domainName] )
Parameters
The Name method accepts the following parameter:
- domainName(string)(Optional) Specifies the name to set.
Return Value
The Name method returns one of the following values:
- New or existing affiliate domain name
- undefif the call was unsuccessful
RemoveAdmin Method Dissasocciates an Administrator from an Affiliate Domain
The RemoveAdmin method disassociates the specified administrator from the affiliate domain.
Syntax
The RemoveAdmin method has the following format:
Netegrity::PolicyMgtAffDomain->RemoveAdmin( admin )
Parameters
The RemoveAdmin method accepts the following parameter:
- admin(PolicyMgtAdmin)Specifies the administrator to remove from the affiliate domain.
Return Value
The RemoveAdmin method returns one of the following values:
- 0 on success
- -1 on failure
RemoveUserDir Method Disassociates a User Directory from an Affiliate Domain
The RemoveUserDir method disassociates the user directory from the affiliate domain.
Syntax
The RemoveUserDir method has the following format:
Netegrity::PolicyMgtAffDomain->RemoveUserDir( userDir )
Parameters
The RemoveUserDir method accepts the following parameter:
- userDir(PolicyMgtUserDir)Specifies the user directory to disassociate from the affiliate domain.
Return Value
The RemoveUserDir method returns one of the following values:
- 0 on success
- -1 on failure
SetUserDirSearchOrder Method Sets the Order for Searching Directory Objects
The SetUserDirSearchOrder method rearranges the search order of the user directory objects associated with the affiliate domain.
Syntax
The SetUserDirSearchOrder method has the following format:
Netegrity::PolicyMgtAffDomain->SetUserDirSearchOrder( dirArray )
Parameters
The SetUserDirSearchOrder method accepts the following parameter:
- dirArray(PolicyMgtUserDir)Specifies a reference to an array of user directory objects (for example: \@myarray).
Return Value
The SetUserDirSearchOrder method returns the following value:
- Array of (PolicyMgtUserDir) objects on success
- undefif unsuccessful