CLI SAML 2.0 Service Provider Methods
This content describes the CLI SAML 2.0 Service Provider methods.
casso127
This content describes the CLI SAML 2.0 Service Provider methods.
The following methods act on PolicyMgtSAMLServiceProvider objects:
- AddAssertionConsumerService Method—Adds an Assertion Consumer Service to a SAML Service Provider Object
- AddAttribute Method—Adds an Attribute to the SAML 2.0 Service Provider
- AddUser Method—Adds a User to the SAML Service Provider
- CreateIPConfigHostName Method—Creates an IP Configuration Object for the Service Provider
- CreateIPConfigRange—Creates an IP Configuration Object for the Service Provider
- CreateIPConfigSingleHost—Creates an IP Configuration Object for the Service Provider
- CreateIPConfigSubnetMask—Creates an IP Configuration Object for the Service Provider
- DeleteIPConfig—Deletes Specified IP Configuration Object
- GetAllAttributes Method—Retrieves All Attributes for SAML 2.0 Service Provider
- GetAllIPConfigs Method—Retrieves All IP Configuration Objects
- GetAllAssertionConsumerServices Method—Retrieves All Assertion Consumer Services
- GetAllUsers Method—Retrieves All Users
- Property Method—Sets or Retrieves Metadata Property
- RemoveAssertionConsumer Method—Removes Assertion Consumer Service
- RemoveAttribute Method—Removes Specified Attribute
- RemoveUser Method—Removes Specified User
- Save Method—Saves Changes Made to Metadata Properties
AddAssertionConsumerService Method Adds an Assertion Consumer Service to a SAML Service Provider Object
The AddAssertionConsumerService method adds an Assertion Consumer Service to a SAML Service Provider object.
Syntax
The AddAssertionConsumerService method has the following format:
Netegrity::PolicyMgtSAMLServiceProvider->AddAssertionConsumerService(index, protocolBinding, URL)
Parameters
The AddAssertionConsumerService method accepts the following parameters:
- index(int)Specifies the Assertion Consumer Service Indexed Endpoint index value.
- protocolBinding(string)Specifies the protocol binding of the Assertion Consumer Service, which is one of the following:
- SAMLSP_HTTP_Post
- SAMLSP_ACS_PROTOCOLBINDING_HTTP_Artifact
- URL(string)Specifies the URL of the Indexed Endpoint.
Return Value
The AddAssertionConsumerService method returns one of the following values:
- A PolicyMgtSAMLSPACS object
- undefif the call is unsuccessful
AddAttribute Method Adds an Attribute to the SAML 2.0 Service Provider
The AddAttribute method adds an attribute to the SAML 2.0 Service Provider.
Syntax
The AddAttribute method has the following format:
Netegrity::PolicyMgtSAMLServiceProvider->AddAttribute(attrNameFormat, value, nEncrypted, nMode)
Parameters
The AddAttribute method accepts the following parameters:
- attrNameFormat(int)Specifies one of the following attribute formats, as defined in the SAML 2.0 standard:
- SAMLSP_UNSPECIFIED (Value=0)
- SAMLSP_URI (Value=1)
- SAMLSP_BASIC (Value=2)
- value(string)
Specifies the value specification for the attribute. This value specification appears in the Name Value Pair column of the
CA Single Sign-On
SAML Service Provider Properties Dialog. The format of the value specification depends upon the kind of attribute you are adding -- Static, User Attribute, or DN Attribute:Static attributes:
variableName=value
- User attributes:variableName=<%userattr="AttrName"%>
- DN attributes:variableName=<#dn="DNSpec" attr="AttrName"#>To allowCA Single Sign-Onto retrieve DN attributes from a nested group, begin DNSpec with an exclamation mark ( ! ) -- for example:dn="!ou=People,o=security.com"
nEncrypted
(int)Specifies whether the attribute is encrypted. If non-zero, the attribute is encrypted after being included in the assertion.
nMode
(int)Specifies the retrieval mode of this attribute, which is one of the following:
- SAMLSP_SSO
- SAMLSP_Attribute
Return Value
The AddAttribute method returns one of the following values:
- A PolicyMgtSAMLSPAttr object
- undefif the call is unsuccessful
Remarks
A SAML 2.0 attribute contains information about a principal who is trying to access a resource on the Service Provider -- for example, the principal's user DN.
The defined attribute is included in an attribute statement for all SAML 2.0 assertions that are produced for this Service Provider.
AddUser Method Adds a User to the SAML 2.0 Service Provider
The AddUser method adds a user to the SAML Service Provider. Assertions can be generated for the users associated with a Service Provider.
Syntax
The AddUser method has the following format:
Netegrity::PolicyMgtSAMLServiceProvider->AddUser(user)
Parameters
The AddUser method accepts the following parameter:
- user(PolicyMgtUser)Specifies the user to add.
Return Value
The AddUser method returns one of the following values:
- 0 on success
- -1 if the call is unsuccessful
CreateIPConfigHostName Method Creates an IP Configuration Object for the Service Provider
The CreateIPConfigHostName method creates an IP configuration object for the Service Provider, based on the specified host name.
Syntax
The CreateIPConfigHostName method has the following format:
Netegrity::PolicyMgtSAMLServiceProvider->CreateIPConfigHostName(hostName)
Parameters
The CreateIPConfigHostName method accepts the following parameters:
- hostName(string)Specifies the host name where assertions must originate.
Return Value
The CreateIPConfigHostName method returns one of the following values:
- A PolicyMgtIPConfig object
- undefif the call is unsuccessful
Remarks
This method creates an IP address restriction for the assertion generation policy. With this address restriction, only assertions generated from the specified host will be accepted.
CreateIPConfigRange Method Creates an IP Configuration Object for the Service Provider
The CreateIPConfigRange method creates an IP configuration object for the Service Provider, based on the specified range of IP addresses.
Syntax
The CreateIPConfigRange method has the following format:
Netegrity::PolicyMgtSAMLServiceProvider->CreateIPConfigRange(ipAddr1, ipAddr2)
Parameters
The CreateIPConfigRange method accepts the following parameters:
- ipAddr1(string)Specifies the first IP address in the range of valid IP addresses.
- ipAddr2(string)Specifies the last IP address in the range of valid IP addresses.
Return Value
The CreateIPConfigRange method returns one of the following values:
- A PolicyMgtIPConfig object
- undefif the call is unsuccessful
Remarks
This method creates an IP address restriction for the assertion generation policy. With this address restriction, only assertions generated from the specified range of IP addresses will be accepted.
CreateIPConfigSingleHost Method Creates an IP Configuration Object for the Service Provider
The CreateIPConfigSingleHost method creates an IP configuration object for the Service Provider, based on the specified IP address.
Syntax
The CreateIPConfigSingleHost method has the following format:
Netegrity::PolicyMgtSAMLServiceProvider->CreateIPConfigSingleHost(ipAddr)
Parameters
The CreateIPConfigSingleHost method accepts the following parameter:
- ipAddr(string)Specifies the IP address where assertions must originate.
Return Value
The CreateIPConfigSingleHost method returns one of the following values:
- A PolicyMgtIPConfig object
- undefif the call is unsuccessful
Remarks
This method creates an IP address restriction for the assertion generation policy. With this address restriction, only assertions generated from the specified IP address will be accepted.
CreateIPConfigSubnetMask Method Creates an IP Configuration Object for the Service Provider
The CreateIPConfigSubnetMask method creates an IP configuration object for the Service Provider, based on the specified IP address and subnet mask.
Syntax
The CreateIPConfigSubnetMask method has the following format:
Netegrity::PolicyMgtSAMLServiceProvider->CreateIPConfigSubnetMask(ipAddr, subnetMask)
Parameters
The CreateIPConfigSubnetMask method accepts the following parameters:
- ipAddr(string)Specifies the IP address used to derive the subnet address.
- subnetMask(unsigned long)Specifies the subnet mask used to derive the subnet address.
Return Value
The CreateIPConfigSubnetMask method returns one of the following values:
- A PolicyMgtIPConfig object
- undefif the call is unsuccessful
Remarks
This method creates an IP address restriction for the assertion generation policy. With this address restriction, only assertions generated from the subnet address will be accepted. The subnet address is derived from the passed IP address and subnet mask. For information about defining the subnet mask value, see the description of the PolicyMgtPolicy>CreateIPConfigSubnetMask method.
DeleteIPConfig Method Deletes Specified IP Configuration Object
The DeleteIPConfig method deletes the specified IP configuration object.
Syntax
The DeleteIPConfig method has the following format:
Netegrity::PolicyMgtSAMLServiceProvider->DeleteIPConfig(IPConfig)
Parameters
The DeleteIPConfig method accepts the following parameter:
- IPConfig(PolicyMgtIPConfig object)Specifies the IP configuration object to delete.
Return Value
The DeleteIPConfig method returns one of the following values:
- value = 0Specifies that the method is successful.
- value = -1Specifies that the method is unsuccessful.
GetAllAttributes Method Retrieves All Attributes for SAML 2.0 Service Provider
The GetAllAttributes method retrieves all attributes defined for the SAML 2.0 Service Provider.
Syntax
The GetAllAttributes method has the following format:
Netegrity::PolicyMgtSAMLServiceProvider->GetAllAttributes() (returCode)
Parameters
The GetAllAttributes method accepts the following parameters:
- returnCode(int)Output variable that is populated on return of the function call. The value populated is 0 if the call is a success. If the call fails, the value populated is a negative number that corresponds with the Policy Management API error code.
Return Value
The GetAllAttributes method returns the following value:
- PolicyMgtSAMLSPAttr (array)
GetAllIPConfigs Method Retrieves All IP Configuration Objects
The GetAllIPConfigs method retrieves all IP configuration objects for the SAML 2.0 Service Provider.
Syntax
The GetAllIPConfigs method has the following format:
Netegrity::PolicyMgtSAMLServiceProvider->GetAllIPConfigs() (returnCode)
Parameters
The GetAllIPConfigs method accepts the following parameters:
- returnCode(int)Output variable that is populated on return of the function call. The value populated is 0 if the call is a success. If the call fails, the value populated is a negative number that corresponds with the Policy Management API error code.
Return Value
The GetAllIPConfigs method returns the following value:
- PolicyMgtIPConfig (array)
GetAllAssertionConsumerServices Method Retrieves All Assertion Consumer Services
The GetAllAssertionConsumerServices method retrieves all Assertion Consumer Services from the SAML 2.0 Service Provider object.
Syntax
The GetAllAssertionConsumerServices method has the following format:
Netegrity::PolicyMgtSAMLServiceProvider->GetAllAssertionConsumerServices() (returnCode)
Parameters
The GetAllAssertionConsumerServices method accepts the following parameters:
- returnCode(int)Output variable that is populated on return of the function call. The value populated is 0 if the call is a success. If the call fails, the value populated is a negative number that corresponds with the Policy Management API error code.
Return Value
The GetAllAssertionConsumerServices method returns the following value:
- PolicyMgtSAMLSPACS (array)
GetAllUsers Method Retrieves All Users
The GetAllUsers method retrieves all users associated with the SAML 2.0 Service Provider. If a user directory is specified, only users who belong to the specified directory are returned.
Syntax
The GetAllUsers method has the following format:
Netegrity::PolicyMgtSAMLServiceProvider->GetAllUsers([userDir]) (returnCode)
Parameters
The GetAllUsers method accepts the following parameters:
- userDir(PolicyMgtUserDir object)(Optional) Specifies the user directory to which all retrieved users must belong.
- returnCode(int)Output variable that is populated on return of the function call. The value populated is 0 if the call is a success. If the call fails, the value populated is a negative number that corresponds with the Policy Management API error code.
Return Value
The GetAllUsers method returns the following value:
- PolicyMgtUser (array)
Property Method Sets or Retrieves Metadata Property
The Property method sets or retrieves the specified SAML 2.0 metadata property for this Service Provider.
After modifying one or more Service Provider properties using this method, call the PolicyMgtSAMLServiceProvider->Save method to write the changes to the policy store.
Syntax
The Property method has the following format:
Netegrity::PolicyMgtSAMLServiceProvider->Property(name[, value])
Parameters
The Property method accepts the following parameters:
- name(string)Specifies the property to set or retrieve.Note:For a complete list of Service Provider metadata properties, see the method PolicyMgtAffDomain>CreateSAMLServiceProvider.
- value(string)(Optional) Specifies a new value for the property.
Return Value
The Property method returns one of the following values:
- property_valueSpecifies the property's new or existing value.
- undefSpecifies that the call is unsuccessful.
RemoveAssertionConsumer Method Removes Assertion Consumer Service
The RemoveAssertionConsumer method removes an existing Assertion Consumer Service from a SAML 2.0 Service Provider.
Syntax
The RemoveAssertionConsumer method has the following format:
Netegrity::PolicyMgtSAMLServiceProvider->RemoveAssertionConsumer(pSAMLSPACS)
Parameters
The RemoveAssertionConsumer method accepts the following parameter:
- pSAMLSPACSSpecifies the Assertion Consumer Service to remove.
Return Value
The RemoveAssertionConsumer method returns one of the following values:
- value = 0Specifies that the method is successful.
- value = -1Specifies that the method is unsuccessful.
RemoveAttribute Method Removes Specified Attribute
The RemoveAttribute method removes the specified attribute from the SAML 2.0 Service Provider.
Syntax
The RemoveAttribute method has the following format:
Netegrity::PolicyMgtSAMLServiceProvider->RemoveAttribute(SAMLSPAttr)
Parameters
The RemoveAttribute method accepts the following parameter:
- SAMLSPAttr (PolicyMgtSAMLSPAttr object)Specifies the attribute to remove.
Return Value
The RemoveAttribute method returns one of the following values:
- value = 0Specifies that the method is successful.
- value = -1Specifies that the method is unsuccessful.
RemoveUser Method Removes Specified User
The RemoveUser method removes the specified user from the SAML 2.0 Service Provider.
Syntax
The RemoveUser method has the following format:
Netegrity::PolicyMgtSAMLServiceProvider->RemoveUser(user)
Parameters
The RemoveUser method accepts the following parameter:
- user(PolicyMgtUser object)Specifies the user to remove.
Return Value
The RemoveUser method returns one of the following values:
- value = 0Specifies that the method is successful.
- value = -1Specifies that the method is unsuccessful.
Save Method Saves Changes Made to Metadata Properties
The Save method saves any changes made to the SAML 2.0 metadata properties of the Service Provider. Call this method once after making all changes to the SAML 2.0 Service Provider. You must call this method for the changes to take effect. To modify a metadata property, call the PolicyMgtSAMLServiceProvider->Property method.
Syntax
The Save method has the following format:
Netegrity::PolicyMgtSAMLServiceProvider->Save()
Parameters
The Save method accepts no parameters.
Return Value
The Save method returns one of the following values:
- value = 0Specifies that the method is successful.
- value = -1Specifies that the method is unsuccessful.
- value = -4Specifies that the user does not have the privileges required to change metadata properties.
- value = -10Specifies that the path and class are empty.