ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.

XPSExplorer to manage Policy Store data on regular basis

book

Article ID: 133006

calendar_today

Updated On:

Products

SITEMINDER SINGLE SIGN ON - LEGACY

Issue/Introduction

We're running a Policy Server and we'd like to know the possible

method to remove an Agent from an AgentGroup without having to use the

AdminUI. We would like to use XPSExplorer to manage the Policy Store

data. Is that possible ?


Environment

Release: 12.52SP1


Component:

Resolution

The use of XPSExplorer is not a good option for you as the intent here

is to modify and manage the Policy Store objects. As per

documentation, this tool as limited scope and risky :


  XPSExplorer


    XPSExplorer is an interactive command-line utility that allows an

    administrator or application developer to view the data in a policy

    store. XPSExplorer has two uses:

    To determine the identifiers of objects for a granular export or

    import by exploring a list of domains or realms.

    To repair the object store in the event that the store is damaged and

    must be repaired manually.

    Important! Only use XPSExplorer to repair or otherwise modify the

    policy store if instructed to do so by CA Support. Unsupervised use

    can corrupt the policy store.

  https://docops.ca.com/ca-single-sign-on/12-8/en/administrating/policy-server-tools/xpsexplorer


As such, we strongly recommend you to use C++, Java, or Perl to bypass

the AdminUI to manange the Policy Store objects.


o manage Policy Store data, you can run custom

script written in perl, Java or c++.


C++

The C-Language APIs


Policy Management API—use to develop a custom Administrative UI

application, or to customize selected components of policy objects

such as rules, policies, and responses within the application. Users

of this API will be able to perform most of the data manipulations

that users of the native Administrative UI can perform.


https://docops.ca.com/ca-single-sign-on/12-8/en/programming/sdks/programming-in-c


Java

Programming in Java

Policy Management API—use to develop a custom Administrative UI

application, or to customize selected components of policy objects

such as rules, policies, and responses within the application. Users

of this API will be able to perform most of the data manipulations

that users of the native Administrative UI can perform.

https://docops.ca.com/ca-single-sign-on/12-8/en/programming/sdks/programming-in-java


Perl

Policy Management Operations in CLI

Create Agent Objects

View and Modify Object Properties

https://docops.ca.com/ca-single-sign-on/12-8/en/programming/scripting-interface/policy-management-api-in-cli/policy-management-operations-in-cli#PolicyManagementOperationsinCLI-CreateAgentObjects


and


Removing an Agent from Policy Store using Perl CLI, the reference to

this agent doesn't get removed from the AgentGroup and AdminUI

report Error: Could not find specified subject.


https://comm.support.ca.com/kb/removing-an-agent-from-policy-store-using-perl-cli-the-reference-to-this-agent-doesnt-get-removed-from-the-agentgroup-and-adminui-report-error-could-not-find-specified-subject/kb000008126