search cancel

Siteminder Perl CLI Interface query

book

Article ID: 202464

calendar_today

Updated On:

Products

CA Single Sign On Secure Proxy Server (SiteMinder) CA Single Sign On Agents (SiteMinder) CA Single Sign On Federation (SiteMinder) CA Single Sign On SOA Security Manager (SiteMinder) SITEMINDER

Issue/Introduction

 

We've developped and we're running a Perl Command Line Interface (CLI)
script to add a SAML Service Provider using CreateSAMLServiceProvider
method. We'd like to know how to set the EnableAuthnRequestPost
property. Is there a way to do this ?

We've followed this documentation to implement our script :

  CLI Affiliate Domain Methods
  https://techdocs.broadcom.com/us/en/symantec-security-software/identity-security/siteminder/12-7/programming/scripting-interface/policy-management-api-in-cli/policy-management-methods-in-cli/cli-affiliate-domain-methods.html

  SAML 2.0 Property Reference
  https://techdocs.broadcom.com/us/en/symantec-security-software/identity-security/siteminder/12-8/programming/sdks/programming-in-c/saml-2-0-property-reference.html

 

Environment

 

Policy Server 12.8SP4 on RedHat 7

 

Resolution

 

At first glance, the Method CreateSAMLServiceProvider is for Legacy
Affiliate Domains, and not for SAML Partnership. Perl CLI is limited
to only the Legacy Affiliate Objects.

  Perl CLI method to manage federation partnerships

    The partnership functionality has not been added to any API.

  https://knowledge.broadcom.com/external/article?articleId=13672


The Attribute you're looking to add to the Legacy Affilicate Domain,
is a Partnership attribute, not an Affiliate Domain one :

  CA SSO : R12.52 - Supported Auth Requests (for Affiliate Domain)?

     Post Binding Authentication Request (in Affiliate Domain) is not
     supported by any means.

  https://community.broadcom.com/communities/community-home/digestviewer/viewthread?MID=793677#bmdf08a403-683d-4676-9ced-258b553220c0

As such, in order to benefit from that EnableAuthnRequestPost
property, you have to move the Legacy Affiliate configuration to a
Partnership one, and you should need to use another programming
interface as the REST API :

  Policy Object REST APIs
  https://techdocs.broadcom.com/us/en/symantec-security-software/identity-security/siteminder/12-8/programming/policy-object-rest-apis.html

  Policy Data API - Federation Objects
  https://techdocs.broadcom.com/us/en/symantec-security-software/identity-security/siteminder/12-8/programming/policy-object-rest-apis/rest-api-reference-documentation/policy-data-api-federation-objects.html