search cancel

Siteminder Perl CLI - Add 'All' for user Directory in Legacy federation

book

Article ID: 203195

calendar_today

Updated On:

Products

CA Single Sign On Secure Proxy Server (SiteMinder) CA Single Sign On Agents (SiteMinder) CA Single Sign On Federation (SiteMinder) CA Single Sign On SOA Security Manager (SiteMinder) SITEMINDER

Issue/Introduction

 

We're writing code with Policy Server CLI Perl to add users to a Policy,
you'd like to know how to set a Policy to all users ?

You've seen the function : 

  $serviceprovider->AddUser()

but this one add only 1 user at time.

How can we do this ?

 

Environment

 

Policy Server 12.8SP3 on RedHat 6

 

Resolution

 

At first glance, as per documentation, there's no option in PERL CLI
to set all users in one instance :

AddUser Method Adds a User to the Policy

  The AddUser method has the following format:

   Netegrity::PolicyMgtPolicy->AddUser(user [, iExcludeUser] [, iRecursiveFlag] [, iANDUserFlag])

   Parameters

    The AddUser method accepts the following parameters:

    user (PolicyMgtUser) Specifies the user to add.

    iExcludeUser (int) (Optional) Specifies whether to exclude a user:

    1 excludes the user
    0 includes the user

    iRecursiveFlag (int) (Optional) Specifies the setting for the AllowNested flag:

    1 sets the AllowNested flag
    0 disables the AllowNested flag

    iANDUserFlag (int) (Optional) Specifies the setting for the AND flag: 1 set the AND flag 0 disables the AND flag

    Return Value

    The AddUser method returns one of the following values:

    0 if the call is successful
    -1 if the call is unsuccessful

  https://techdocs.broadcom.com/us/en/symantec-security-software/identity-security/siteminder/12-8/programming/scripting-interface/policy-management-api-in-cli/policy-management-methods-in-cli/cli-policy-methods.html#concept.dita_d9683132ee1b6009ba0d102c05b33ef464c09213_AddUserMethodAddsaUsertothePolicy

In our lab, we've try to pass all, All, "all" and this doesn't set the
data as per the button "Add all" in the AdminUI. You'll still need to
set the all users in the AdminUI after having set all the data in the
Policy Store.

For your information, you can set this value without using the AdminUI
is to use REST API :

  Policy Data API - Core Policy Objects

    PUT  /ca/api/sso/services/policy/v1/SmDomains/{SmDomainName}/SmPolicies/{SmPolicyName} 
    Update SmPolicy

      [...]

      "SmUserPolicies": [
    {
      "type": "string",
      "id": "string",
      "UserDirectory": {
        "id": "string",
        "path": "string",
        "href": "string",
        "desc": "string"
      },
      "FilterPath": "string",
      "FilterClass": "string",
      "PolicyFlags": [
        "AND"
      ],
      "PolicyResolution": "User"
    }
      ],

      [...]

  https://techdocs.broadcom.com/us/en/symantec-security-software/identity-security/siteminder/12-8/programming/policy-object-rest-apis/rest-api-reference-documentation/policy-data-api-core-policy-objects.html