Manually edit Filter User Property in partnership Policy Server AdminUI
search cancel

Manually edit Filter User Property in partnership Policy Server AdminUI

book

Article ID: 232384

calendar_today

Updated On:

Products

SITEMINDER

Issue/Introduction

 

When running AdminUI, and configuring the

  "Federated User -> User Class -> Filter User Property",

the Policy Server sends request for searching objectclasses as such as
groupOfUniqueNames.

 

Resolution

 

To edit the "Filter User Property" without having Policy Server doing
these calls, use XPSExplorer tool.

- Go to AdminUI, and get the name of the partnership to modify.

  To illustrate :

  Partnership Name:
  myOtherPost

- Export the full Policy Store data in a file using the following command :

   XPSExport pstore.xml -xb -npass

- Open the pstore.xml file and find the partnership "myOtherPost"

  Find the domain named myOtherPost and its related User Directory
  Link :

          <Object Class="CA.SM::Domain" Xid="CA.SM::[email protected]" CreatedDateTime="2021-09-08T13:17:35" ModifiedDateTime="2021-12-20T08:50:16" UpdatedBy="siteminder" UpdateMethod="GUI" ExportType="Replace">
            <Property Name="CA.SM::Domain.Name">
                <StringValue>samlidp:myotherpost</StringValue>

            <Property Name="CA.SM::Domain.UserDirectoriesLink">
                <LinkValue>
                    <XID>CA.SM::[email protected]</XID>

  and get the related Policy by scrolling down the objects related to
  the above domain :

            <Object Class="CA.SM::Policy" Xid="CA.SM::[email protected]" CreatedDateTime="2021-09-08T13:17:35" ModifiedDateTime="2021-12-20T08:50:16" UpdatedBy="siteminder" UpdateMethod="GUI">

- Once having the above Domain, User Directory and Policy Xid, then
  fill the following table with the values :
  
   Filter Class      : User Attribute
   Filter Path       : (memberof=myprofile=myUser,dc=training,dc=com)
   Policy Flag       : 0
   Policy Resolution : 3
   User Directory    : CA.SM::[email protected]
   Policy            : CA.SM::[email protected]

- On the Policy Server machine, run command : XPSExplorer and create a
  new User Policy as per the following :

  163
  N
  02
  User Attribute
  03
  (memberof=myprofile=myUser,dc=training,dc=com)
  04
  0
  05
  3
  06
  CA.SM::[email protected]
  S
  CA.SM::[email protected]
  V
  Object is valid!
  U
  Object updated.
  Q
  Q
  P
  Policy server notified.
  Q

With Identity Manager objects :

  186
  N
  02
  User Attribute
  03
  (memberof=myprofile=myUser,dc=training,dc=com)
  05
  0
  06
  3
  07
  CA.SM::[email protected]
  S
  CA.SM::[email protected]
  V
  Object is valid!
  U
  Object updated.
  Q
  Q
  P
  Policy server notified.
  Q

 

Powered by Wolken Software