Currently there is not a good method to update the ACOs in bulk. The obvious methods is to either use the UI or the RESTAPI to update each ACO individually.

Many customers have hundreds of ACOs, so using these methods is not really possible. In one use, the customer wanted to disable various SiteMinder header variables on all their ACOs.

However, this can be done using XPSExport with the "-xf" flag.

-xf file_name
(Optional) Specifies the absolute name of a file that contains the list of XIDs of objects to be exported.
The entries in the file have the following format:

CA.SM::UserDirectory@0e-255e2456-556d-40fb-93cd-f2fed81f656e
ADD=CA.SM::AuthScheme@0d-4afc0e41-ae25-11d1-9cdd-006008aac24b
REPLACE=CA.SM::Agent@01-cb8b3401-a6aa-4794-964e-c569712269c0
OVERLAY=CA.SM::Domain@03-7bdf31f2-44d7-4d7b-a8f5-5de2eaa0b634

R12.8 any

Any OS

First export your Policy Store.

XPSExport -xb myexport.xml

Then extract the XID for the Agent Configuration Objects into an txt input file. Below is an example using AWK, but you can use your own methods.

grep  'Object Class="CA.SM::AgentConfig' myexport.xml |awk -F"Xid=" '{print $2}'|awk -F'"' '{print $2}'>ACO_XID.txt

Next, because we are updating existing ACOs, we need to set the XIDs to be overlayed. Below is an example using SED.

sed -i 's/^/OVERLAY=/' ACO_XID.txt

Now there is a list of all the ACO XIDs configured for overlay. It should look something like this:

OVERLAY=CA.SM::AgentConfig@21-00064056-f0ae-15dd-8138-09650a124067
OVERLAY=CA.SM::AgentConfig@21-0003fdb8-6268-16b6-ba1e-9f190afc0080

Now just the ACOs can be exported to a new import xml.

XPSExport -xf ACO_XID.txt   ACO_OVERLAY_XID.xml

Here is an example of using SED to update all the ACOs in the export to disable the default SiteMInder variables.

sed -i 's/DisableSessionVars=.*</DisableSessionVars=2=yes</g' ACO_OVERLAY_XID.xml
sed -i 's/DisableUserVars=.*</DisableUserVars=2=yes</g' ACO_OVERLAY_XID.xml
sed -i 's/DisableAuthSrcVars=.*</DisableAuthSrcVars=2=yes</g' ACO_OVERLAY_XID.xml

The final step is to import the updated ACO XML file

XPSImport ACO_OVERLAY_Xid.xml

Verify the changes in XPSExplorer or the AdminUI.

Note - it is important to use the XPSImport/XPSExport tools as they will issue Server Commands to update the Policy Stores, Policy Servers, and AdminUI cache. If you updated the Policy Store via LDIF or ldap commands, replication and a cache flush would be needed.