Symantec Access Management

Hi All,

We had configured various regular expressions in BPS to allow and disallow user to use those words with certain combinations.

We are implementing APS and we want to configure the same in it.

Please guide how can i configure those.

Regards,

Shrawan

Shrawan,

This is documented in the APS Admin Guide.  The 12.52-SP1 .pdf version is located at https://support.ca.com/cadocs/0/CA%20SiteMinder%2012%2052%20SP1-ENU/Bookshelf_Files/PDF/aps_guide_enu.pdf

Search for "regular expression" in the document to see where regular expressions can be configured.

Hi Gresa,

Thanks for your response.

I have read that document.

I have doubt for regurlar expressions like *[0-9a-zA-Z]* or for expressions ending with "$". What kind of Error key i should mention for such combination?

Regards,

Shrawan

Hi Shrawn,

Please go through this KB :

http://www.ca.com/us/support/ca-support-online/product-content/knowledgebase-articles/tec483089.aspx 

SiteMinder doesn't have full fledged support to regular expression. 

It supports only those expression listed here :

Resource Matching and Regular Expressions - CA Single Sign-On - 12.52 SP1 - CA Technologies Documentation 

This is same for BPS and APS.

So, if you already have a regular expression in BPS, you should be able to use the same expression in APS as well.

Please let us know if it is not working as expected.

Regards,

Ujwol 

Hi Ujwol,

Thanks for your response

i am having doubt in key value pair and syntax in which regular expressions should be configured in APS.

As for digits we can use ERR_NO_STARTING_DIGIT when starting is not allowed to be done by any of these digits and similarly for Alphabets we can use ERR_ONE_UPPER.

For pattern like *[0-9a-zA-Z]* what we can use as "key"? Is there any fix key in particular format or we can use any arbitrary name?

Regards,

Shrawan

Ah, I got it now. The Keys are USER defined, meaning to say you can use ANY key.

You just need to ensure that , the exact same Key exist in the APS.Lang (or APS.properties) file with the proper error message which can be displayed.

For e.g

If you specify , NOMatch as : 

NoMatch=SHRAWAN_NO_TRAILING_DIGIT *[0-9]

In your APS.lang you should have something like :

SHRAWAN_NO_TRAILING_DIGIT = No trailing digit allowed.

Hi Ujwol

That means i can even use PASSWORD_EXPRESSION only this kind of key also! right? Without writing DIGIT or TRAILING.

Regards,

Shrawan

That is correct.

Hi Ujwol,

Thanks

I am unable to find APS.lang file in my policyserver. I have checked bin/Language folder of Policy server home but APS.lang is not there.

I have gone through KEDB article TEC477915 and did the same as mentioned in it but i am still not able to find APS.lan.

Please guide.

regards,

Shrawan

Hi Shrawan,

APS.Lang (or APS.properties) file

Check for this file  APSAdmin.properties under <webagent_install_location>\CA\webagent\resources

Regards,

Leo Joseph.

Hi Leo,

APSAdmin.lang, SmCPW.lang and FPS.lang files are present on webserver but i am not able to find APS.lang on policy server.

Please guide.

Regards,

Shrawan

Hi Shrawan,

Please find APS.Lang (or APS.properties) file under below location on the policy server. There may be multiple copies of each of these files, one for each locale supported by the site.

C:\CA\siteminder\resources  (Under resources folder)

Thanks,

Sharan

Hi Sharan,

Thanks

 i found APS.properties file at that location.

Regards,

Shrawan

Hello Mr.Shrestha,

I saw your previous answers via this community, so that I could catch a point to configure & modify the policy of password by using following methods that you guided.

But, I'm wondering how to allow to include a specific character such as $/^ and others(they're defined as regex) within words of password, while we're using the policy of password with its regular expression when created.

e.g.)  Currently $ this character has been defined in the policy server to be restricted to make a new password as a regex, also it needs to be made inner side of passwords as a character.

Is it possible to generate the password in this situation without deployment of patch version customized by CA Technology?(Please, help)

* Guided by you

C:\CA\siteminder\resources\APS.Lang (or APS.properties)

NoMatch=SHRAWAN_NO_TRAILING_DIGIT *[0-9]

SHRAWAN_NO_TRAILING_DIGIT = No trailing digit allowed.

Happy working hours

Thanks&Regards,

Haeder