Symantec Access Management

  • Private Community

  • 1.  List all persistent realms

    Posted Jul 11, 2016 05:24 PM


    Hello all, Is there a quick way of finding out all the realms which use persistent sessions?  I have 500 realms and manually checking each one is not very economical. Appreciate if someone has implemented a script using Admin API or some other way. Thanks in advance.



  • 2.  Re: List all persistent realms

    Broadcom Employee
    Posted Jul 12, 2016 12:46 AM

    Hi,

     

    It seems that SDK does not support such functionality to get Persistent Session value of a realm.

     

    At this moment, you may use XPSExplorer to list up all realms with Persistent Session checked on.

     

    Run XPSExplorer and type each value in the below sequence.

    (1) 132 --> Realm

    (2) S --> Search objects

    (3) B --> Build Filter

    (4) 11 --> SessionType

    (5) A --> Equals ("=")

    (6) 1 --> Peristent =1 : Non Peristent = 0

    (7) Q --> Quit

    (8) F --> Apply Filter       (CA.SM::Realm.SessionType = 1)

     

    Hope this would help.

     

    Regards,

    Koichi Ikarashi



  • 3.  Re: List all persistent realms
    Best Answer

    Posted Jul 12, 2016 03:21 AM

    Hi SamWalker,

     

    In addition what Koichi-san mentioned, you can do the policy export

    ie:

    xpsexport policy.xml -xb -npass

     

    Search the policy export with "CA.SM::Realm.SessionType". Those with value 1 is persistent realm.

    ie:

                    <Property Name="CA.SM::Realm.Name">

                        <StringValue>transpolar realm</StringValue>

                    </Property>

                    <Property Name="CA.SM::Realm.ProcessAuthEvents">

                        <BooleanValue>true</BooleanValue>

                    </Property>

                    <Property Name="CA.SM::Realm.ProcessAzEvents">

                        <BooleanValue>true</BooleanValue>

                    </Property>

                    <Property Name="CA.SM::Realm.SessionType">

                        <NumberValue>1</NumberValue>

                    </Property>

     

    Hope this helps.

     

    Regards,

    Kar Meng



  • 4.  Re: List all persistent realms

    Broadcom Employee
    Posted Jul 12, 2016 08:52 AM

    Hi Anil,

     

    CA has no scripts that implement this exact functionality.  However, the C++ and Java Policy Management API and the PERL CLI do have methods that can be implemented to fetch all realms.  These methods are implemented in the examples included in the SDK and CLI.  You could easily modify them to spin through the fetched realms to check to see if it is persistent.

     

    Or, as my colleagues have mentioned, you XPSExplorer or XPSExport to acheive this.

     

    Please let us know if we have answered your question.

     

    Regards,

    Sandy



  • 5.  Re: List all persistent realms

    Posted Jul 12, 2016 10:30 AM

    Thanks everyone. I will try every option and let you know which one works.