Symantec Access Management

can some one explain usage of "smpolicysrv -publish" ?as well  how to enable/disable ?

--> will there any particular libraries required ?

Thanks-

Hi JaswanthChadalawada4210560,

"smpoilcysrv -publish" is a command line tool for publishing diagnostic information about a CA SiteMinder® deployment. Using the tool, you can publish information about Policy Servers, policy stores, user directories, Agents, and custom modules.

You can run this from <siteminder>\bin directory and the published information will be written to a XML file (by default : <policy_server_install_dir>\log\smpublish.xml).

You can specify the location and output file name using following command:

smpolicysrv -publish c:\netegrity\siteminder\published-data.txt

Sample XML file:

<SMPUBLISH>

    <SERVER>

        <SHORT_NAME>   smpolicysrv </SHORT_NAME>

        <FULL_NAME>    SiteMinder Policy Server </FULL_NAME>

        <PRODUCT_NAME> SiteMinder(tm) </PRODUCT_NAME>

        <VERSION>  12.52 </VERSION>

        <UPDATE>   01.00 </UPDATE>

        <LABEL>    499 </LABEL>

        <PLATFORM> Windows version 6.1 Service Pack 1 (Build 7601) </PLATFORM>

        <PORT>     44442 </PORT>

        <RADIUS_PORT> 0 </RADIUS_PORT>

        <THREADPOOL>

            <THREAD_MSG_QUEUE>

                <MSG_TOTALS>    12852 </MSG_TOTALS>

                <MAX_HIGH_DEPTH>     1 </MAX_HIGH_DEPTH>

                <MAX_NORM_DEPTH>     3 </MAX_NORM_DEPTH>

                <MAX_MSG_DEPTH>     3 </MAX_MSG_DEPTH>

                <CURRENT_HIGH_DEPTH>     0 </CURRENT_HIGH_DEPTH>

                <CURRENT_NORM_DEPTH>     0 </CURRENT_NORM_DEPTH>

                <CURRENT_MSG_DEPTH>     0 </CURRENT_MSG_DEPTH>

            </THREAD_MSG_QUEUE>

            <THREADS_LIMIT> 8 </THREADS_LIMIT>

            <THREADS_MAX>   8 </THREADS_MAX>

            <THREADS_CURRENT> 8 </THREADS_CURRENT>

            <THREADS_BUSY> 0 </THREADS_BUSY>

        </THREADPOOL>

        <CRYPTO> 128 </CRYPTO>

        <KEYMGT>

            <GENERATION> disabled </GENERATION>

            <UPDATE>     disabled </UPDATE>

        </KEYMGT>

        <JOURNAL>

            <REFRESH> 60 </REFRESH>

            <FLUSH>   60 </FLUSH>

        </JOURNAL>

        <PSCACHE>

            <STATE>          enabled </STATE>

            <PRELOAD>        enabled </PRELOAD>

        </PSCACHE>

        <USERAZCACHE>

            <STATE>    enabled </STATE>

            <MAX>      10 </MAX>

            <LIFETIME> 3600 </LIFETIME>

        </USERAZCACHE>

    </SERVER>

    <REPORTS>

        <THREAD_COUNT>        1 </THREAD_COUNT>

        <PENDING_LOG_ENTRIES> 0 </PENDING_LOG_ENTRIES>

        <PENDING_TEXT_LOG_SIZE_MB> 0 </PENDING_TEXT_LOG_SIZE_MB>

        <DROPPED_TEXT_LOG_ENTRIES> 0 </DROPPED_TEXT_LOG_ENTRIES>

        <AUTH_EVENTS>          ALL </AUTH_EVENTS>

        <AZ_EVENTS>            ALL  </AZ_EVENTS>

        <ADMIN_ACCESS_EVENTS>  ALL  </ADMIN_ACCESS_EVENTS>   

        <AFFILIATE_EVENTS>     ALL  </AFFILIATE_EVENTS> 

        <ADMINISTRATIVE_EVENTS>  NONE  </ADMINISTRATIVE_EVENTS>

        <OUTPUT>

            <TYPE> TEXT: </TYPE >

        </OUTPUT>

    </REPORTS>

    <AUDITLOG_STORE>

        <DATASTORE>

            <NAME> Audit Log Store  </NAME>

            <FILE> C:\CA\siteminder\log\smaccess.log </FILE>

             <ROLLOVERSIZE> 10 </ROLLOVERSIZE>

             <FILESTOKEEP> 10 </FILESTOKEEP>

        </DATASTORE>

    </AUDITLOG_STORE>

<POLICY_STORE>

        <DATASTORE>

            <NAME> Policy Store   </NAME>

            <USE_DEFAULT_STORE>  false </USE_DEFAULT_STORE>

            <LOADED> true </LOADED>

           <SERVER_LIST>

  <CONNECTION_INFO>

                    <TYPE>ODBC</TYPE>

                    <SERVICE_NAME>siteminder</SERVICE_NAME>

                    <USER_NAME>sa</USER_NAME>

                    <DBMS_NAME>Microsoft SQL Server</DBMS_NAME>

                    <DRIVER_NAME>Microsoft SQL Server</DRIVER_NAME>

                    <DBMS_VERSION>10.00.2531</DBMS_VERSION>

  <CONNECTIONS>

  <TOTAL>3</TOTAL>

  <ACTIVE>0</ACTIVE>

  <AVAILABLE>3</AVAILABLE>

  <HUNG>0</HUNG>

  <INITIALIZED>0</INITIALIZED>

  </CONNECTIONS>

  </CONNECTION_INFO>

           </SERVER_LIST>

        </DATASTORE>

        <DATASTORE>

            <NAME>  Key Store  </NAME>

            <USE_DEFAULT_STORE> true </USE_DEFAULT_STORE>

            <LOADED> true </LOADED>

        </DATASTORE>

        <DATASTORE>

            <NAME>  Token Store  </NAME>

            <USE_DEFAULT_STORE>  false </USE_DEFAULT_STORE>

            <LOADED> true </LOADED>

           <SERVER_LIST>

  <CONNECTION_INFO>

  <CONNECTIONS>

  <TOTAL>0</TOTAL>

  <ACTIVE>0</ACTIVE>

  <AVAILABLE>0</AVAILABLE>

  <HUNG>0</HUNG>

  <INITIALIZED>0</INITIALIZED>

  </CONNECTIONS>

  </CONNECTION_INFO>

           </SERVER_LIST>

        </DATASTORE>

</POLICY_STORE>

<SESSION_STORE>

        <DATASTORE>

            <NAME> Session Server Store  </NAME>

            <USE_DEFAULT_STORE>  false </USE_DEFAULT_STORE>

            <LOADED> true </LOADED>

           <SERVER_LIST>

  <CONNECTION_INFO>

                    <TYPE>ODBC</TYPE>

                    <SERVICE_NAME>sessionstore</SERVICE_NAME>

                    <USER_NAME>sa</USER_NAME>

                    <DBMS_NAME>Microsoft SQL Server</DBMS_NAME>

                    <DRIVER_NAME>Microsoft SQL Server</DRIVER_NAME>

                    <DBMS_VERSION>10.00.2531</DBMS_VERSION>

  <CONNECTIONS>

  <TOTAL>1</TOTAL>

  <ACTIVE>0</ACTIVE>

  <AVAILABLE>1</AVAILABLE>

  <HUNG>0</HUNG>

  <INITIALIZED>0</INITIALIZED>

  </CONNECTIONS>

  </CONNECTION_INFO>

           </SERVER_LIST>

        </DATASTORE>

</SESSION_STORE>

   <AGENT_CONNECTION_MANAGER>

        <CURRENT>      5 </CURRENT>

        <MAX>          15 </MAX>

        <DROPPED>      0 </DROPPED>

        <IDLE_TIMEOUT> 600 </IDLE_TIMEOUT>

        <ACCEPT_TIMEOUT> 10 </ACCEPT_TIMEOUT>

        <AGENT_CONNECTION>

            <NAME> lod0249_apache </NAME>

            <IP>   141.202.119.71 </IP>

            <API_VERSION> 1536 </API_VERSION>

            <LAST_MESSAGE_TIME> 1453530481 </LAST_MESSAGE_TIME>

         </AGENT_CONNECTION>

        <AGENT_CONNECTION>

            <NAME> i148122sps </NAME>

            <IP>   10.131.54.97 </IP>

            <API_VERSION> 1536 </API_VERSION>

            <LAST_MESSAGE_TIME> 1453530494 </LAST_MESSAGE_TIME>

         </AGENT_CONNECTION>

        <AGENT_CONNECTION>

            <NAME> wonsa03-i122123sps </NAME>

            <IP>   10.131.60.35 </IP>

            <API_VERSION> 1536 </API_VERSION>

            <LAST_MESSAGE_TIME> 1453530496 </LAST_MESSAGE_TIME>

         </AGENT_CONNECTION>

        <AGENT_CONNECTION>

            <NAME> i148122sps_sa01 </NAME>

            <IP>   10.131.54.97 </IP>

            <API_VERSION> 1536 </API_VERSION>

            <LAST_MESSAGE_TIME> 1453530407 </LAST_MESSAGE_TIME>

         </AGENT_CONNECTION>

        <AGENT_CONNECTION>

            <NAME> i148122sps </NAME>

            <IP>   10.131.54.97 </IP>

            <API_VERSION> 1536 </API_VERSION>

            <LAST_MESSAGE_TIME> 1453530485 </LAST_MESSAGE_TIME>

         </AGENT_CONNECTION>

    </AGENT_CONNECTION_MANAGER>

<USER_DIRECTORIES>

</USER_DIRECTORIES>

<EVENT_HANDLERS>

      <CONFIGURED> C:\CA\siteminder\bin\XPSAudit.dll </CONFIGURED>

      <EVENT_LIB>

          <LIB_NAME> C:\CA\siteminder\bin\XPSAudit.dll

        </LIB_NAME>

          <FULL_NAME>

                C:\CA\siteminder\bin\XPSAudit.dll

          </FULL_NAME>

      </EVENT_LIB>

  </EVENT_HANDLERS>

</SMPUBLISH>

This is so good , Thank you and you had answered to one of my questions which i am suppose to ask later

when i tried to run the command as smuse12 on a SM12.52 policy server , i got below error .

./smpolicysrv -publish

./smpolicysrv: error while loading shared libraries: libsmartheap_smp.so: cannot open shared object file: No such file or directory

But as far i know this message will come , because the environment variable for the policy server is not loaded for the user running .

So should i still need to run the ". ./nete_ps_env.ksh" command even running as smuser12?

Thanks-

Yes, you can will need to source environment variable.

Adding to this ,

can you help me understand the below what it signifies ? mainly on the LIFETIME?

        <USERAZCACHE>

            <STATE>    enabled </STATE>

            <MAX>      10 </MAX>

            <LIFETIME> 3600 </LIFETIME>

        </USERAZCACHE>

That is the expiry time of the user authorization cache. After this time it will contact policy server to fetch  user authorisation attributes.

It was helpful . Thank you all .

I am sure there must be an option to close this thread as answered, i am looking for it .

Thanks,.

Hi, fixed that for you.

Hi Ujwol ,

Thank you ! i was doing some sort of testing and wanted to see if there is a way i can disable the lifetime parameter ?

<LIFETIME> 3600 </LIFETIME>

I found it under registry. Thank you !!