Symantec Access Management

 View Only
  • 1.  Get users tab details from the policy tab in domain

    Posted Jun 28, 2018 10:33 AM

    Team,

    We have an requirement to send the role of the user to the application that is being used while authorizing the user to a page via policy in siteminder. In this case the user has, lets say, 5 roles and in the policy (in domain), we have specified all 5 roles with OR in between.

    Therefore, we want to know, out of those 5 roles, which roles is used by CA SSO policy to authorize users.

    We tried to get the policy details using the smpolicy api of the CA SSO, but we are unable to get the information in the users tab of the policy.

    Is there a method that siteminder sdk exposes to fetch the expressions from the users tab of the policy.

    Any thoughts on how can we achieve this.

     

    Thanks,
    Shivam



  • 2.  Re: Get users tab details from the policy tab in domain

    Posted Jun 28, 2018 10:48 AM

    Hi Shivam,

     

    Is your environment has IDM integrated ?

     

    SM_USER_APPLICATION_ROLES[:application id]--Returns a list of roles that are assigned to a user.

     

    https://docops.ca.com/ca-identity-manager/12-6-5/EN/configuring/ca-sso-integration/ca-sso-operations/how-to-configure-access-roles/#HowtoConfigureAccessRoles-SiteMinder-GeneratedResponseAttributes

     

    Regards,

    Leo Joseph.



  • 3.  Re: Get users tab details from the policy tab in domain

    Posted Jun 28, 2018 10:54 AM

    Hi Leo,

     

    Yes, IDM is integrated with siteminder.

     

    We do not want the roles assigned to user. We want the expression that we have set in the users tab of the policy in domain.

     

    there is a method that siteminder exposes smpolicyapi.getpolicydetails() - we were hoping that this method will return the expressions set in the users tab of the policy but we were wrong.

     

    Any thoughts?

     

    Thanks for your response.

    Shivam



  • 4.  Re: Get users tab details from the policy tab in domain

    Posted Aug 03, 2018 04:48 AM

    Hi Shivam,

     

    Take a look at the following documents:

     

    GetPolicy details: SmPolicyApiImpl (CA SiteMinder(r) SDK)

    SmUserPolicy class: SmUserPolicy (CA SiteMinder SDK)

    SmRule Class (in case the expression was set on the rule and not the policy): SmRule (CA SiteMinder SDK) 

    SmPolicy Class: SmPolicy (CA SiteMinder SDK) 

     

    I hope it helps