We have an requirement to send the role of the user to the application that is being used while authorizing the user to a page via policy in siteminder. In this case the user has, lets say, 5 roles and in the policy (in domain), we have specified all 5 roles with OR in between.
Therefore, we want to know, out of those 5 roles, which roles is used by CA SSO policy to authorize users.
We tried to get the policy details using the smpolicy api of the CA SSO, but we are unable to get the information in the users tab of the policy.
Is there a method that siteminder sdk exposes to fetch the expressions from the users tab of the policy.
Any thoughts on how can we achieve this.
Is your environment has IDM integrated ?
SM_USER_APPLICATION_ROLES[:application id]--Returns a list of roles that are assigned to a user.
Yes, IDM is integrated with siteminder.
We do not want the roles assigned to user. We want the expression that we have set in the users tab of the policy in domain.
there is a method that siteminder exposes smpolicyapi.getpolicydetails() - we were hoping that this method will return the expressions set in the users tab of the policy but we were wrong.
Thanks for your response.
Take a look at the following documents:
GetPolicy details: SmPolicyApiImpl (CA SiteMinder(r) SDK)
SmUserPolicy class: SmUserPolicy (CA SiteMinder SDK)
SmRule Class (in case the expression was set on the rule and not the policy): SmRule (CA SiteMinder SDK)
SmPolicy Class: SmPolicy (CA SiteMinder SDK)
I hope it helps