Symantec Access Management

Please ask a question about the password data (RW) described in the URL below.

【reference】
https://techdocs.broadcom.com/content/broadcom/techdocs/jp/ja/ca-enterprise-software/layer7-identity-and-access-management/single-sign-on/12-8/configuring/policy- server-configuration/user-directories/directory-attributes-overview.html

I interpret the "password data (RW)" to be used to track password policy information.
"Password policy" is understood as a Policy Server object in which rules regarding passwords such as expiration date,
restrictions, and configuration requirements are set.

Please tell us the following contents on this assumption.

Question 1:
The password data (RW) is set as the information for referencing the "password policy" in the policy server.
I understand that writing process occurs to the attribute on the external directory (user store) side.
Is my recognition correct?

Or isn't processing such as write processing occurring only by reference?

Question 2:
I tried to confirm manually when the writing to the attribute set in "Password data (RW)" occurs.
The description could not be found.

Can you tell me about the timing of writing to the "Password data (RW)" attribute?

Or, as the concern in question (1), does the writing process to this attribute occur?


regards.

Hi Haruka

I put my answers in the lines.

Question 1:
The password data (RW) is set as the information for referencing the "password policy" in the policy server.
I understand that writing process occurs to the attribute on the external directory (user store) side.
Is my recognition correct?

B.K.) Yes, it writes the login (success/fail/time & date) information when password service enables in Expirations. It also writes the information when the user change the password. 
 
Question 2:
I tried to confirm manually when the writing to the attribute set in "Password data (RW)" occurs.
The description could not be found

B.K.) You can read Password Data attribute via Java or Perl API in SiteMinder Policy Server. However, it is not allowed to write into Password data via API.

Perl API
https://techdocs.broadcom.com/content/broadcom/techdocs/us/en/ca-enterprise-software/layer7-identity-and-access-management/single-sign-on/12-8/programming/scripting-interface/policy-management-api-in-cli/policy-management-methods-in-cli/cli-user-password-state-methods.html

Java API
https://techdocs.broadcom.com/content/broadcom/techdocs/us/en/ca-enterprise-software/layer7-identity-and-access-management/single-sign-on/12-8/programming/sdks/programming-in-java/delegated-management-services-api/user-password-state.html

Kind regards

B.K.
Original Message:
Sent: 06-19-2020 04:54 AM
From: Haruka Murata
Subject: Relationship between password policy and user store

Please ask a question about the password data (RW) described in the URL below.

【reference】
https://techdocs.broadcom.com/content/broadcom/techdocs/jp/ja/ca-enterprise-software/layer7-identity-and-access-management/single-sign-on/12-8/configuring/policy- server-configuration/user-directories/directory-attributes-overview.html

I interpret the "password data (RW)" to be used to track password policy information.
"Password policy" is understood as a Policy Server object in which rules regarding passwords such as expiration date,
restrictions, and configuration requirements are set.

Please tell us the following contents on this assumption.

Question 1:
The password data (RW) is set as the information for referencing the "password policy" in the policy server.
I understand that writing process occurs to the attribute on the external directory (user store) side.
Is my recognition correct?

Or isn't processing such as write processing occurring only by reference?

Question 2:
I tried to confirm manually when the writing to the attribute set in "Password data (RW)" occurs.
The description could not be found.

Can you tell me about the timing of writing to the "Password data (RW)" attribute?

Or, as the concern in question (1), does the writing process to this attribute occur?


regards.