Symantec Access Management

 View Only
Expand all | Collapse all

Siteminder Policy Reader


LudovicApr 10, 2013 06:36 AM

Legacy User

Legacy UserMar 11, 2015 10:26 AM

D Klier

D KlierAug 21, 2018 01:12 PM

  • 1.  Siteminder Policy Reader

    Broadcom Employee
    Posted Feb 21, 2013 08:06 AM

    Latest version of SMPolicyReader, available at bottom of this post,  last updated build 466 on 29-April-2019.


    A lot has happened since Feb-2013 when this was first put into the communities.  Mostly it is bug fixes, but there have been some large feature additions and look & feel changes.  To help identify what has been added I will add links to articles that discuss any new features here :    Recent SMPolicyReader articles : 


    Tech Note : Storing SSO policy changes in Revision Control - viewing changes 

    Tech Note : Howto place SSO policy changes under revision control using git 

    May - 2017

    SMPolicyReader update - xcart - screen to check for xcart object references 


    Using SMPolicyReader to generate xcart selection. 



    Siteminder Policy Reader

    Attached is a java Siteminder Policy Reader tool, that has been developed internally by CA Support engineers for use within CA Siteminder Support. Given that CA Siteminder customers, face similar issues with viewing exported XPS & SMDIF policy stores, it was felt that this was a good candidate tool, even though it is at a fairly early stage of development, for release on the CA community website.

    Here is a quick list of features:

    • Ability to Read XPS export files
    • Ability to read SMDIF export files
    • Ability to read raw LDAP .ldif exports of policy store
    • Ability to connect directly to active policy store via LDAP and ODBC and read store
    • Similar in look to the older Siteminder Applet
    • View History and history navigation (prev and next toolbar, as well as history menu)
    • Find function
    • Ability to display objects in detached window (see screenshot below).
    • Tab that displays Object Properties
    • Tab that displays all References to an Object.
    • Screen that displays All Policy Store Objects; with filter, select and browse options - (see screenshot below)
    • Basic Policy Store Stats
    • Ability to find errors such as missing xpsParent, or xps Link when using direct read for ODBC or LDAP policy store 
    • Ability to compare two policy stores, and give visual display of differences.
    • Compare can be done via Xid or via Name.

    SMPolicyReader Demonstration Video
    The best way to see what it can do is to watch the video demonstration :
    (please excuse the presenter, he will re-record the sound sometime in the near futher, with less stuttering)


    Screenshots of SMPolicyReader in use:

    This is the main tree and selected object display. Note the "<" and ">" toolbar buttons for navigating your viewing history, the "find" tool bar buttons, and the three tabs for the object "Properties", which is what is displaying, "Stats" which displays some summary details for the object and "References" which displays all of the links to this object. Properties, Child tables and Reference tables are all navigatable by double clicking on the row/child object, and if it is a link it will navigate you to that object (you can then user the back button "<" to return).

    This is the browse All Objects screen. You can see all the Xid, Object Name and Class Name in the table, it can be filtered and sorted to pick up the items you want to view (for example you can enter Xid or part of Xid here, to find your object). You then have the choice of showing that object in the main policy browser tree, or showing it in a detached window.

    This is the Detached Object View, with references tab selected. You can have as many of these open as you like, double clicking on any of the references (or properties) will show the referece object/properties i the main policy tree window.

    The results of a compare operation. Added objects/properties are shown in dark blue, deleted are displayed in red strikethought, and changed objects are shown in bold black. Comparison can be done by Xid (default) or by Name, as set by the "Options" menu item.


    This is an internally generated tool, done by CA Support engineers and subject to the limitations of the disclaimer applied to this discussion group for uploads.


    The SMPolicyReader is developed on a part time basis, so it is likely never to be complete, certainly there are bugs, limitations, and also many features we would like to add. But the tool has proved useful internally with CA Support, as it currently is and hope you find it useful as well.


    We certainly welcome feedback; and these forums provide the best place to discuss and ask questions about the PolicyReader, but I am also avaialble via my CA email address, odoma04 at ca dot com


    Cheers - Mark


    Attached new SMPolicyReader dist :  ALPHA-427 - (6-May-2017)

         Added XCart screen to view (and then add) external obj references.

         Added Env mode for storing/viewing policy under Git revision control.


    Attached new SMPolicyReader dist :  ALPHA-390 - (4-Apr-2017)

         Fixed bug in setting links (it was seeing them as strings) in ldif import. 

         There is bunch of stuff for using policy store in revision control - but not in use yet.


    Attached new SMPolicyReader dist :  ALPHA-361 - (14-Dec-2016)

         Added ability to build and edit xcart selection for use in xpsexport. 


    Attached new SMPolicyReader dist :  ALPHA-355 - (12-Oct-2016)

          *note* this one fixes a bug in the compare with ldif read - but I am a bit worried the scope of the change was big, so 

          354 may be better one to use - if you find a problem.


    Attached new SMPolicyReader dist :  ALPHA-354 - (11-Oct-2016)

    (lots of other updates as well ) ...  version 354- 360  from Oct-2016 - July-2017. 



    Update Alpha-462 - (19-July-2017)

     Last few versions have had the code for git commit and review revisions of policy store, as per the links at the top of the screen.

    Last few versions have had the ability to do a load and export of xcart object lists.  It can follow references as well, to easily add them - still one flaw here, since would be nice to recognise system object,s and when it needs to import whole object not just subcomponent /oid that it references into.

    Fix display of attributes when loading policy store from: raw  .ldif; direct read from ODBC; direct read from  LDAP; and read from the .dumpLDAP and .dumpODBC files.  Various improvements to mapping of the raw parameters to xps export type names. 

    Add extra tabs for:  Config and Federation - so now from xpsexport it will show the parameter values and split all the Fed objects into its own tab.   

    Spent some time mapping fed objects to child objects for better display. 


    Update Alpha-466 (29-April-2019) 

    When reading from .ldif files (with tombstoned recorded) it report when it finds a tombstoned parent with active children (issue from support case that arose and was difficult to detect).