Symantec Access Management

 View Only
Expand all | Collapse all

Creating policy objects using Swagger Rest API

  • 1.  Creating policy objects using Swagger Rest API

    Posted Aug 26, 2017 08:15 PM

    Hi All,

     

    I am trying to explore the options for creating agent and other objects using Swagger Rest API for R12.7, I am getting error I think I am doing something incorrect:

     

    I tried to create an Agent, using 

     

    POST /ca/api/sso/services/policy/v1/SmAgents

     

     

    {
    "Name": "test-agent",
    "Desc": "testagent",
    "AgentTypeLink": {
    "id": "string",
    "path": "/SmAgent4xs/test-agent",
    "href": "string",
    "desc": "string"
    },
    "RealmHintAttrId": 0,
    "type": "string",
    "id": "string"
    }

     

    I got error:

    "message": "Invalid class name: string", "code": 812

     

    Please suggest correct Syntax for creating agents, I would like to create some more objects using API.

     

    Thank you



  • 2.  Re: Creating policy objects using Swagger Rest API
    Best Answer

    Posted Aug 27, 2017 09:00 PM

    Hi Richard,

     

    Please find correct syntax for creating agents using REST API below :

     

    Create non 4x agent of type "Web Agent":

    Option 1 : Specify full details of Agent Type

    Request  :

     

    {
    "Name": "test-agent",
    "Desc": "test-agent",
    "AgentTypeLink": {
    "id": "CA.SM::AgentType@10-8d78bb96-ae15-11d1-9cdd-006008aac24b",
    "path": "/SmAgentTypes/Web+Agent",
    "href": "https://shruj01-i1850:8443/ca/api/sso/services/policy/v1/objects/CA.SM::AgentType@10-8d78bb96-ae15-11d1-9cdd-006008aac24b",
    "desc": "SiteMinder Web Agent"
    }
    }

     

    Response :

    {
      "responseType": "object",
      "data": {
        "id": "CA.SM::Agent@01-00019b7e-686f-19a3-a562-ea9f0a837c7f",
        "type": "SmAgent",
        "Name": "test-agent",
        "Desc": "test-agent",
        "RealmHintAttrId": 0,
        "AgentTypeLink": {
          "id": "CA.SM::AgentType@10-8d78bb96-ae15-11d1-9cdd-006008aac24b",
          "path": "/SmAgentTypes/Web+Agent",
          "href": "https://shruj01-i1850:8443/ca/api/sso/services/policy/v1/objects/CA.SM::AgentType@10-8d78bb96-ae15-11d1-9cdd-006008aac24b",
          "desc": "SiteMinder Web Agent"
        }
      },
      "links": {
        "self": {
          "href": "https://shruj01-i1850:8443/ca/api/sso/services/policy/v1/objects/CA.SM::Agent@01-00019b7e-686f-19a3-a562-ea9f0a837c7f"
        },
        "usedby": {
          "href": "https://shruj01-i1850:8443/ca/api/sso/services/policy/v1/objects/CA.SM::Agent@01-00019b7e-686f-19a3-a562-ea9f0a837c7f/usedby"
        },
        "classinfo": {
          "href": "https://shruj01-i1850:8443/ca/api/sso/services/policy/v1/objects/CA.SM::Agent@01-00019b7e-686f-19a3-a562-ea9f0a837c7f/classinfo"
        },
        "editinfo": {
          "href": "https://shruj01-i1850:8443/ca/api/sso/services/policy/v1/objects/CA.SM::Agent@01-00019b7e-686f-19a3-a562-ea9f0a837c7f?op=editinfo"
        }
      }
    }

     

    Create non 4x agent of type "Web Agent":

    Option 2 : Specify minimal details of Agent Type

     

    Request  :

    {
    "Name": "test-agent-2",
    "Desc": "test-agent-2",
    "AgentTypeLink": {
    "path": "/SmAgentTypes/Web+Agent"
    }
    }

     

    Response:

    {
      "responseType": "object",
      "data": {
        "id": "CA.SM::Agent@01-00021b81-6909-19a3-a562-ea9f0a837c7f",
        "type": "SmAgent",
        "Name": "test-agent-2",
        "Desc": "test-agent-2",
        "RealmHintAttrId": 0,
        "AgentTypeLink": {
          "id": "CA.SM::AgentType@10-8d78bb96-ae15-11d1-9cdd-006008aac24b",
          "path": "/SmAgentTypes/Web+Agent",
          "href": "https://shruj01-i1850:8443/ca/api/sso/services/policy/v1/objects/CA.SM::AgentType@10-8d78bb96-ae15-11d1-9cdd-006008aac24b",
          "desc": "SiteMinder Web Agent"
        }
      },
      "links": {
        "self": {
          "href": "https://shruj01-i1850:8443/ca/api/sso/services/policy/v1/objects/CA.SM::Agent@01-00021b81-6909-19a3-a562-ea9f0a837c7f"
        },
        "usedby": {
          "href": "https://shruj01-i1850:8443/ca/api/sso/services/policy/v1/objects/CA.SM::Agent@01-00021b81-6909-19a3-a562-ea9f0a837c7f/usedby"
        },
        "classinfo": {
          "href": "https://shruj01-i1850:8443/ca/api/sso/services/policy/v1/objects/CA.SM::Agent@01-00021b81-6909-19a3-a562-ea9f0a837c7f/classinfo"
        },
        "editinfo": {
          "href": "https://shruj01-i1850:8443/ca/api/sso/services/policy/v1/objects/CA.SM::Agent@01-00021b81-6909-19a3-a562-ea9f0a837c7f?op=editinfo"
        }
      }
    }

     

    Create 4x agent of type "Web Agent":

    Option : Specify minimal details of Agent Type

     

    Request :

    {
    "IpAddr": "127.0.0.1",
    "Secret": "siteminder",
    "Name": "test-4x-agent",
    "Desc": "test-4x-agent",
    "AgentTypeLink": {
    "path": "/SmAgentTypes/Web+Agent"
    }
    }

     

    Response:

    {
      "responseType": "object",
      "data": {
        "id": "CA.SM::Agent@01-00018225-69b9-19a3-a562-ea9f0a837c7f",
        "type": "SmAgent4x",
        "Name": "test-4x-agent",
        "Desc": "test-4x-agent",
        "IpAddr": "127.0.0.1",
        "RealmHintAttrId": 0,
        "Secret": "{RC2}xLnbWGQ49M8XOziJ1wsXqMMh8G9hNBjk",
        "AgentTypeLink": {
          "id": "CA.SM::AgentType@10-8d78bb96-ae15-11d1-9cdd-006008aac24b",
          "path": "/SmAgentTypes/Web+Agent",
          "href": "https://shruj01-i1850:8443/ca/api/sso/services/policy/v1/objects/CA.SM::AgentType@10-8d78bb96-ae15-11d1-9cdd-006008aac24b",
          "desc": "SiteMinder Web Agent"
        }
      },
      "links": {
        "self": {
          "href": "https://shruj01-i1850:8443/ca/api/sso/services/policy/v1/objects/CA.SM::Agent@01-00018225-69b9-19a3-a562-ea9f0a837c7f"
        },
        "usedby": {
          "href": "https://shruj01-i1850:8443/ca/api/sso/services/policy/v1/objects/CA.SM::Agent@01-00018225-69b9-19a3-a562-ea9f0a837c7f/usedby"
        },
        "classinfo": {
          "href": "https://shruj01-i1850:8443/ca/api/sso/services/policy/v1/objects/CA.SM::Agent@01-00018225-69b9-19a3-a562-ea9f0a837c7f/classinfo"
        },
        "editinfo": {
          "href": "https://shruj01-i1850:8443/ca/api/sso/services/policy/v1/objects/CA.SM::Agent@01-00018225-69b9-19a3-a562-ea9f0a837c7f?op=editinfo"
        }
      }
    }

     

    Let me know if you have any questions.


    Regards,

    Ujwol 



  • 3.  Re: Creating policy objects using Swagger Rest API

    Posted Aug 28, 2017 10:41 AM

    Thanks Ujwol

     

    That works, how do you identify the Links/Paths/Href, because i am trying to create other objects like agent group/Domain/Auth scheme/policies all fails. I was able to create ACO successfully. 



  • 4.  Re: Creating policy objects using Swagger Rest API

    Posted Aug 28, 2017 12:39 PM

    To identify path, you can perform GET request first for that object.


    They all however follow the pattern. So once you know the pattern you can always guess them.





  • 5.  RE: Re: Creating policy objects using Swagger Rest API

    Posted Aug 15, 2022 08:28 AM
    Hello,

    I see only for agent creation it is mentioned in 12.8 documentation but for creation of other policy objects like agent group, adding agent to agent group, auth scheme, rules and responses.
    It's really becoming very hard to find json syntax and testing based on GET request for all policy objects.

    Please provide the syntax for all policy objects and is there any clear cut documentation.

    Thanks,
    Naga


  • 6.  RE: Re: Creating policy objects using Swagger Rest API

    Broadcom Employee
    Posted Aug 18, 2022 04:35 PM
    Hi Naga,

    In addition to the documentation, we provide a SiteMinder REST API doc interface that is linked within the SiteMinder Admin UI. The URL will be https://<sm-adminui-server>:8443/ca/api/sso/services/v1/api-doc/ ... In this API doc you'll find examples of the methods and syntax required.

    Also, one of our Solution Engineers has provided a REST API shell script framework that you may find useful. https://community.broadcom.com/enterprisesoftware/viewdocument/siteminder-restapi-shell-script-fra?CommunityKey=f9d65308-ca9b-48b7-915c-7e9cb8fc3295&tab=librarydocuments


  • 7.  RE: Re: Creating policy objects using Swagger Rest API

    Posted Aug 19, 2022 06:49 AM
    Hi Barrow,

    Thanks for the response. I am going through the rest API documentation and the syntaxes provided in Adminui. But trying to create Agent group based on the jason syntax provided below: 

    {
      "Name": "string",
      "Desc": "string",
      "AgentTypeLink": {
        "id": "string",
        "path": "string",
        "href": "string",
        "desc": "string"
      },
      "AgentsLink": [
        {
          "id": "string",
          "path": "string",
          "href": "string",
          "desc": "string"
        }
      ],
      "AgentGroupsLink": [
        {
          "id": "string",
          "path": "string",
          "href": "string",
          "desc": "string"
        }
      ]
    }
    I am trying to create but it is giving error as I know it is not the correct syntax I am using. So that's where I am struck how to use those values which is mentioned above, because I need to create rules, responses, Authschemes.

    Could you please elaborate it?

    Thanks,
    Naga


  • 8.  RE: Re: Creating policy objects using Swagger Rest API

    Broadcom Employee
    Posted Aug 22, 2022 04:07 PM
    Hi Naga,

    Here's an example JSON body to use when creating a SiteMinder Agent Group. 

    The parameters you should modify are: Name, Desc, and AgentsLink path (for each agent being added). 
    {
            "type": "SmAgentGroup",
            "Name": "Access Gateway Group",
            "Desc": "Group of external Access Gateways",
            "AgentTypeLink": {
                "path": "/SmAgentTypes/Web+Agent",
                "desc": "SiteMinder Web Agent"
            },
            "AgentsLink": [
                {
                    "path": "/SmAgents/accessgateway"
                },
                {
                    "path": "/SmAgents/accessgateway2"
                }
            ]
        
    }​



  • 9.  RE: Re: Creating policy objects using Swagger Rest API

    Posted Aug 23, 2022 05:28 AM
    Hi Barrow,

    That works. Thank you.

    Could you able to provide me the json syntax for creating Realm, rules, responses and Authschemes? I am testing using the syntax in REST API doc but unable to make it work not sure how to use it and unable to get the exact syntax for it.

    And also I am trying to add webagent to ACO using JSON syntax, may i know how it can be done?

    If possible could you please try to explain how to use JSON syntax for remaining policy objects that will be more helpful.

    Thanks,
    Naga


  • 10.  RE: Re: Creating policy objects using Swagger Rest API

    Broadcom Employee
    Posted Aug 23, 2022 05:45 PM
    Hi Naga,

    The best approach is to perform a GET request on an existing object, copy the response payload, provide a new name for the object, and remove the unnecessary detail.  I used Postman to perform the interaction which provided a quick way to test the validity of the POST request.  For the Agent Group creation, I removed the "responseType", an "id", "href" from each section, and everything within "links".  I think you'll find most objects require only a small amount of elements to be created.

    Yes, you can POST to SmAgentConfigs to create a new ACO object which defines the DefaultAgentName parameter.

    Thanks,
    Warren


  • 11.  RE: Re: Creating policy objects using Swagger Rest API

    Posted Aug 24, 2022 01:13 AM
    Hi Barrow,

    Thanks for the Response :)

    But my requirement is I want to add AgentName parameter to the exisiting or newly created ACO, how it can be done? not only AgentName parameter if I want to add any parameter to the existing ACO or adding a parameter for newly created one, what is the syntax for it?

    Example I am using it, but getting error seems incorrect syntax.

    {
    "Name": "NagatestACO",
    "Desc": "REST API testing",
    "Attributes": [{
    "Name": "AgentName",
    "Value": "nagatest,xyz.com"
    }]
    }

    I am using POSTMAN and using POST method for above. But to add a new parameter for existing ACO, then I need to perform a GET to get the info of the ACO like id,path, href to which we need to add a AgentName or modify any parameter and perform a PUT method to include the parameter we need to add is that correct?

    Thanks,
    Naga



  • 12.  RE: Re: Creating policy objects using Swagger Rest API

    Posted Aug 24, 2022 11:15 AM
    Hi Barrow,

    I am able to create ACO using below syntax ( Hope this will help others so adding syntax below):

    {
    "Name": "NagatestACO2",
    "Desc": "REST API testing",
    }

    Able to create new AgentGroup and  add existing agent using below syntax:

    {
    "type": "SmAgentGroup",
    "Name": "NagaTestNew2",
    "Desc": "REST API testing",
    "AgentTypeLink": {
    "path": "/SmAgentTypes/Web+Agent",
    "desc": "SiteMinder Web Agent"
    },
    "AgentsLink": [{
    "path": "/SmAgents/nagatest3"
    }]
    }

    My Question is to make it clear:

    1. I want to add AgentName or any other parameter to the existing ACO( I will get the details of existing ACO using GET request) how can I mention in the json syntax? and the request method to use, is it PUT? if yes then what is the URL I need to use?

    2. I want to add Agent to existing AgentGroup, I tried using PUT method but didn't worked getting 403 forbidden

    URL: https://xyz.com/ca/api/sso/services/policy/v1/SmAgentGroups/NagaTestNew2
    method: PUT

    json syntax:

    {
    "id": "CA.SM::AgentGroup@02-00007180-0523-1306-8c91-93ad0f830000",
    "path": "/SmAgentGroups/NagaTestNew2",
    "href": "https://abc.com:8443/ca/api/sso/services/policy/v1/objects/CA.SM::AgentGroup@02-00007180-0523-1306-8c91-93ad0f830000",
    "desc": "REST API testing",
    "AgentTypeLink": {
    "path": "/SmAgentTypes/Web+Agent",
    "desc": "SiteMinder Web Agent"
    },
    "AgentsLink": [{

    "id": "CA.SM::Agent@01-00059459-b11a-1304-8c91-93ad0f830000",
    "path": "/SmAgents/nagatest3",
    "href": "https://abc.com:8443/ca/api/sso/services/policy/v1/objects/CA.SM::Agent@01-00059459-b11a-1304-8c91-93ad0f830000"

    }]
    }

    Error:

    <p>Access to the resource or application <b>/ca/api/sso/services/policy/v1/SmAgentGroups/NagaTestNew2</b> is
                forbidden. You may be using an incorrect URL.</p>
            <p>If you are using the URL supplied to you, please contact the Helpdesk and report the issue.</p>

    Currently I am facing these 2 issues, I am really struggling to get the proper json syntax which is not mentioned in the documentation. I am tired of searching but didn't get any info related to this.

    Wondering whether anyone tried or implemented using REST API for all policy objects via POSTMAN because didn't get any information related to it.

    Hope you can help on this.

    Thanks,
    Naga



  • 13.  RE: Re: Creating policy objects using Swagger Rest API

    Broadcom Employee
    Posted Aug 24, 2022 02:37 PM
    Edited by Warren Barrow Aug 24, 2022 02:38 PM
    Hi Naga,

    The first example you gave to create an ACO will not work due to the extra comma after the "Desc" value. Below example worked for me to create a basic ACO with no parameters:
    POST https://{{host}}:8443/ca/api/sso/services/policy/v1/SmAgentConfigs/
    {
    "Name": "NagatestACO2",
    "Desc": "REST API testing"
    }​
    Next, to update the ACO with parameters, you'll need to perform a PUT to the correct URL which includes the ACO name:
    PUT https://{{host}}:8443/ca/api/sso/services/policy/v1/SmAgentConfigs/NagatestACO2
    {
            "type": "SmAgentConfig",
            "Name": "NagatestACO2",
            "Attributes": [
                "DefaultAgentName=2=Nagatest"
            ]
        
    }​
    There are many more attributes that should be included in the ACO. I limited it only one for brevity. You'll notice the ACO parameters have either Parameter=0=value or Parameter=2=value. To my understanding, the =0= means it's a default unchanged value. =2= is a changed value. 

    To update the Agent Group, your URL and PUT method looks good, but you should remove all "id" and "href" from the JSON.
    Example Agent Group creation without agents defined:
    POST https://{{host}}:8443/ca/api/sso/services/policy/v1/SmAgentGroups
    {
            "type": "SmAgentGroup",
            "Name": "NagaTestNew2",
            "Desc": "Group of external Access Gateways",
            "AgentTypeLink": {
                "path": "/SmAgentTypes/Web+Agent",
                "desc": "SiteMinder Web Agent"
            },
            "AgentsLink": [
               
            ]
        
    }​
    Then update the Agent Group with agents:
    PUT https://{{host}}:8443/ca/api/sso/services/policy/v1/SmAgentGroups/NagaTestNew2
    {
            "type": "SmAgentGroup",
            "Name": "NagaTestNew2",
            "Desc": "Group of external Access Gateways",
            "AgentTypeLink": {
                "path": "/SmAgentTypes/Web+Agent",
                "desc": "SiteMinder Web Agent"
            },
            "AgentsLink": [
                {
                    "path": "/SmAgents/accessgateway"
                },
                {
                    "path": "/SmAgents/accessgateway2"
                }
            ]
        
    }​


    Thanks,
    Warren




  • 14.  RE: Re: Creating policy objects using Swagger Rest API

    Posted Sep 28, 2022 01:27 PM
    Edited by NAGARAJU REDDEPALLI Sep 28, 2022 01:59 PM
    Hi Warren,

    Thanks a lot. I am able to create most of the policy objects using above info.

    But I am facing issue with creating "response" policy object. When I am trying to create responses using below syntax getting error"

    {
    "type": "SmResponse",
    "Name": "nagarestapi",
    "AccessAccept": true,
    "AccessChallenge": true,
    "HidingMask": [],
    "AccessReject": true,
    "AgentTypeLink": {
    "path": "/SmAgentTypes/Web+Agent"
    },
    "SmResponseAttrs": [{

    "type": "SmResponseAttr",

    "Value": "<%userattr=\"email\"%>",
    "HidingMask": [],
    "TTL": 0,
    "Flags": 0,

    "AgentTypeAttrLink": {

    "path": "/SmDomains/testdomain/SmResponses/"
    }
    }]
    }

    Without "path" variable in "AgentTypeAttrLink" getting Error as "AgentTypeAttrLink was not set".
    With "path" variable getting error as "search path was not correct"

    Could you please help me to provide the syntax for creating response with including multiple webagent attributes and also I want to create below attribute types:

    Attribute Type




    Thanks for your help.
    Naga



  • 15.  RE: Re: Creating policy objects using Swagger Rest API

    Posted Oct 10, 2022 02:27 AM
    @Warren Barrow, Could you please check my above ask and provide the syntax for it? I am waiting for your response.

    As mentioned above able to create only response but not with response attributes.

    Thanks,
    Naga​​


  • 16.  RE: Re: Creating policy objects using Swagger Rest API

    Posted Oct 26, 2022 09:36 PM
    Hello,

    can someone look into it and provide the syntax for response attributes please? 

    @Warren Barrow, waiting for your response on this?

    Thanks,
    Naga​