Gopi Desaboyina Solaris Blogs

Just another WordPress.com weblog

Automating SiteMinder Policy Management Using Perl API supplied by SiteMinder

Install Siteminder docs. then refer Perl API Policy doc for more stuff. Below is an just idea.what I did. It won’t compile if you just copy/paste :). This script brings following ideas.
Creating
1. Connection to siteminder Policy server.
2. Webagent
3. Webagent Group.
4. Custom Auth Scheme
5. Domains
6. Realm Under Domains
7. Rules under Realms
8. Policy for the above rule.
9. Adding response to above policy, add users to policy etc.
Just refer and get an idea and you can implement your scripts easily. Good Luck & post me comment if you need anything


#! /usr/bin/perl -w
use Netegrity::PolicyMgtAPI;
# Author - Gopi
# Refer Siteminder policy API for methods arguments.
# Creating Connection to Policy Server.
$policyapi = Netegrity::PolicyMgtAPI->New();
if(!defined $policyapi)
{
die "\nFATAL: Unable to create Policy Server Connection \n";
}
print "Creating Policy Server Connection Session ..... \n";
$mysession = $policyapi->CreateSession($smuser,$smpwd,$smhost);
if(!defined $mysession)
{
die "\nFATAL: Unable to create Session \n";
}


#print "Here is a list of configured domains:\n";
#@domains = $mysession->GetAllDomains();
#foreach $domain(@domains) {
# print $domain->Name() . "\n";
#}
#@agents = $mysession->GetAllAgents();
#foreach $myagent (@agents) {
#print "Agent Name = " . $myagent->Name() . "\n";
#}
print "Creating Webagent with Name as -> myWebAgent Name ....\n";
$myagent = $mysession->CreateAgent("myWebAgent Name",
$mysession->GetAgentType("Web Agent"),
"Descritption for myWebAgent");
if(!defined $myagent)
{
die "\nFATAL: Unable to create Agent -> myWebagent Name";
}
print "Creating Webagent group -> myWebAgent Group \n";
$myagentgroup=$mysession->CreateAgentGroup("my WebAgent Group",
$mysession->GetAgentType("Web Agent"),
"myWebAgent Group Description");


if(!defined $myagentgroup)
{
die "\nFATAL: Unable to create Agent group for myWebAgnet Group";
}


# Adding Webagent to WebAgent Group
print "Adding Webagent myWebAgent Name to myWebAgent Group ";
$myagentgroup->Add($myagent);
#
print "Creating new AuthScheme -> myCustomAuth" ;
$schemeparameter="Whatever is your Custom Scheme parameters Here";
#Creating Auth Scheme
# Below is not fully populated method. See CreateAuthScheme for full syntax and method parameteres.
$authscheme=$mysession->CreateAuthScheme("myCustomAuth",
$mysession->GetAuthScheme();
# Creating Domain
print "Creating Domain -> myDomain \n";
$mydomain=$mysession->CreateDomain("myDomain","myDomain Description");
print "Adding User Directory search order \n";
# Adding User Directory search order.
$mydomain->AddUserDir($mysession->GetUserDir("1st Directory Name"));
#Creating REALMs
# Netegrity::PolicyMgtDomain->CreateRealm( realmName, agent, authScheme [, realmDesc]
# [, resFilter] [, procAuthEvents] [, procAzEvents]
# [, protectAll] [, maxTimeout] [, idleTimeout]
# [, syncAudit] [, azUserDir] [, regScheme] )
#Creating root realm
print "Creating REALM -> Protect / All \n";
$rootrealm=$mydomain->CreateRealm("myProtect all",$myagentgroup,
$authscheme,"Protect all from / ",
"/",1,1,1,43200,3600,0,
$mysession->GetUserDir("Directory Name"));
# Creating for ex:- Get,Post Rule for above Realm.
print "Creating Get,Post Rule for REALM Protect / All \n";
$rootrule=$rootrealm->CreateRule("Get,Post /","Get Post Rule","GET,POST","*");
#
#Creating Policy for Root
#Netegrity::PolicyMgtDomain->CreatePolicy( policyName [, policyDesc] [, enableFlag] [, activeExpr] )
print "Creating Policy & setting Values for -> Policy to Protect / \n";
$myrootpolicy=$mydomain->CreatePolicy("Policy to Protect /","Policy to Protect all");
# Retrieve the User directory based on Name supplied and store in arry of PolicyMgtUserDir.
$myrootpolicymgtuserdir=$mysession->GetUserDir("my User Dir");
# Open the contents of user dir array which contains PolicyMgtUser.
@myrootpolicymgtusers=$myrootpolicymgtuserdir->GetContents();
foreach $myrootpolicyuser (@myrootpolicymgtusers)

# If it matches with our userDN specified in starting matches. set that as user path.
if ( $myrootpolicyuser->GetPath() eq $userDN )
{
# print "Inside".$myrootpolicyuser->GetPath() . "\n";
$myrootpolicy->AddUser($myrootpolicyuser);
}
}
# Adding a Rules
$myrootpolicy->AddRule($rootrule);
# setting Global Response for above rule.
$myglobalresponse=$mysession->GetGlobalResponse("if any global responses");
$myrootpolicy->SetResponse($rootrule,$myglobalresponse);
print "DONE...";

August 8, 2009 - Posted by | siteminder |

8 Comments »

  1. Hi Gopi,

    the above article is interesting and helpful. Though I have been working on Siteminder since 5 years now, never get a chance to write scripts in PERL. I need your suggestion to how to proceed in writing Perl Scripts to migrate policies from one environment to other. I am working on a large setup and usually changes are very less but frequent. In such case there are changes only to one of the rules or just a realm. SMOBJ export import seeems risky as any typo can interfere with other applications too. Please let me know if you have any sample script other then given by CA, it will be of gr8 help to me.

    Regards
    Akshay

    Comment by Akshay | October 13, 2009 | Reply

  2. Gopi,
    very good work!!! I was trying to leverage your scripts to list all trusted host in my env., but for some reason I wasn’t able to do that. Do you have any suggestions that would point me in the right direction.

    Comment by Michael | December 14, 2010 | Reply

  3. Gopi,
    I figured out how to do it so I’ll share it with anyone who might be interested.
    @trustedhost =$mysession->GetAllTrustedHosts();
    foreach $trustedhost(@trustedhost) {
    print $trustedhost->GetName() . “\n”;

    I was doing $trustedhost->Name() when Name() is not a method of GetTrustedHost().

    Your script has definitely pointed me in the right direction. Once again thnk you very much!!

    Comment by Michael | December 14, 2010 | Reply

    • Glad that you figured it out..it’s same way as getting all domains..I used to refer API for which all methods they supports

      Comment by gdesaboyina | December 14, 2010 | Reply

    • I was planning to automate the export import policy for siteminder and come accross this article. Can you forward necessary sample code so I can look and implement it

      Comment by Jen Jet | May 21, 2013 | Reply

      • Did you try smobjexport ? there are few links on google. you might want to try that.

        Comment by Gopi | May 24, 2013

  4. Hi Gopi,
    This has been very helpful for me. I am trying to create a script that returns ACO parameter values for a specifed parameter name (Ex: IgnoreExt) from all the existing ACO’s. Any help here would be greatly appreciated.

    Thanks.

    Comment by Abhi | March 28, 2014 | Reply

    • If you follow SM Perl API. It’s very easy to create a script. Below code will help you to print all ACO params.


      @allagentconfigs = $mysession->GetAllAgentConfigs();

      foreach $agentconfig(@allagentconfigs) {
      print "Agent Config Name: ". $agentconfig->Name()."\n";
      @agentconfigassociations=$agentconfig->GetAssociations() ;
      foreach $association(@agentconfigassociations) {
      print "\t".$association->Name()."=".$association->Value()."\n";
      }
      }

      Comment by Gopi | April 2, 2014 | Reply


Leave a reply to gdesaboyina Cancel reply

« Previous | Next »