Gopi Desaboyina Solaris Blogs

Just another WordPress.com weblog

Automating SiteMinder Policy Management Using Perl API supplied by SiteMinder

Install Siteminder docs. then refer Perl API Policy doc for more stuff. Below is an just idea.what I did. It won’t compile if you just copy/paste :). This script brings following ideas.
Creating
1. Connection to siteminder Policy server.
2. Webagent
3. Webagent Group.
4. Custom Auth Scheme
5. Domains
6. Realm Under Domains
7. Rules under Realms
8. Policy for the above rule.
9. Adding response to above policy, add users to policy etc.
Just refer and get an idea and you can implement your scripts easily. Good Luck & post me comment if you need anything


#! /usr/bin/perl -w
use Netegrity::PolicyMgtAPI;
# Author - Gopi
# Refer Siteminder policy API for methods arguments.
# Creating Connection to Policy Server.
$policyapi = Netegrity::PolicyMgtAPI->New();
if(!defined $policyapi)
{
die "\nFATAL: Unable to create Policy Server Connection \n";
}
print "Creating Policy Server Connection Session ..... \n";
$mysession = $policyapi->CreateSession($smuser,$smpwd,$smhost);
if(!defined $mysession)
{
die "\nFATAL: Unable to create Session \n";
}


#print "Here is a list of configured domains:\n";
#@domains = $mysession->GetAllDomains();
#foreach $domain(@domains) {
# print $domain->Name() . "\n";
#}
#@agents = $mysession->GetAllAgents();
#foreach $myagent (@agents) {
#print "Agent Name = " . $myagent->Name() . "\n";
#}
print "Creating Webagent with Name as -> myWebAgent Name ....\n";
$myagent = $mysession->CreateAgent("myWebAgent Name",
$mysession->GetAgentType("Web Agent"),
"Descritption for myWebAgent");
if(!defined $myagent)
{
die "\nFATAL: Unable to create Agent -> myWebagent Name";
}
print "Creating Webagent group -> myWebAgent Group \n";
$myagentgroup=$mysession->CreateAgentGroup("my WebAgent Group",
$mysession->GetAgentType("Web Agent"),
"myWebAgent Group Description");


if(!defined $myagentgroup)
{
die "\nFATAL: Unable to create Agent group for myWebAgnet Group";
}


# Adding Webagent to WebAgent Group
print "Adding Webagent myWebAgent Name to myWebAgent Group ";
$myagentgroup->Add($myagent);
#
print "Creating new AuthScheme -> myCustomAuth" ;
$schemeparameter="Whatever is your Custom Scheme parameters Here";
#Creating Auth Scheme
# Below is not fully populated method. See CreateAuthScheme for full syntax and method parameteres.
$authscheme=$mysession->CreateAuthScheme("myCustomAuth",
$mysession->GetAuthScheme();
# Creating Domain
print "Creating Domain -> myDomain \n";
$mydomain=$mysession->CreateDomain("myDomain","myDomain Description");
print "Adding User Directory search order \n";
# Adding User Directory search order.
$mydomain->AddUserDir($mysession->GetUserDir("1st Directory Name"));
#Creating REALMs
# Netegrity::PolicyMgtDomain->CreateRealm( realmName, agent, authScheme [, realmDesc]
# [, resFilter] [, procAuthEvents] [, procAzEvents]
# [, protectAll] [, maxTimeout] [, idleTimeout]
# [, syncAudit] [, azUserDir] [, regScheme] )
#Creating root realm
print "Creating REALM -> Protect / All \n";
$rootrealm=$mydomain->CreateRealm("myProtect all",$myagentgroup,
$authscheme,"Protect all from / ",
"/",1,1,1,43200,3600,0,
$mysession->GetUserDir("Directory Name"));
# Creating for ex:- Get,Post Rule for above Realm.
print "Creating Get,Post Rule for REALM Protect / All \n";
$rootrule=$rootrealm->CreateRule("Get,Post /","Get Post Rule","GET,POST","*");
#
#Creating Policy for Root
#Netegrity::PolicyMgtDomain->CreatePolicy( policyName [, policyDesc] [, enableFlag] [, activeExpr] )
print "Creating Policy & setting Values for -> Policy to Protect / \n";
$myrootpolicy=$mydomain->CreatePolicy("Policy to Protect /","Policy to Protect all");
# Retrieve the User directory based on Name supplied and store in arry of PolicyMgtUserDir.
$myrootpolicymgtuserdir=$mysession->GetUserDir("my User Dir");
# Open the contents of user dir array which contains PolicyMgtUser.
@myrootpolicymgtusers=$myrootpolicymgtuserdir->GetContents();
foreach $myrootpolicyuser (@myrootpolicymgtusers)

# If it matches with our userDN specified in starting matches. set that as user path.
if ( $myrootpolicyuser->GetPath() eq $userDN )
{
# print "Inside".$myrootpolicyuser->GetPath() . "\n";
$myrootpolicy->AddUser($myrootpolicyuser);
}
}

# Adding a Rules
$myrootpolicy->AddRule($rootrule);
# setting Global Response for above rule.
$myglobalresponse=$mysession->GetGlobalResponse("if any global responses");
$myrootpolicy->SetResponse($rootrule,$myglobalresponse);
print "DONE...";

Advertisements

August 8, 2009 Posted by | siteminder | | 8 Comments