PERL API add "All users" to a policy method

Idea created by lopju07

on May 13, 2016

Comment • 5

Not planned

Score33

+24 more

Using WAMUI to configure a policy you have a button to add all users in a user store to the policy, so when a new user appears on the directoy is automatically added to the policy.

If you works with PERL CLI to automate some policy creations, in the Netegrity::PolicyMgtPolicy class is available a method call addUser to add a individual user to the policy, but there isn't a method to add "all users".

If you made a loop to add the directoy users using adduser method, the new users added to the directory will not be available at the policy.

In Java API already exist a method to do this with user class:

void
setFilterClass(java.lang.String filterClass)
Sets the filter class of the user policy.
void
setFilterPath(java.lang.String filterPath)
Sets the filter path of the user policy.

https://support.ca.com/cadocs/0/CA%20SiteMinder%2012%2052%20SP1-ENU/Bookshelf_Files/programming-reference/legacy-sm-java-sdk/com/netegrity/sdk/policyapi/SmUserPolicy.html#setFilterClass(java.lang.String)

So the idea is to add addalluserclass method to the perl CLI.

This idea is derived from Support Case 00375892

michael.protulipac May 18, 2016 5:50 PM

I have been battling this issue for a while... Is the following a possible workaround until formally implemented?

The gist of this is to obtain the Netegrity::PolicyMgtUser object from an existing All Users entry created by the WAMUI. Then use/source that object when performing the Netegrity::PolicyMgtPolicy->AddUser.

i.e. The following snippet had DomainTemplate (Domain) and PolicyTemplate (Domain Policy) objects pre-defined by the WAMUI and has 'ALL' users bound to the policy (only one user directory is bound to the policy):

my $domainTemplateObj = $session->GetDomain("DomainTemplate");

my $policyTemplateObj = $domainTemplateObj->GetPolicy("PolicyTemplate");

my $userDirTemplateObj = $domainTemplateObj->GetUserDirSearchOrder();

my $allUserObj = $policyTemplateObj->GetAllUsers($userDirTemplateObj);

# Note: $newPmPolicyObj is the target/new policy to assign all users.

$newPmPolicyObj->AddUser($allUserObj) and warn "Cannot add 'ALL' users to policy\n";

Would love to get confirmation if this is a valid workaround.

Actions

lopju07

@ michael.protulipac on May 27, 2016 7:59 AM

I like this approach!!! I will try it and will return with feddback, Thanks Michael

Actions

lopju07

@ michael.protulipac on May 30, 2016 2:31 PM

Hello Michael

I implemented this workaround and works fine!!! thanks for the idea!

regards

Thank you for your contribution of an enhancement idea to the CA Community. CA is continually working to improve its software and services to best meet the needs of its customers. Your input is vital to that effort. The CA Single Sign-On Product Management team has reviewed your suggested enhancement. Based on current roadmap priorities and/or the limited amount of community support for this idea over the last year (please see this document describing how we are reviewing ideas: https://communities.ca.com/docs/DOC-231170123), we are not accepting this idea into the product backlog. Therefore, it is being moved to a “Not Planned” status.

Actions

5 Comments

michael.protulipac May 18, 2016 5:50 PM
I have been battling this issue for a while... Is the following a possible workaround until formally implemented?

The gist of this is to obtain the Netegrity::PolicyMgtUser object from an existing All Users entry created by the WAMUI. Then use/source that object when performing the Netegrity::PolicyMgtPolicy->AddUser.

i.e. The following snippet had DomainTemplate (Domain) and PolicyTemplate (Domain Policy) objects pre-defined by the WAMUI and has 'ALL' users bound to the policy (only one user directory is bound to the policy):
    my $domainTemplateObj = $session->GetDomain("DomainTemplate");

    my $policyTemplateObj = $domainTemplateObj->GetPolicy("PolicyTemplate");

    my $userDirTemplateObj = $domainTemplateObj->GetUserDirSearchOrder();

    my $allUserObj = $policyTemplateObj->GetAllUsers($userDirTemplateObj);

    # Note: $newPmPolicyObj is the target/new policy to assign all users.

    $newPmPolicyObj->AddUser($allUserObj) and warn "Cannot add 'ALL' users to policy\n";

Would love to get confirmation if this is a valid workaround.
Like • Show 3 Likes3
Actions
- lopju07 @ michael.protulipac on May 27, 2016 7:59 AM
  I like this approach!!! I will try it and will return with feddback, Thanks Michael
  Like • Show 0 Likes0
  Actions
- lopju07 @ michael.protulipac on May 30, 2016 2:31 PM
  Hello Michael
  
  I implemented this workaround and works fine!!! thanks for the idea!
  
  regards
  Like • Show 0 Likes0
  Actions
RobLindberg Jun 20, 2016 5:58 PM
Thank you for your contribution of an enhancement idea to the CA Community. CA is continually working to improve its software and services to best meet the needs of its customers. Your input is vital to that effort. The CA Single Sign-On Product Management team is reviewing your enhancement suggestion. The Community will continue to be able to vote on this enhancement idea.
Like • Show 0 Likes0
Actions
Madhusudhan Yoganath Jan 23, 2019 9:20 AM
Thank you for your contribution of an enhancement idea to the CA Community. CA is continually working to improve its software and services to best meet the needs of its customers. Your input is vital to that effort. The CA Single Sign-On Product Management team has reviewed your suggested enhancement. Based on current roadmap priorities and/or the limited amount of community support for this idea over the last year (please see this document describing how we are reviewing ideas: https://communities.ca.com/docs/DOC-231170123), we are not accepting this idea into the product backlog. Therefore, it is being moved to a “Not Planned” status.
Like • Show 0 Likes0
Actions

PERL API add "All users" to a policy method

Related Content

Recommended Content

Incoming Links