Skip navigation
All People > kumsa29 > Sarvesh Kumar's Blog > 2018 > May
2018

Simple Soap Request to modify User Last Name

 

End Point URL :  https://<servername:port>/iam/im/TEWS6/<protected alias>?wsdl

 

Soap Request

---------------------------------------------------------------------------------------

 

<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:wsdl="http://tews6/wsdl">
<soapenv:Header/>
<soapenv:Body>

         <wsdl:TaskContext>
                  <wsdl:admin_id>testadmin</wsdl:admin_id>
                  <wsdl:admin_password>******</wsdl:admin_password>
         </wsdl:TaskContext>
         <wsdl:SKModifyUser>
                  <wsdl:SKModifyUserSearch>
                           <wsdl:CreateNew>true</wsdl:CreateNew>
                                    <wsdl:Filter index="1">
                                             <wsdl:Field>%USER_ID%</wsdl:Field>
                                             <wsdl:Op>EQUALS</wsdl:Op>
                                             <wsdl:Value>*abcuser*</wsdl:Value>
                                    </wsdl:Filter>
                           </wsdl:SKModifyUserSearch>

            <wsdl:SKModifyUserProfileTab>
                      <wsdl:_PCT_LAST_NAME_PCT_>NewLastName</wsdl:_PCT_LAST_NAME_PCT_>
           </wsdl:SKModifyUserProfileTab>
</wsdl:SKModifyUser>

</soapenv:Body>
</soapenv:Envelope>

 

 

Plugin Code

-------------------------------------------------------------

function LDAPSearch(query, attributes, baseDN) {
// Params:
// query LDAP filter - ex: '(cn=IAM_*)'
// attributes Comma-separeted list of attributes to retrieve - ex: 'cn,description,owner'
// baseDN base DN used for the search - ex: 'o=acme, c=br'

// Allows the usage of 'importPackage' with JRE8
try{
load("nashorn:mozilla_compat.js");
}
catch(e){}

// Import LDAP Packages
importPackage(Packages.java.util.Hashtable);
importPackage(Packages.java.util.HashMap);
importPackage(Packages.javax.naming.Context);
importPackage(Packages.javax.naming.NamingEnumeration);
importPackage(Packages.javax.naming.NamingException);
importPackage(Packages.javax.naming.directory.DirContext);
importPackage(Packages.javax.naming.directory.InitialDirContext);
importPackage(Packages.javax.naming.directory.SearchControls);

 

// Connexion and Search Control Variables
var host = "<enter IDM User Store server name>";  // i.e. "127.0.0.1"
var port = "< enter IDM User Store server port>"       //  i.e. "19289"
var bindDN =  "< enter IDM User Store user bind DN>"     //  i.e. "cn=dsaadmin,ou=im,ou=ca,o=com";
var pwd = "< enter IDM User Store user password>";
var cLimit = 100;
var tLimit = 60 * 1000;

// Formats the attribute list into a String Array
var attr = attributes.split(",");

// Connection info
var env = new java.util.Hashtable(11);
env.put(javax.naming.Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
env.put(javax.naming.Context.PROVIDER_URL, "ldap://" + host + ":" + port);
env.put(javax.naming.Context.SECURITY_PRINCIPAL, bindDN);
env.put(javax.naming.Context.SECURITY_CREDENTIALS, pwd);

// Start the context and launches the query
try {
var ctx = new javax.naming.directory.InitialDirContext(env);
var ctls = new javax.naming.directory.SearchControls();
ctls.setSearchScope(javax.naming.directory.SearchControls.SUBTREE_SCOPE);
ctls.setReturningAttributes(attr);
ctls.setCountLimit(cLimit);
ctls.setTimeLimit(tLimit);

var result = ctx.search(baseDN, query, ctls);

ctx.close();

var retvalMap = new java.util.HashMap();

// Iterates through results
while(result.hasMoreElements()){
var sr = result.next();

// gets the DN
var id = sr.getNameInNamespace();
var atbs = sr.getAttributes().getAll();

// HashMap used to store the result attributes as an independent object
var retAtbs = new java.util.HashMap();

// Iterates through all attributes
while (atbs.hasMoreElements()){
var atb = atbs.next();

// For multi-valued attribute content
if(atb.size() > 1) {
var multi = atb.getAll();

// HashMap used to store the result attribute's values as an independent object
var retMulti = new java.util.HashMap();
// Counter used as Key in the key/value pair of the HashMaps
var i = 0;

// Iterates through all values
while(multi.hasMoreElements()){
retMulti.put(i, multi.next());
i++;
}

retAtbs.put(atb.getID(), retMulti);
}
// For single-valued attribute, just get the content
else {
retAtbs.put(atb.getID(), atb.get());
}
}
// Sets the return as a key/Object containing the attributes
retvalMap.put(id, retAtbs);
}


return retvalMap;

}
catch (e) {
return 'Error: ' + e.toString();
}

}

 

--------------------------------------------------------------------------------------------------

Handler Code

--------------------------------------------------------------------------------------------------------

 

var usersLdapFilter = "(imManagerId=*" + searchMgrId + "*)";
var usersAttributes = "uid,cn,sn,mail,telephoneNumber,title,imManagerId";
var usersBaseDN = "ou=people,ou=im,ou=ca,o=com";

 

return api.server(['LDAPSearch', usersLdapFilter, usersAttributes, usersBaseDN]).then(

 

function(success) {

 

// First of all, get your return object
console.log(success);
var result = success.returnValue;
//console.log(result);

// Iterate through every entry in the result
for (var dn in result){


// To use the entry's DN, just refer to the "dn" variable
var entry_dn = dn;
// Creates the object containing all attributes for that particular DN
var attributes = result[dn];
// To get one particular attribute value use the format attributes['attribute name']
//console.log(attributes['uid'] + " ; " + attributes['title'] + "; " + attributes['imManagerId']);
var csvRecord = attributes['uid'] + "," + attributes['cn'] + "," + attributes['sn'] + ","
+ attributes['mail'] + "," + attributes['telephoneNumber'] + ","
+ attributes['title'] + "," + attributes['imManagerId'];
api.getProp('refcsv').values.push(csvRecord);
}


console.log("CSV Data..............");
console.log(api.getProp('refcsv'));
return true;


},

 

function(error) {
// Do some eventual error handling like a message display
api.prompt("MSGXX- Error" );
return false;
}

);

We can use angular jquery to disable/enable/hide/display any button or form element in the Identity portal.

This solution can help you in hiding the unwanted button on the form.

 

Example: Disabling and enabling the form default submit button.

 

var button = angular.element('.sigma-button.success');

if (button && prop.value == 'disable') {

    button.css({background:"grey", opacity:"0.5", "pointer-events":"none"});

}

else if (button && prop.value == 'enable') {

    button.css({ background: '#61cf64', color: 'white', opacity:"1", "pointer-events":"auto"});

}

 JS plugin code( Tested on vApp 14.0.1) to send Validation code email which can be used as a utility on the need basis.

Use case: Verify user-provided email address during the registration time.

 

//***********************************************************************

//  RhinoJS Plugin: Code

//************************************************************************

 

function SendValidationCodeEmail(toemailaddr) {


// Allows the usage of 'importPackage' with JRE8
try{
load("nashorn:mozilla_compat.js");
}
catch(e){}

// Import mail Packages
importPackage(java.util.Properties);
importPackage(java.util.Random);
importPackage(javax.mail.Message);
importPackage(javax.mail.MessagingException);
importPackage(javax.mail.Session);
importPackage(javax.mail.Transport);
importPackage(javax.mail.internet.InternetAddress);
importPackage(javax.mail.internet.MimeMessage);

importPackage(com.idmlogic.sigma.plugin.BasePlugin);
importPackage(com.idmlogic.sigma.plugin.PluginException);
importPackage(com.idmlogic.sigma.plugin.annotations.ExportedServerFunction);

// create mail session
var smtp_host = "mail.xyz.com";
var smtp_port = 25;

var from = "xyz@xyz.com";
var subject = "MSG01 :: Don't Reply - Validation Code";
var bodystart = "MSG02 :: Validation Code = [ ";
var bodyend = " ]" ;
var validationCode = 123456;
var to = toemailaddr;

var rnd = new java.util.Random();
validationCode = 100000 + rnd.nextInt(900000);
java.lang.System.out.println("MSG03 :: Randomly Generated Code = [" + validationCode + "]");

//Get the session object
var properties = java.lang.System.getProperties();
properties.setProperty("mail.smtp.host", smtp_host);
var session = javax.mail.Session.getDefaultInstance(properties);

//compose the message
try{
var message = new javax.mail.internet.MimeMessage(session);
message.setFrom(new javax.mail.internet.InternetAddress(from));
message.addRecipient(javax.mail.Message.RecipientType.TO,new javax.mail.internet.InternetAddress(to));
message.setSubject(subject);
message.setText(bodystart + validationCode + bodyend);

// Send message
javax.mail.Transport.send(message);
java.lang.System.out.println("MSG04 :: message sent successfully....");

return validationCode;

} catch (e) {
return 'Error: ' + e.toString();
}

}

 

 

//***********************************************************************

//  Validation Handler Code

//************************************************************************

 

Validation handler(api,prop){

 

return api.server(['SendValidationCodeEmail', "abc@ca.com"]).then(

                function(success) {

                                // First of all, get your return object

                                console.log(success);

                                var result = success.returnValue;

                                console.log(result);

                                api.prompt("MSGXX:: " + result );

                                return false;

                },

                function(error) {

                                // Do some eventual error handling like a message display

                                api.prompt("MSGXX- Error" );

                                return false;

                }

);

kumsa29

AA : Admin login Utility Page

Posted by kumsa29 Employee May 15, 2018

Please use the attached HTML page as utility page to login into the CA advance authentication admin console.

Please refer the attached file as reference code for CA Mobile client invocation using headless operations.

A brief write up on this functionality

 

What is CONFIDENCE_LEVEL :

This is an inbuilt score which is set in CA SSO header (“SM_USER_CONFIDENCE_LEVEL”) after successful completion CA Advance authentication.

 

Where to use CONFIDENCE_LEVEL :

It should be used with CA SSO integration with CA advance Auth. You should use the SSO header “SM_USER_CONFIDENCE_LEVEL” in Authorization rule for the business logic that you want to force based on confidence level.

 

CA SSO header to hold CONFIDENCE_LEVEL:

SM_USER_CONFIDENCE_LEVEL

 

How CONFIDENCE_LEVEL is calculated:

CONFIDENCE_LEVEL = 1000 - riskScore*10;

SM_USER_CONFIDENCE_LEVEL = CONFIDENCE_LEVEL

 

How to enable CONFIDENCE_LEVEL to AA and SSO Integration:

  • Add the new parameter (SupportConfidenceLevel=TRUE) in adapterSiteminder.shim to integrate with SSO. This parameter enables authorization to the application. Incorporate it in the adapterSiteminder.shim file in the following section:

# "MultipleUserDirectoriesSupported" property specifies that multiple user directories
# are supported. If set to 1 multiple user directories will be supported, else not.
#
# Default value is 1.
MultipleUserDirectoriesSupported=1
SupportConfidenceLevel=TRUE

 

Authorization Policy can also be configured for re-authentication using "OnAccessValidateIdentity" event.

Check the following configuration on CA AA documenation:

AA Document Home->Configuring Policy Server -->Configuration Policy Overview->Configure Re-authentication for Sensitive Resources

 

 Reference:

 

Troubleshooting Reference:

kumsa29

Radius Test Client

Posted by kumsa29 Employee May 9, 2018

Please use the attached Zip file to perform lightweight Radius client test

Please refer the attached sample web application for following three purpose

1-  Lightweight Admin functionality

2-  Self-Service functionality

3-  Health check monitoring.

Please refer the attached document for Health Check Monitoring for AA Infrastructure.