Symantec Access Management

  • Private Community
Back to discussions
Expand all | Collapse all

How can I get the User Groups by using the Java SDK (12SP3) ?

  • 1.  How can I get the User Groups by using the Java SDK (12SP3) ?

    Posted Nov 05, 2014 08:18 AM

    Regarding the User Groups you can find the following that are part of the SiteMinder generated attributes :

     

    Policy Server Guides : Policy Server Configuration Guide : Responses and Response Groups : How SiteMinder Processes Responses : SiteMinder Generated User Attributes


    https://support.ca.com/cadocs/0/CA%20SiteMinder%20r12%20SP3-ENU/Bookshelf_Files/HTML/idocs/345899.html


    %SM_USERGROUPS
    This attribute holds the groups to which the user belongs. If the user belongs to a nested group, this attribute contains the group furthest down in the hierarchy. For all nested groups to which the user belongs, use SM_USERNESTEDGROUPS.

    Example:

    If a user belongs to the group Accounts Payable and Accounts Payable is contained in the group Accounting, SM_USERGROUPS contains Accounts Payable.
    If you want both Accounting and Accounts Payable, use SM_USERNESTEDGROUPS.

    User attributes SM_USERGROUPS and SM_USERNESTEDGROUPS are generated when the user is authenticated and is stored in policy server user cache. This data is fetched again only if one of the below mentioned scenario's happen.
    1. User log off and login again 2. When the session expires

     

    • Regarding the SDK API, you would need to use the UserContext Class


    https://support.ca.com/cadocs/0/CA%20SiteMinder%20r12%20SP3-ENU/Bookshelf_Files//programming-reference/javadoc-sm/com/netegrity/policyserver/smapi/UserContext.html

     

    getProp
    public java.lang.String getProp(java.lang.String propName,
                                    int bufferSize)Retrieves the value of thespecified user property.

    The retrieved property value should be no larger than the maximum length
    specified in the bufferSize parameter. Larger attributes are truncated to bufferSize.

    Parameters:
    propName - The name of the user property to retrieve.
    bufferSize - The maximum length of the retrieved value.
    Returns:
    The value of the specified property, or null if not available. For
    information on the format of multiple values retrieved from a multi-valued
    LDAP attribute, see setProp().

     

    You can use getProp( SM_USERGROUPS ), and/or getProp( SM_USERNESTEDGROUPS ) to get the list of groups and check the output.

     

    Hope it helps,

    Julien