Symantec Access Management

  • 1.  PERL API Setter Method Not Working

    Broadcom Employee
    Posted Aug 03, 2016 04:28 PM


    Hi All,

     

    Working again with the PERL API trying to use the PolicyMgtRealm:AuthScheme() method to change an existing authentication scheme for a realm. My attempts are failing to actually make the change to the realm. Can anyone see where my logic or misunderstanding of this method is at please. The first image is the code I wrote, and the second image is the contents of the AuthUpdate file. It seems that looks OK, but when I check the Realm in XPSExplorer or AdminUI the Auth Scheme does not properly set to the new $scheme variable.

    use warnings;

     

    use Netegrity::PolicyMgtAPI;

    my @resources;

    $destFile="AuthUpdate.txt";

    open(DEST,">".$destFile) || die "Open file error: $!";

    print DEST "Auth Scheme Update for rusniaklab.com\n";

    print DEST "Printed " . scalar(localtime)."";

    $policyapi = Netegrity::PolicyMgtAPI->New();

    $session = $policyapi->CreateSession("siteminder", "*PW*");

    $domain = $session->GetDomain("sso2iis.rusniaklab.com");

     

     

    $realm_to_update = $domain->GetRealm("sso2iis.rusniaklab.com index");

     

    print DEST "\n Realm is called:" . $realm_to_update->Name();

     

     

    $realmAuthScheme = $realm_to_update->AuthScheme();

     

    print DEST "\n Realm original auth scheme is: " . $realmAuthScheme->Name();

    $scheme = $realmAuthScheme->Name(testBasicAuth);

    print DEST "\nNEW SCHEME TO UPDATE IS: " . $scheme;

     

    $realm_to_update->AuthScheme($scheme);

     

     

    print "\nAuth Scheme report written to " . $destFile."\n";

     

    Auth Scheme Update for rusniaklab.com

    Printed Tue Jul 12 08:10:12 2016

    Realm is called:sso2iis.rusniaklab.com index

    Realm original auth scheme is: ssoIIS Forms Authentication

    NEW SCHEME TO UPDATE IS: testBasicAuth

     

     

    Thank you for your time,

     

    Adam



  • 2.  Re: PERL API Setter Method Not Working

    Posted Aug 03, 2016 07:13 PM

    Hi Adam,

     

    Did you find any return value after the set? According to documentation, it will return "undef" if the call is unsuccessful.

    @@@

    AuthScheme Method—Sets or Retrieves the Authentication Scheme for the Realm

    The AuthScheme method sets or retrieves the authentication scheme for the realm.

    Syntax

    The AuthScheme method has the following format:

    Netegrity::PolicyMgtRealm->AuthScheme([authScheme])

     

    Parameters

    The AuthScheme method accepts the following parameter:

    authScheme (PolicyMgtAuthScheme)

    (Optional) Specifies the authentication scheme to set for the realm.

     

    Return Value

    The AuthScheme method returns one of the following values:

    ■ A New or existing PolicyMgtAuthScheme object for the realm

    ■ undef if the call is unsuccessful

    @@@

     

    Regards,

    Kar Meng



  • 3.  Re: PERL API Setter Method Not Working
    Best Answer

    Posted Aug 03, 2016 07:41 PM

    Hi Adam,

     

    There is a problem in your code.

    You will need to modify as below.

    Basically, you will need to retrieve the new authscheme that you want to set to , and use that object while updating the auth scheme.

     

    *******************************************************************

     

    $realmAuthScheme = $realm_to_update->AuthScheme();

     

     

     

    print DEST "\n Realm original auth scheme is: " . $realmAuthScheme->Name();

     

    ######### Ujwol ############

    $new_authscheme=$session->GetAuthScheme("testBasicAuth");

    if (($realm_to_update->AuthScheme($new_authscheme))==undef) {

          print DEST "\n  Couldn't update realm " . $realm_to_update->Name();

       }

       else {

          print DEST "\n  Successfully updated auth scheme for realm ". $realm_to_update->Name();

       }

     

    #$scheme = $realmAuthScheme->Name(testBasicAuth);

    #print DEST "\nNEW SCHEME TO UPDATE IS: " . $scheme;

    #$realm_to_update->AuthScheme($scheme);

     

    ######### Ujwol ############

    *******************************************************************

     

    Also, use XPSExplorer to verify the changes, as that talks directly to policy store.

    Admin UI might not be able to reflect the changes immediately as it reads from local policy server cache which will need time to update.

     

    Hope this helps.

     

    Cheers,

    Ujwol



  • 4.  Re: PERL API Setter Method Not Working

    Broadcom Employee
    Posted Aug 03, 2016 08:56 PM

    Thank you Ujwol, that worked like a charm! Appreciate your quick help as always. I guess I didn't realize I had to call the AuthScheme to set from the session methods.

     

    Have a great night,

     

    Adam



  • 5.  Re: PERL API Setter Method Not Working

    Broadcom Employee
    Posted Aug 04, 2016 11:26 AM

    Hey Ujwol,

    Functionally this worked great for me, I had to make one modification to the if statement to get it to stop throwing an uninitialized value warning message. I just changed:

     

    if (($realm_to_update->AuthScheme($new_authscheme))==undef)

     

    to

     

    if (! defined($realm_to_update->AuthScheme($new_authscheme)) )

     

    Maybe this is related to the syntax of the version of PERL my policy server version is using? Oh well, all is well but if you run with use warnings this will fix that warning.

     

    Thanks again!


    Adam