Symantec IGA

  • Private Community

  • 1.  Can we retriever IDM passwordData and provide last login time and disable time in view request.

    Posted May 01, 2017 01:16 PM

    I need to provide Last login and disable timestamp in TEWS request,
    Environment is integrated with SiteMinder and passwordData value is populated as a blob value.
    Can we write a LAH which can retrieve theses value and provide as a soap response in view user details.

     

    Thanks and Regards
    Mohammad Lari



  • 2.  Re: Can we retriever IDM passwordData and provide last login time and disable time in view request.
    Best Answer

    Posted May 01, 2017 05:02 PM

    The passwordData field is managed by SiteMinder, and IDM itself does not have the ability to retrieve or decrypt the attribute. However, SiteMinder's API does have a class that can access and decrypt it. This is briefly referenced in the following tech doc.

     

    How to retrieve the information in the Password Data for a user (refers to Password Data field in corporate store direct… 

     

    You should be able to extend the LAH with the SM API. Check the SM/SSO documentation for futher info on the API.

     

    -Larry



  • 3.  Re: Can we retriever IDM passwordData and provide last login time and disable time in view request.

    Broadcom Employee
    Posted May 01, 2017 06:14 PM

    Just to add Larry, Below is a communities link about the password blob utility where you can read the attribute for LAST LOGIN TIME

     

    https://communities.ca.com/community/ca-security/ca-single-sign-on/blog/2016/02/29/tech-tip-ca-single-sign-onpolicy-server-read-password-blob-utility

     

    Regards

    Ashok