Skip Headers
Oracle® Access Manager Developer Guide
10
g
(10.1.4.2.0)
Part Number E10355-01
Home
Book List
Index
Contact Us
Next
View PDF
Contents
List of Examples
List of Figures
List of Tables
Title and Copyright Information
Preface
Audience
Documentation Accessibility
Related Documents
Conventions
What's New in Oracle Access Manager?
Product and Component Name Changes
Globalization
WebGate Rewrite
Sample Web Services Code
Updates to IdentityXML
Authorization Plug-in API
Part I Programmatic Interfaces to the Identity System
1
IdentityXML and Identity Web Services
1.1
About IdentityXML
1.1.1
Implementing an IdentityXML Request
1.1.2
Sending Multiple IdentityXML Requests
1.2
Formatting an IdentityXML Request
1.2.1
XML Start Tag
1.2.2
Soap Tags
1.2.3
Authentication Tags
1.2.3.1
Authentication and Single Sign-on Considerations
1.2.4
Request Tag
1.2.5
Parameter Tags
1.2.5.1
Request Examples
1.2.6
Handling Special Characters in Requests
1.3
Locations for Each Application
1.4
Types of IdentityXML Functions
1.4.1
Functions to Test Access to Data
1.4.2
Functions to Get Data
1.4.3
Functions to Set Data
1.4.4
Privileges to View and Modify
1.4.4.1
Privileges Required for Direct Access APIs
1.4.4.2
Privileges Required for Indirect Access APIs
1.4.4.3
Privileges Required for Application-Specific IdentityXML Requests
1.4.4.4
Privileges Required for DN Operations
1.5
Formatting an IdentityXML Response
1.5.1
Parsing a Response
1.5.2
Response Example
1.5.3
Error Responses
1.6
Creating IdentityXML Requests Using WSDL
1.6.1
Benefits of WSDL
1.6.2
About Identity System WSDL Files
1.6.2.1
WSDL Directory Structure
1.6.3
WSDL Documents
1.6.4
Sample WSDL Files
1.6.5
About Working With WSDL Files
1.6.6
.NET Implementation of WSDL
1.6.7
Invoking a WSDL-Based Web Service Using Java
1.6.7.1
Required Software for Using the Sample Code
1.6.7.2
Setting Up the Access Manager SDK
1.6.7.3
Compiling and Running the Sample Code
1.7
Making WSDL Functions Available Using UDDI
2
IdentityXML Functions and Parameters
2.1
About IdentityXML
2.1.1
IdentityXML Overview
2.1.2
About IdentityXML Functions and Parameters
2.1.2.1
Function Types
2.1.2.2
Finding the Right Parameter Values for a Function
2.2
Search Parameters
2.3
Attribute Parameters
2.3.1
Syntax for Most Attribute Parameters
2.3.2
Syntax for Lost Password Management Attribute Parameters
2.3.2.1
Add Operation
2.3.2.2
Delete Operation
2.3.2.3
Replace Operations
2.3.2.4
Replace_All Operations
2.4
Exceptions to Attribute Values
2.5
Common Functions
2.5.1
Search for entries based on some criteria
2.5.1.1
Search for all pending, completed, or all tickets
2.5.1.2
Get information on a particular workflow ticket
2.5.1.3
Resume asynchronous workflows
2.5.1.4
Subscribe self to group
2.5.1.5
Unsubscribe self from group
2.5.1.6
Subscribe user to group
2.5.1.7
Unsubscribe user from group
2.6
User Manager Functions
2.6.1
Functions to Test for Attribute Permissions
2.6.1.1
Can I view a user's profile
2.6.1.2
Can I view an attribute in a user's profile
2.6.1.3
Can I modify an attribute in a user's profile
2.6.1.4
Can I modify an attribute in a user's profile using a workflow
2.6.1.5
Can I create a new user
2.6.1.6
Can I delete an existing user
2.6.1.7
Can this user view another user's profile
2.6.1.8
Can this user view an attribute in another user's profile
2.6.1.9
Can this user modify an attribute in another user's profile using a workflow
2.6.1.10
Can this user create a new user
2.6.1.11
Can this user delete an existing user
2.6.1.12
Can this user modify another user's attribute
2.6.1.13
Can this user request a change to another user's profile using a workflow
2.6.2
Functions to Perform User Manager Actions
2.6.2.1
View user attributes
2.6.2.2
Modify user attributes
2.6.2.3
Request user attribute change through a workflow
2.6.2.4
Create User Using a Workflow
2.6.2.5
Self-Registration Using a Workflow
2.6.2.6
Deactivate User Using a Workflow
2.6.2.7
View Deactivated User
2.6.2.8
Search Deactivated Users
2.6.2.9
Reactivate User Using a Workflow
2.7
Group Manager Functions
2.7.1
Functions to Test for Attribute Permissions
2.7.1.1
Can I view a group's profile
2.7.1.2
Can I view an attribute in a group's profile
2.7.1.3
Can I modify an attribute in a group's profile
2.7.1.4
Can I request modification through a workflow of an attribute in a group profile
2.7.1.5
Can I create a new group
2.7.1.6
Can I delete an existing group
2.7.1.7
Can I subscribe to a group
2.7.1.8
Can I unsubscribe from a group
2.7.1.9
Am I a member of a group
2.7.1.10
Can a user view a group's profile
2.7.1.11
Can a user view an attribute in a group's profile
2.7.1.12
Can a user modify an attribute in a group profile using a workflow
2.7.1.13
Can a user create a new group
2.7.1.14
Can a user delete an existing group
2.7.1.15
Is this person a member of a group
2.7.1.16
Request group attribute change
2.7.1.17
Request group attribute change through a workflow
2.7.2
Functions to Perform Group Manager Actions
2.7.2.1
View group attributes
2.7.2.2
Modify Group attributes
2.7.2.3
Create group
2.7.2.4
Delete Group
2.7.2.5
Get groups that I am a member, owner, or administrator of
2.7.2.6
Get groups that a user is a member, owner, or administrator of
2.7.2.7
View group members
2.7.2.8
Expand group
2.7.2.9
Flush the Group Cache
2.7.2.10
Subscribe a user to a group
2.8
Organization Manager Functions
2.8.1
Functions to Test For Attribute Permissions
2.8.1.1
Can I view an object's profile
2.8.1.2
Can I view an attribute in the object's profile
2.8.1.3
Can I modify an attribute in an object's profile
2.8.1.4
Can I request modification through a workflow of an attribute in an object's profile
2.8.1.5
Can I create a new object
2.8.1.6
Can I delete an existing object
2.8.1.7
Can this user view an object's profile
2.8.1.8
Can this user view an attribute in an object's profile
2.8.1.9
Can a user modify an attribute in an object's profile
2.8.1.10
Can a user create a new object
2.8.1.11
Can a user delete an existing object
2.8.1.12
Can this user request an object attribute modification
2.8.2
Functions to Perform Organization Manager Actions
2.8.2.1
View object attributes
2.8.2.2
Modify object attributes
2.8.2.3
Request object attribute change through a workflow
2.8.2.4
Create an object
2.8.2.5
Self-registration
2.8.2.6
Delete object
2.9
Code Examples of Deployed IdentityXML Functions
2.9.1
Java Application Example
2.9.2
Java Servlet Example
2.9.3
ObSSOCookie Example
3
Identity Event Plug-in API
3.1
About the Identity Event Plug-in API
3.1.1
Examples of Uses of the Identity Event Plug-in API
3.2
Connecting Events to Actions
3.2.1
Types of Events
3.2.1.1
Identity System Program Events: Pre and Post
3.2.1.2
OnChange
3.2.1.3
Workflow Events
3.2.1.4
Password Management Events
3.2.1.5
Lost Password Management
3.2.1.6
Encryption Events
3.2.2
Types of Actions
3.2.2.1
LIB Actions
3.2.2.2
MANAGEDLIB Actions
3.2.2.3
EXEC Actions
3.2.3
Configuration File (Catalog)
3.2.4
Guidelines for Writing an Action
3.2.4.1
Task overview: Writing an action
3.2.4.2
Availability—The availability of the data
3.3
How the API Works
3.3.1
Actions, as Seen by Identity System Applications
3.3.2
Identity System Applications, as Seen by Actions
3.3.2.1
LIB Actions
3.3.2.2
LIB Interface
3.3.2.3
Load Behavior
3.3.2.4
LIB Examples
3.3.2.5
MANAGEDLIB Actions
3.3.2.6
MANAGEDLIB Interface
3.3.2.7
Load Behavior for MANAGEDLIB
3.3.2.8
MANAGEDLIB Examples
3.3.2.9
MANAGEDLIB Actions
3.3.2.10
EXEC Actions
3.3.2.11
Load Behavior
3.3.2.12
EXEC Examples
3.3.2.13
Global Parameters
3.3.3
Working with XML
3.3.3.1
Event XML Format
3.3.3.2
PresentationXML Format
3.3.3.3
Parsing XML
3.4
Event Handling in the API
3.4.1
Event Handler Initialization and Shutdown Functions
3.4.1.1
ObInitEventAPI ( )
3.4.1.2
Return Values
3.4.1.3
ObTermEventAPI ( )
3.4.1.4
Return Values
3.4.2
Pre and Post Events
3.4.2.1
Catalog Entry
3.4.2.2
Interaction Methods
3.4.3
OnChange Events
3.4.3.1
Catalog Entry
3.4.3.2
Interaction Methods
3.4.3.3
Return Values
3.4.4
Workflow Events
3.4.4.1
Catalog Entry
3.4.4.2
Interaction Methods
3.4.4.3
Tables of Workflow Attributes
3.4.4.4
Return Values
3.4.5
Password Management Events
3.4.5.1
Catalog Entry
3.4.5.2
Interaction Methods
3.4.5.3
Return Values
3.4.6
Encryption Events
3.4.6.1
Catalog Entry
3.4.6.2
Interaction Methods
3.4.6.3
Response Values
3.5
The API
3.5.1
More on LIB Actions
3.5.2
More on MANAGEDLIB Actions
3.5.3
More on EXEC Actions
3.5.4
Returning Error Messages From an EXEC Call
3.5.4.1
Returning Error Messages Using EXEC - WF
3.5.4.2
EReturning Error Messages Using EXEC - PRE
3.5.4.3
Returning Error Messages Using EXEC - POST
3.5.5
Development Environment
3.5.5.1
Library Files for LIB and EXEC Actions
3.5.5.2
Library Files for MANAGEDLIB Actions
3.5.5.3
LIB Action Example Files
3.5.5.4
MANAGEDLIB Action Example Files
3.5.5.5
EXEC Action Example Files
3.5.5.6
Parser Example Files
3.6
Cross-Application Support
3.7
Examples
3.7.1
A LIB Action Example—LogActivation
3.7.2
An EXEC Action Example—AfterHours
3.7.3
A MANAGEDLIB Action Example
Part II Programatic Interfaces to the Access System
4
Building AccessGates with the Access Manager SDK
4.1
About AccessGates
4.1.1
About Prefabricated AccessGates (WebGates)
4.1.2
When to Create a Custom AccessGate
4.1.3
AccessGate Architecture
4.1.4
AccessGate Variations
4.1.5
How an AccessGate Handles a Resource Request
4.2
About AccessGate Deployment
4.2.1
Supported Versions and Platforms
4.2.2
Installing the Access Manager SDK
4.2.2.1
Obtaining the Access Manager SDK
4.2.2.2
Installing the SDK on Windows
4.2.2.3
Installing the SDK on UNIX
4.2.3
Configuring an AccessGate
4.2.3.1
Setting Environment Variables
4.2.3.2
Creating an AccessGate Entry on the Access Server
4.2.3.3
Running the configureAccessGate Utility
4.2.4
Writing AccessGate Code
4.2.4.1
Cloning a Custom AccessGate
4.2.5
Protecting Resources
4.3
About the Access Manager SDK
4.3.1
SDK Overview
4.3.2
SDK Content
4.3.2.1
BEA WebLogic Support Files
4.4
About the Access Manager API
4.4.1
Implementations Compared
4.4.1.1
About Memory Management
4.4.1.2
Corresponding Classes
4.4.1.3
About Multi-Language Implementation
4.4.2
ObMap
4.4.2.1
Equivalent Methods
4.4.3
ObMapIterator
4.4.3.1
Equivalent Methods
4.4.4
ObAuthenticationScheme
4.4.4.1
Equivalent Methods
4.4.5
ObResourceRequest
4.4.5.1
Equivalent Methods
4.4.6
ObUserSession
4.4.6.1
Equivalent Methods
4.4.7
ObConfig
4.4.7.1
Configuration Parameters
4.4.7.2
Equivalent Methods
4.4.8
ObAccessException
4.4.8.1
Equivalent Methods
4.5
Globalization and the Access Manager SDK, Access Manager APIs, Custom AccessGates
4.6
About Custom AccessGate Code
4.6.1
Typical AccessGate Execution Flow
4.6.2
Example of a Simple AccessGate: JAccessGate.java
4.6.2.1
Annotated Code
4.6.3
Example of a Simple AccessGate Using C Psuedo Classes: access_test_c.cpp
4.6.3.1
Annotated Code
4.6.4
Example: Java Login Servlet
4.6.4.1
Annotated Code
4.6.5
Example Using the C# API: access_api_test.cs
4.6.5.1
Annotated Code
4.6.6
Example Using Additional Methods: access_test_java.java
4.6.6.1
Annotated Code
4.6.7
Example in C++ that Implements Several Features: access_test_cplus.cpp
4.6.7.1
Annotated Code
4.6.8
Example of Implementing Certificate-Based Authentication
4.7
C++ Implementation Details
4.7.1
ObMap
4.7.1.1
Constructors (ObMap, C++)
4.7.1.2
Methods (ObMap, C++)
4.7.2
ObMapIterator
4.7.2.1
Constructors (ObMapIterator, C++)
4.7.2.2
Methods (ObMapIterator, C++)
4.7.3
ObAuthenticationScheme
4.7.3.1
Constructors (ObAuthenticationScheme, C++)
4.7.3.2
Methods (ObAuthenticationScheme, C++)
4.7.4
ObResourceRequest
4.7.4.1
Constructors (ObResourceRequest, C++)
4.7.4.2
Methods (ObResourceRequest, C++)
4.7.5
ObUserSession
4.7.5.1
Constructors (ObUserSession, C++)
4.7.5.2
Methods (ObUserSession, C++)
4.7.6
ObConfig
4.7.6.1
Methods (ObConfig, C++)
4.7.7
ObAccessException
4.7.7.1
Constructors (ObAccessException, C++)
4.7.7.2
Methods (ObAccessException, C++)
4.7.8
ObDiagnostic (C++)
4.7.8.1
Methods (ObDiagnostic, C++)
4.8
C Implementation Details
4.8.1
ObMap_t
4.8.1.1
Functions (ObMap_t, C)
4.8.2
ObMapIterator_t
4.8.2.1
Functions (ObMapIterator_t, C)
4.8.3
ObAuthenticationScheme_t
4.8.3.1
Functions (ObAuthenticationScheme_t, C)
4.8.4
ObResourceRequest_t
4.8.4.1
Functions (ObResourceRequest_t, C)
4.8.5
ObUserSession_t
4.8.5.1
Functions (ObUserSession, C)
4.8.6
ObConfig_t
4.8.6.1
Functions (ObConfig, C)
4.8.7
ObAccessException_t
4.8.7.1
C-language Error Handlers
4.8.7.2
Functions (ObAccessException, C)
4.8.8
ObDiagnostic (C)
4.8.8.1
Methods (ObDiagnostic, C)
4.9
C# Implementation Details
4.9.1
ObDictionary
4.9.1.1
Constructors (ObDictionary, C#)
4.9.1.2
Methods (ObDictionary, C#)
4.9.2
ObDictionaryEnumerator
4.9.2.1
Constructors (ObDictionaryEnumerator, C#)
4.9.2.2
Methods (ObDictionaryEnumerator, C#)
4.9.3
ObAuthenticationSchemeMgd
4.9.3.1
Constructors (ObAuthenticationSchemeMgd, C#)
4.9.3.2
Methods (ObAuthenticationSchemeMgd, C#)
4.9.4
ObResourceRequestMgd
4.9.4.1
Constructors (ObResourceRequestMgd, C#)
4.9.4.2
Methods (ObResourceRequestMgd, C#)
4.9.5
ObUserSessionMgd
4.9.5.1
Constructors (ObUserSessionMgd, C#)
4.9.5.2
Methods (ObUserSessionMgd, C#)
4.9.6
ObConfigMgd
4.9.6.1
Constructors (ObConfigMgd, C#)
4.9.6.2
Methods (ObConfigMgd, C#)
4.9.7
ObAccessExceptionMgd
4.9.7.1
Constructors (obAccessExceptionMgd, C#)
4.9.7.2
Methods (ObAccessExceptionMgd, C#)
4.9.8
ObDiagnostic (C#)
4.9.8.1
Methods (ObDiagnostic, C#)
4.10
Java Implementation Details
4.10.1
Interfaces
4.10.1.1
ObAuthenticationSchemeInterface
4.10.1.2
ObResourceRequestInterface
4.10.1.3
ObUserSessionInterface
4.10.2
(java.util.Hashtable)
4.10.2.1
Constructors (java.util.Hashtable, Java)
4.10.2.2
Methods (java.util.Hashtable, Java)
4.10.3
ObAuthenticationScheme
4.10.3.1
Constructors (ObAuthenticationScheme, Java)
4.10.3.2
Methods (ObAuthenticationScheme, Java)
4.10.4
ObResourceRequest
4.10.4.1
Constructors (ObResourceRequest, Java)
4.10.4.2
Methods (ObResourceRequest, Java)
4.10.5
ObUserSession
4.10.5.1
Java Status and Error Message Fields
4.10.5.2
Constructors (ObUserSession, Java)
4.10.5.3
Methods (ObUserSession, Java)
4.10.6
ObConfig
4.10.6.1
Constructors (ObConfig, Java)
4.10.6.2
Methods (ObConfig, Java)
4.10.7
ObAccessException
4.10.7.1
Constructors (ObAccessException, Java)
4.10.7.2
Inherited Methods (ObAccessException, Java)
4.10.8
ObDiagnostic (Java)
4.10.8.1
Methods (ObDiagnostic, Java)
4.11
C-Family Status and Error Message Strings
4.12
Best Practices
4.12.1
Avoiding Problems
4.12.1.1
Thread Safe Code
4.12.2
Identifying and Resolving Problems
5
Policy Manager API
5.1
About the Policy Manager API
5.1.1
Notes on Managed Code
5.2
Development Environment
5.2.1
Installation Location
5.2.2
Installation Content
5.2.3
About Building an AccessGate
5.2.3.1
Environment Variables
5.2.3.2
Build Process
5.2.4
Configuration File
5.3
Coding With the Policy Manager API
5.3.1
API Conventions
5.3.1.1
Programmatic and Implementation Conventions
5.3.1.2
Naming Conventions
5.3.2
Creating New Objects
5.3.3
Copying Existing Objects
5.3.3.1
About Cloning Objects Explicitly
5.3.4
Deleting Objects
5.3.5
Managing Data for Single-Valued Object Members
5.3.5.1
Setting Data for Single-Valued Object Members
5.3.5.2
Getting Data for Single-Valued Object Members
5.3.6
Managing Arrays
5.3.6.1
About Keys
5.3.6.2
Adding Data to Arrays
5.3.6.3
Modifying Data for Objects in Arrays
5.3.6.4
Getting a Count of Members in an Array
5.3.6.5
Getting Data for Elements of Arrays
5.3.6.6
Removing Data from Arrays
5.3.7
Using setIDFrom
5.3.8
Using Enumerations
5.3.9
ObAccessManager Class
5.3.9.1
Methods to Handle AccessManager Objects
5.3.9.2
Connection Methods
5.3.9.3
Get Methods
5.3.9.4
Java
5.3.9.5
C
5.3.9.6
Get Method Examples
5.3.9.7
Set Method
5.3.9.8
Test Access Method
5.3.10
Access System Configuration Objects
5.4
Policy Manager API Classes
5.4.1
Class ObAMHostIdentifier
5.4.2
Class ObAMHostIdentifierMgd
5.4.3
Class ObAMResourceType
5.4.4
Class ObAMResourceTypeMgd
5.4.5
Class ObAMAuthenticationScheme
5.4.6
Class ObAMAuthenticationSchemeMgd
5.4.7
Class ObAMAuthenticationScheme_ChallengeMethodMgd
5.4.8
Class ObAMAuthenticationPlugin
5.4.9
Class ObAMAuthenticationPluginMgd
5.4.10
Class ObAMAuthorizationScheme
5.4.11
Class ObAMAuthorizationSchemeMgd
5.4.12
Class ObAMMasterAuditRule
5.4.13
Class ObAMMasterAuditRuleMgd
5.4.14
Access Policy Objects
5.4.14.1
About String Names
5.4.15
Class ObAMPolicyDomain
5.4.16
Class ObAMPolicyDomainMgd
5.4.17
Class ObAMAdminRule
5.4.18
Creating an Administrator Rule
5.4.19
Class ObAMAdminRuleMgd
5.4.20
Class ObAMPolicy
5.4.21
Class ObAMPolicyMgd
5.4.22
Class ObAMAuthenticationRule
5.4.23
Class ObAMAuthenticationRuleMgd
5.4.24
Class ObAMAuthorizationRule
5.4.25
Class ObAMAuthorizationRuleMgd
5.4.26
Class ObAMAuthorizationExpr
5.4.27
Class ObAMAuthorizationExprMgd
5.4.28
Class ObAMDuplicateActionPolicyMgd
5.4.29
Class ObAMAccessConditions
5.4.30
Class ObAMAccessConditionsMgd
5.4.31
Class ObAMActionTypeMgd
5.4.32
Class ObAMObjectWithActions
5.4.33
Class ObAMTimingConditions
5.4.34
Class ObAMTimingConditionsMgd
5.4.35
Class ObAMTimingConditions_RelativeToMgd
5.4.36
Class ObAMDate_DaysOfWeekMgd
5.4.37
Class ObAMAction
5.4.38
Class ObAMActionMgd
5.4.39
Class ObAMAction_ValueTypeMgd
5.4.40
Class ObAMAuditRule
5.4.41
Class ObAMAuditRuleMgd
5.4.42
Class ObAMAuditRule_EventTypeMgd
5.4.43
Class ObAMDate
5.4.44
Class ObAMDateMgd
5.4.45
Class ObAMDate_MonthsMgd
5.4.46
Class ObAMDate_DaysOfWeekMgd
5.4.47
Class ObAMIdentity
5.4.48
Class ObAMIdentityMgd
5.4.49
Class ObAMParameter
5.4.50
Class ObAMParameterMgd
5.4.51
Class ObAMResource
5.4.52
Class ObAMResourceMgd
5.4.53
Class ObAMTime
5.4.54
Class ObAMTimeMgd
5.5
Test Objects
5.5.1
Class ObAMAccessTest
5.5.2
Class ObAMAccessTestMgd
5.5.3
Class ObAMAccessTestResults
5.5.4
Class ObAMAccessTestResultsMgd
5.5.5
Class ObAMAccessTestResult
5.5.6
Class ObAMAccessTestResultMgd
5.5.7
Class ObAMException
5.5.8
Class ObAccessException
5.5.9
Class ObAccessExceptionMgd
5.6
Sample Program
6
Authentication Plug-in API
6.1
About the Authentication Plug-in API
6.1.1
Globalization and Custom C Authentication Plug-ins and Interfaces -- reviewed/updated
6.1.1.1
Backward Compatibility
6.2
C API Environment
6.2.1
Support Files Location for the C API
6.2.2
C API Plug-in Directory
6.3
C API Data
6.3.1
Defines (C)
6.3.2
Handles (C)
6.3.3
C Return Values
6.3.3.1
ObAnActionType_t
6.3.3.2
ObAnPluginstatus_t
6.3.3.3
ObAnASStatus_t
6.3.4
C Structures
6.3.4.1
ObAnServerContext
6.3.4.2
ObAnPluginInfo
6.3.4.3
ObAnPluginFns
6.4
C API Functions
6.4.1
Functions Provided by the Access Server (C API)
6.4.1.1
GetDataFn
6.4.1.2
SetDataFn
6.4.1.3
GetFirstItemFn
6.4.1.4
GetNextFn
6.4.1.5
GetCredFn
6.4.1.6
SetCredFn
6.4.1.7
GetActionFn
6.4.1.8
SetActionFn
6.4.1.9
SetAuthnUidFn
6.4.2
C Functions Implemented in the Plug-in
6.4.2.1
ObAnPluginGetVersion
6.4.2.2
ObAnPluginInit
6.4.2.3
ObAnPluginTerminate
6.4.2.4
ObAnPluginFn
6.4.2.5
ObAnPluginDeallocStatusMsg
6.5
C Authentication Plug-in Example
6.6
Managed Code API Environment
6.6.1
Managed Code API Plug-in Directory
6.7
Managed Code API Data
6.7.1
Defines (Managed Code)
6.7.2
Interfaces (Managed Code)
6.7.2.1
IObAnServerContext
6.7.2.2
IObAnPluginInfo
6.7.2.3
IObAnPluginSVData
6.7.2.4
IObAnPluginMVData
6.7.2.5
IObAsPluginListItem
6.7.3
Managed Code Return Values
6.7.3.1
ObAnActionType
6.7.3.2
ObAnPluginstatus
6.7.3.3
ObAnASStatus
6.7.4
Managed Code Functions Implemented in the Plug-in
6.7.4.1
ObAnPluginGetVersion
6.7.4.2
ObAnPluginInit
6.7.4.3
ObAnPluginTerminate
6.7.4.4
ObAnPluginFn
6.8
Troubleshooting
6.9
Standard Plug-Ins
6.9.1
Credential Mapping Plug-In
6.9.2
Validate Password Plug-In
6.9.3
Certificate Decode Plug-In
6.9.4
Selection Filter Plug-In
6.9.5
NT/Win2000 Plug-In
6.9.6
SecurID Plug-In
7
Authorization Plug-in API
7.1
About the Authorization Plug-In API
7.1.1
Support for C and Managed Code
7.1.2
Globalization and Custom C Authorization Plug-in Interfaces -- reviewed/updated
7.1.2.1
Backward Compatibility
7.2
API Environment
7.2.1
C Code Location
7.2.2
Managed C++ Code Location
7.2.3
Plug-in Location
7.3
C API Data
7.3.1
C Constant Definitions
7.3.2
C Handles
7.3.3
C Return Values
7.3.3.1
ObAzplug-instatus_t
7.3.3.2
ObAzASStatus_t
7.3.4
C Structures
7.3.4.1
ObAzServerContext
7.3.4.2
ObAzPluginInfo
7.3.4.3
ObAzPluginFns
7.4
C API Functions
7.4.1
C Functions Provided by the Access Server
7.4.1.1
GetDataFn
7.4.1.2
SetDataFn
7.4.1.3
GetFirstItemFn
7.4.1.4
GetValueFn
7.4.1.5
GetNextFn
7.4.2
C Functions Implemented in the Plug-In
7.4.2.1
ObAzPluginGetVersion
7.4.2.2
ObAzPluginInit
7.4.2.3
ObAzPluginTerminate
7.4.2.4
ObAzPluginFn
7.4.2.5
ObAzPluginDeallocStatusMsg
7.4.2.6
C Example
7.5
Managed Code API Interfaces
7.5.1
Defines
7.5.2
Interfaces
7.5.3
Return Values
7.5.3.1
Status
7.5.3.2
ASStatus
7.5.4
Managed Code Interfaces
7.5.4.1
IObAzServerContext
7.5.4.2
IObAZPluginInfo
7.5.4.3
IObAzPluginData
7.5.4.4
IObAzPluginWriteableData
7.5.4.5
IObAsPluginListItem
7.5.5
Interfaces to be Implemented in the Plug-In
7.5.5.1
ObAzPluginGetVersion
7.5.5.2
ObAzPluginInit
7.5.5.3
ObAzPluginTerminate
7.5.5.4
ObAzPluginFn
7.6
Troubleshooting
Part III Appendices
A
XML Background
A.1
About XML
A.2
XML Schema
A.3
XSL and XSLT
A.3.1
General Syntax
A.3.2
Expression Syntax
A.3.3
Client-Side Transformation
A.3.4
XSL Transformation Limits
A.4
Resources
B
Policy Manager API Definitions
B.1
Class ObAccessManager
B.1.1
Java
B.1.2
C
B.1.3
Managed Code
B.2
Access Policy Objects
B.2.1
Java
B.2.1.1
Class ObAMResource
B.2.1.2
Class ObAMAccessConditions
B.2.1.3
Class ObAMDate
B.2.1.4
Class ObAMTime
B.2.1.5
Class ObAMTimingConditions
B.2.1.6
Class ObAMIdentity
B.2.1.7
Class ObAMObjectWithActions
B.2.1.8
Class ObAMAction
B.2.1.9
Class ObAMAuthenticationRule
B.2.1.10
Class ObAMAuthorizationRule
B.2.1.11
Class ObAMAuthorizationExpr
B.2.1.12
Class ObAMAuditRule
B.2.1.13
Class ObAMAdminRule
B.2.1.14
Class ObAMParameter
B.2.1.15
Class ObAMPolicy
B.2.1.16
Class ObAMPolicyDomain
B.2.1.17
Class ObAMAccessTest
B.2.1.18
Class ObAMAccessTestResults
B.2.1.19
Class ObAMAccessTestResult(s)
B.2.2
C
B.2.2.1
Class ObAMResource
B.2.2.2
Class ObAMAccessConditions
B.2.2.3
Class ObAMDate
B.2.2.4
Class ObAMTime
B.2.2.5
Class ObAMTimingConditions
B.2.2.6
Class ObAMIdentity
B.2.2.7
Class ObAMAction
B.2.2.8
Class ObAMObjectWithActions
B.2.2.9
Class ObAMAuthenticationRule
B.2.2.10
Class ObAMAuthorizationRule
B.2.2.11
Class ObAMAuthorizationExpr
B.2.2.12
Class ObAMAuditRule
B.2.2.13
Class ObAMAdminRule
B.2.2.14
Class ObAMParameter
B.2.2.15
Class ObAMPolicy
B.2.2.16
Class ObAMPolicyDomain
B.2.2.17
Class ObAMAccessTest
B.2.2.18
Class ObAMAccessTestResults
B.2.2.19
Class ObAMAccessTestResult(s)
B.2.3
Managed Code
B.2.3.1
Class ObAMResourceMgd
B.2.3.2
Class ObAMAccessConditionsMgd
B.2.3.3
Class ObAMDateMgd
B.2.3.4
Class ObAMDate_MonthsMgd
B.2.3.5
Class ObAMDate_DaysOfWeekMgd
B.2.3.6
Class ObAMTimeMgd
B.2.3.7
Class ObAMTimingConditionsMgd
B.2.3.8
Class ObAMIdentityMgd
B.2.3.9
Class ObAMActionTypeMgd
B.2.3.10
Class ObAMActionMgd
B.2.3.11
Class ObAMAction_ValueTypeMgd
B.2.3.12
Class ObAMAuthenticationRuleMgd
B.2.3.13
Class ObAMAuthorizationRuleMgd
B.2.3.14
Class ObAMAuthorizationExprMgd
B.2.3.15
Class ObAMAuditRuleMgd
B.2.3.16
Class ObAMAdminRuleMgd
B.2.3.17
Class ObAMParameterMgd
B.2.3.18
Class ObAMPolicyMgd
B.2.3.19
Class ObAMPolicyDomainMgd
B.2.3.20
Class ObAMAccessTestMgd
B.2.3.21
Class ObAMAccessTestResultsMgd
B.2.3.22
Class ObAMAccessTestResultMgd
B.3
Access System Configuration Objects
B.3.1
Java
B.3.1.1
Class ObAMHostIdentifier
B.3.1.2
Class ObAMResourceType
B.3.1.3
Class ObAMAuthenticationScheme
B.3.1.4
Class ObAMAuthenticationPlugin
B.3.1.5
Class ObAMAuthorizationScheme
B.3.1.6
Class ObAMMasterAuditRule
B.3.2
C
B.3.2.1
Class ObAMHostIdentifier
B.3.2.2
Class ObAMResourceType
B.3.2.3
Class ObAMAuthenticationScheme
B.3.2.4
Class ObAMAuthenticationPlugin
B.3.3
Managed Code
B.3.3.1
Class ObAMHostIdentifierMgd
B.3.3.2
Class ObAMResourceTypeMgd
B.3.3.3
Class ObAMAuthenticationSchemeMgd
B.3.3.4
Class ObAMAuthenticationPluginMgd
B.3.3.5
Class ObAMAuthorizationSchemeMgd
B.3.3.6
Class ObAMMasterAuditRuleMgd
B.4
Class ObAMException
B.4.1
Java
B.4.2
Class ObAccessException
B.4.3
C
B.4.4
Class ObAccessExceptionMgd
B.4.4.1
Managed Code
C
Identity Events
C.1
Application Events
C.2
Workflow Events
D
Installing the Access Manager SDK
D.1
About the Access Manager SDK Environment
D.2
Software Developer Kit Installation Prerequisites
D.3
Installing the Access Manager SDK on Windows
D.4
Installing the Access Manager SDK on Unix
D.5
Installing the Access Manager SDK on Linux
E
SOAP and HTTP Client
F
Managed Helper Classes
F.1
Managed Helper Classes for the APIs
Index