Interface SubjectAdmin

CORBA Interface ISubjectAdmin

The set of services available to view and manipulate a subject definition.

Definition

CORBA Module DFAuthServer

ISubjectAdmin Description

The set of services available to view and manipulate a subject definition.

CORBA Definitions

attribute Description Descriptive text to help identify the subject.

attribute Enabled Return the subject's enabled status.

attribute Identifier The unique identifier of the subject.

attribute Name Display name of the subject.

method Close Release resources held by this component.

method Refresh Refresh the subject information.

method ListGroups Retrieve group information.

method AddPrincipal Add a principal.

method GetPrincipal Retrieve the principal identity and password associated with the given domain.

method RemovePrincipal Remove a credential set.

method ListPrincipals Retrieve principal information.

method UpdatePrincipalPassword Update the password of a principal.

method GetMappedPrincipal Retrieve principal associated with a principal map.

method ListPrincipalMaps Retrieve principal map information.

Java Classes

ISubjectAdminHelper Used to manipulate the ISubjectAdmin type

ISubjectAdminHolder Used to process the ISubjectAdmin type as an out parameter

Java Interfaces

ISubjectAdmin The set of services available to view and manipulate a subject definition.

Java Interface ISubjectAdmin

The set of services available to view and manipulate a subject definition.

Package com.sas.iom.DFAuthServer

ISubjectAdmin Description

The set of services available to view and manipulate a subject definition.

public interface ISubjectAdmin extends org.omg.CORBA.Object

Method Summary

void Close ()
Release resources held by this component.

void Refresh ()
Refresh the subject information.

void ListGroups ( java.lang.String columns , java.lang.String filter , AnySeqHolder groups )
throws ( GenericError );

Retrieve group information.

void AddPrincipal ( java.lang.String principal , java.lang.String domain , java.lang.String pw )
throws ( GenericError );

Add a principal.

void GetPrincipal ( java.lang.String domain , org.omg.CORBA.StringHolder principal , org.omg.CORBA.StringHolder pw )
throws ( GenericError );

Retrieve the principal identity and password associated with the given domain.

void RemovePrincipal ( java.lang.String domain )
throws ( GenericError );

Remove a credential set.

void ListPrincipals ( java.lang.String columns , AnySeqHolder principals )
throws ( GenericError );

Retrieve principal information.

void UpdatePrincipalPassword ( java.lang.String domain , java.lang.String password )
throws ( GenericError );

Update the password of a principal.

void GetMappedPrincipal ( java.lang.String consumingSubject , java.lang.String domain , java.lang.String groupingKey , java.lang.String scopingGroup , org.omg.CORBA.StringHolder principal , org.omg.CORBA.StringHolder pw )
throws ( GenericError );

Retrieve principal associated with a principal map.

void ListPrincipalMaps ( java.lang.String columns , java.lang.String filter , AnySeqHolder maps )
throws ( GenericError );

Retrieve principal map information.

Java Class ISubjectAdminHelper

public class ISubjectAdminHelper

Description
Implementing class for methods (insert, extract, type, id, read, write, narrow) used to manipulate the ISubjectAdmin type.

java.lang.Object
  |
  +--com.sas.iom.SAS.ISubjectAdminHelper

Java Class ISubjectAdminHolder

public class ISubjectAdminHolder

Description
Implementing class for methods (_read, _write, _type) used to process the ISubjectAdmin type as an out parameter.

java.lang.Object
  |
  +--com.sas.iom.SAS.ISubjectAdminHolder

CORBA Attribute Description

Descriptive text to help identify the subject.

Description

Descriptive text to help identify the subject.

The description may be updated by the owner of the subject and an Authentication Server administrator.

Usage

Java Method Description

public java.lang.String Description ();
public void Description ( java.lang.String Description );

CORBA Attribute Enabled

Return the subject's enabled status.

Description

Return the subject's enabled status.

When the subject enabled status is FALSE, the subject will not be resolved at login time. Therefore, returning a subject to enabled status may only be performed by an Authentication Server administrator.

Usage

Java Method Enabled

public boolean Enabled ();
public void Enabled ( boolean Enabled );

CORBA Attribute Identifier (readonly)

The unique identifier of the subject.

Description

Unique identifier of the subject.

Usage

Java Method Identifier

public java.lang.String Identifier ();

CORBA Attribute Name

Display name of the subject.

Description

Display name of the subject.

The display name should not be persisted as the key of the the subject since the subject name may change. The subject identifier should be used when persisting a reference to a subject.

The name may be updated by the owner of the subject and an Authentication Server administrator. The name shares a namespace with the group names and may not be empty.

Usage

Java Method Name

public java.lang.String Name ();
public void Name ( java.lang.String Name );

CORBA Method Close

Release resources held by this component.

Description

Release resources held by this component.

Usage

Java Method Close

voidClose ( )

Example

CORBA Method Refresh

Refresh the subject information.

Description

Refresh the subject information.

Usage

Java Method Refresh

voidRefresh ( )

Example

CORBA Method ListGroups

Retrieve group information.

Description

Return the requested groups in which the associated subject is either a member or owner.

Usage

Java Method ListGroups

voidListGroups (

    java.lang.String columns ,
    java.lang.String filter ,
    AnySeqHolder groups 
    )
    throws (
            GenericError
    );

Parameter Details

Parameter Direction Type Description

columns in java.lang.String
The list of the group information the operation is to return. If the list is empty, all columns marked as "included by default", in the order listed, are returned. The set of available columns are:

group: String
The name of group. Included by default.

identifier: String
The unique group identifier. Included by default.

owner: String
The unique identifier used to identify the subject that owns the group. Included by default.

description: String
Descriptive text to help identify the group. Included by default.

memberOf: Boolean
Indicates if the requesting subject is a member of the group. Included by default.

own: Boolean
Indicates if the requesting subject owns the group. Included by default.

parentID: String
The unique identifier of the group that immediately contains this member. This becomes useful when a deep member listing is requested. Included by default.

ownerName: String
The name of the subject that owns the group.

parent: String
The name of the group that immediately contains this member. This becomes useful when a deep member listing is requested.

filter in java.lang.String
A set of name/value pairs, where the "name" portion cannot be localized, used to select the groups to include in the returned groups. The supported "name" filters are:

deep
When specified, a deep listing of membership is performed. For search purposes, the specified deep filter is compared case insensitive.

description=[desc]
Specifies to select groups that pass the specified desc pattern. For search purposes, the specified desc is compared case insensitive.

group=[groupName]
Specifies to select groups that pass the specified groupName pattern. For search purposes, the specified groupName is compared case insensitive.

identifier=[id]
Specifies to select groups that pass the specified id pattern. For search purposes, the specified id is compared case insensitive.

memberOf
Specifies to select groups of which the subject is a member. If neither memberOf or own are specified, own is assumed. For search purposes, the specified memberOf filter is compared case insensitive.

own
Specifies to select groups owned by the subject. If neither memberOf or own are specified, own is assumed. For search purposes, the specified own filter is compared case insensitive.

groups out AnySeqHolder
The requested groups.

Parameter	Direction	Type	Description
columns	in	java.lang.String	The list of the group information the operation is to return. If the list is empty, all columns marked as "included by default", in the order listed, are returned. The set of available columns are: `group`: String The name of group. Included by default. `identifier`: String The unique group identifier. Included by default. `owner`: String The unique identifier used to identify the subject that owns the group. Included by default. `description`: String Descriptive text to help identify the group. Included by default. `memberOf`: Boolean Indicates if the requesting subject is a member of the group. Included by default. `own`: Boolean Indicates if the requesting subject owns the group. Included by default. `parentID`: String The unique identifier of the group that immediately contains this member. This becomes useful when a deep member listing is requested. Included by default. `ownerName`: String The name of the subject that owns the group. `parent`: String The name of the group that immediately contains this member. This becomes useful when a deep member listing is requested.
filter	in	java.lang.String	A set of name/value pairs, where the "name" portion cannot be localized, used to select the groups to include in the returned groups. The supported "name" filters are: deep When specified, a deep listing of membership is performed. For search purposes, the specified deep filter is compared case insensitive. description=[desc] Specifies to select groups that pass the specified desc pattern. For search purposes, the specified desc is compared case insensitive. group=[groupName] Specifies to select groups that pass the specified groupName pattern. For search purposes, the specified groupName is compared case insensitive. identifier=[id] Specifies to select groups that pass the specified id pattern. For search purposes, the specified id is compared case insensitive. memberOf Specifies to select groups of which the subject is a member. If neither memberOf or own are specified, own is assumed. For search purposes, the specified memberOf filter is compared case insensitive. own Specifies to select groups owned by the subject. If neither memberOf or own are specified, own is assumed. For search purposes, the specified own filter is compared case insensitive.
groups	out	AnySeqHolder	The requested groups.

Example

CORBA Method AddPrincipal

Add a principal.

Description

Add a tuple that may be used by the subject when authenticating to the specified domain.

If a tuple exists for the given domain, this call will fail.

Usage

Java Method AddPrincipal

voidAddPrincipal (

    java.lang.String principal ,
    java.lang.String domain ,
    java.lang.String pw 
    )
    throws (
            GenericError
    );

Parameter Details

Parameter Direction Type Description

principal in java.lang.String
The identity of the subject when authenticated in the specified domain. The principal may not be empty.

domain in java.lang.String
The authentication domain of the principal and password. If the domain is empty, the Authentication Server PRIMARYPROVIDERDOMAIN option value will be used.

pw in java.lang.String
The credentials to use when authenticating the principal in the specified domain.

Parameter	Direction	Type	Description
principal	in	java.lang.String	The identity of the subject when authenticated in the specified domain. The principal may not be empty.
domain	in	java.lang.String	The authentication domain of the principal and password. If the domain is empty, the Authentication Server PRIMARYPROVIDERDOMAIN option value will be used.
pw	in	java.lang.String	The credentials to use when authenticating the principal in the specified domain.

Example

CORBA Method GetPrincipal

Retrieve the principal identity and password associated with the given domain.

Description

Retrieve the principal identity and password associated with the given domain.

Only the subject owner is permitted to retrieve the credentials.

Usage

Java Method GetPrincipal

voidGetPrincipal (

    java.lang.String domain ,
    org.omg.CORBA.StringHolder principal ,
    org.omg.CORBA.StringHolder pw 
    )
    throws (
            GenericError
    );

Parameter Details

Parameter Direction Type Description

domain in java.lang.String
The authentication domain in which the credential set is requested. The domain may not be empty.

principal out org.omg.CORBA.StringHolder
The principal that identifies the subject in the specified authentication domain. If the domain is part of the login, the principal will be domain qualified.

pw out org.omg.CORBA.StringHolder
The credentials to use when authenticating the principal in the specified authentication domain.

Parameter	Direction	Type	Description
domain	in	java.lang.String	The authentication domain in which the credential set is requested. The domain may not be empty.
principal	out	org.omg.CORBA.StringHolder	The principal that identifies the subject in the specified authentication domain. If the domain is part of the login, the principal will be domain qualified.
pw	out	org.omg.CORBA.StringHolder	The credentials to use when authenticating the principal in the specified authentication domain.

Example

CORBA Method RemovePrincipal

Remove a credential set.

Description

Remove a credential set.

Usage

Java Method RemovePrincipal

voidRemovePrincipal (

    java.lang.String domain 
    )
    throws (
            GenericError
    );

Parameter Details

Parameter Direction Type Description

domain in java.lang.String
The authentication domain of the credential set to remove. The domain may not be empty.

Parameter	Direction	Type	Description
domain	in	java.lang.String	The authentication domain of the credential set to remove. The domain may not be empty.

Example

CORBA Method ListPrincipals

Retrieve principal information.

Description

List the principals associated with a subject.

Usage

Java Method ListPrincipals

voidListPrincipals (

    java.lang.String columns ,
    AnySeqHolder principals 
    )
    throws (
            GenericError
    );

Parameter Details

Parameter Direction Type Description

columns in java.lang.String
The list of the principal information the operation is to return. If the list is empty, all columns, in the order listed, are returned. The set of available columns are:

domain: String
The authentication domain of the principal and password.

principal: String
The principal that identifies the subject in the specified authentication domain. If the domain is part of the login, the principal will be domain qualified.

password: String
The credentials to use when authenticating the principal in the specified domain. The credentials may only be selected by the containing subject owner.

principals out AnySeqHolder
The list of authentication tuples associated with the subject. The returned array will contain a one dimensional array for each of the selected columns, in their selected order. If no columns were specified, all columns are returned in the order listed above.

Parameter	Direction	Type	Description
columns	in	java.lang.String	The list of the principal information the operation is to return. If the list is empty, all columns, in the order listed, are returned. The set of available columns are: `domain`: String The authentication domain of the principal and password. `principal`: String The principal that identifies the subject in the specified authentication domain. If the domain is part of the login, the principal will be domain qualified. `password`: String The credentials to use when authenticating the principal in the specified domain. The credentials may only be selected by the containing subject owner.
principals	out	AnySeqHolder	The list of authentication tuples associated with the subject. The returned array will contain a one dimensional array for each of the selected columns, in their selected order. If no columns were specified, all columns are returned in the order listed above.

Example

CORBA Method UpdatePrincipalPassword

Update the password of a principal.

Description

Used to update the password portion of the authentication tuple in the given domain.

Usage

Used to update the password portion of the authentication tuple in the given domain.

Java Method UpdatePrincipalPassword

voidUpdatePrincipalPassword (

    java.lang.String domain ,
    java.lang.String password 
    )
    throws (
            GenericError
    );

Parameter Details

Parameter Direction Type Description

domain in java.lang.String
The authentication domain of the credential set to update. The domain may not be empty.

password in java.lang.String
The new credentials to associate with the subject's principal in the given domain.

Parameter	Direction	Type	Description
domain	in	java.lang.String	The authentication domain of the credential set to update. The domain may not be empty.
password	in	java.lang.String	The new credentials to associate with the subject's principal in the given domain.

Example

CORBA Method GetMappedPrincipal

Retrieve principal associated with a principal map.

Description

Retrieve principal associated with a principal map. The requesting subject must either be an owner of the principal map containing the desired principal. Or, the requesting subject must be a managing member of the principal map containing the desired principal.

Usage

Java Method GetMappedPrincipal

voidGetMappedPrincipal (

    java.lang.String consumingSubject ,
    java.lang.String domain ,
    java.lang.String groupingKey ,
    java.lang.String scopingGroup ,
    org.omg.CORBA.StringHolder principal ,
    org.omg.CORBA.StringHolder pw 
    )
    throws (
            GenericError
    );

Parameter Details

Parameter Direction Type Description

consumingSubject in java.lang.String
The identifier of the subject in which the retrieved principal will be used. The consumingSubject, which may not be empty, must be a consuming member of the principal map containing the desired principal.

domain in java.lang.String
The authentication domain in which the retrieved principal will be used. The domain may not be empty.

groupingKey in java.lang.String
The collection of principal maps that should be searched. The scoping group may be empty.

scopingGroup in java.lang.String
Group in which the consumingSubject must be a direct or indirect member of. The scoping group may be empty.

principal out org.omg.CORBA.StringHolder
The located principal identity.

pw out org.omg.CORBA.StringHolder
The located principal password.

Parameter	Direction	Type	Description
consumingSubject	in	java.lang.String	The identifier of the subject in which the retrieved principal will be used. The consumingSubject, which may not be empty, must be a consuming member of the principal map containing the desired principal.
domain	in	java.lang.String	The authentication domain in which the retrieved principal will be used. The domain may not be empty.
groupingKey	in	java.lang.String	The collection of principal maps that should be searched. The scoping group may be empty.
scopingGroup	in	java.lang.String	Group in which the consumingSubject must be a direct or indirect member of. The scoping group may be empty.
principal	out	org.omg.CORBA.StringHolder	The located principal identity.
pw	out	org.omg.CORBA.StringHolder	The located principal password.

Example

CORBA Method ListPrincipalMaps

Retrieve principal map information.

Description

Return the requested columns from the selected principal maps in which the subject is either the owner, a manager or a consumer.

Usage

Java Method ListPrincipalMaps

voidListPrincipalMaps (

    java.lang.String columns ,
    java.lang.String filter ,
    AnySeqHolder maps 
    )
    throws (
            GenericError
    );

Parameter Details

Parameter Direction Type Description

columns in java.lang.String
The list of the principal map information the operation is to return. If the list is empty, all columns marked as "included by default", in the order listed, are returned. The set of available columns are:

map: String
The name of principal map. Included by default.

identifier: String
The unique principal map identifier. Included by default.

owner: String
The unique identifier used to identify the subject that owns the principal map. Included by default.

description: String
Descriptive text to help identify the principal map. Included by default.

collection: String
The groupingKey string used to collect available principal maps. Included by default.

manage: Boolean
Indicates whether the requester is permitted to adjust the principal map consumer list. Included by default.

own: Boolean
Indicates whether the requester owns the principal map. Included by default.

consume: Boolean
Indicates whether the requester may have the principals associated with the principal map used on their behalf. Included by default.

ownerName: String
The name of the subject that owns the principal map.

domain: String
The domain of the principal map's principal. Empty if the principal map has no associated principal.

principal: String
The principal map's principal. Empty if the subject is not a manager of the principal map.

filter in java.lang.String
A set of name/value pairs, where the "name" portion cannot be localized, used to select the principal maps to include in the returned maps. If the filter is empty, all principal maps are returned. The supported "name" filters are:

collection=[collectionKey]
Specifies to select principal maps that have a collection key that pass the specified collectionKey pattern. The collection key is used to scope many principal maps to the same server or application name space. For search purposes, the specified collectionKey is compared case insensitive.

consume
When specified, principal maps that the requester may have the principal map principals used on their behalf are selected. For search purposes, the specified consume filter is compared case insensitive.

description=[desc]
Specifies to select principal maps that pass the specified desc pattern. For search purposes, the specified desc is compared case insensitive.

domain=[domainName]
When specified, principal maps associated with the given domain are selected. For search purposes, the specified domainName is compared case insensitive.

identifier=[id]
Specifies to select principal maps that pass the specified id pattern. For search purposes, the specified id is compared case insensitive.

manage
When specified, principal maps that the requester may manage the permitted consumer list are selected. For search purposes, the specified manage filter is compared case insensitive.

map=[mapName]
Specifies to select principal maps that pass the specified mapName pattern. For search purposes, the specified mapName is compared case sensitive.

own
When specified, principal maps that the requester owns are selected. For search purposes, the specified own filter is compared case insensitive.

owner=[id]
Specifies to select principal maps that have an owner that passes the specified id pattern. For search purposes, the specified id is compared case insensitive.

ownerName=[ownerName]
Specifies to select principal maps that have an owner name that passes the specified ownerName pattern. For search purposes, the specified ownerName is compared case insensitive.

maps out AnySeqHolder
The requested principal maps.

Parameter	Direction	Type	Description
columns	in	java.lang.String	The list of the principal map information the operation is to return. If the list is empty, all columns marked as "included by default", in the order listed, are returned. The set of available columns are: `map`: String The name of principal map. Included by default. `identifier`: String The unique principal map identifier. Included by default. `owner`: String The unique identifier used to identify the subject that owns the principal map. Included by default. `description`: String Descriptive text to help identify the principal map. Included by default. `collection`: String The groupingKey string used to collect available principal maps. Included by default. `manage`: Boolean Indicates whether the requester is permitted to adjust the principal map consumer list. Included by default. `own`: Boolean Indicates whether the requester owns the principal map. Included by default. `consume`: Boolean Indicates whether the requester may have the principals associated with the principal map used on their behalf. Included by default. `ownerName`: String The name of the subject that owns the principal map. `domain`: String The domain of the principal map's principal. Empty if the principal map has no associated principal. `principal`: String The principal map's principal. Empty if the subject is not a manager of the principal map.
filter	in	java.lang.String	A set of name/value pairs, where the "name" portion cannot be localized, used to select the principal maps to include in the returned maps. If the filter is empty, all principal maps are returned. The supported "name" filters are: collection=[collectionKey] Specifies to select principal maps that have a collection key that pass the specified collectionKey pattern. The collection key is used to scope many principal maps to the same server or application name space. For search purposes, the specified collectionKey is compared case insensitive. consume When specified, principal maps that the requester may have the principal map principals used on their behalf are selected. For search purposes, the specified consume filter is compared case insensitive. description=[desc] Specifies to select principal maps that pass the specified desc pattern. For search purposes, the specified desc is compared case insensitive. domain=[domainName] When specified, principal maps associated with the given domain are selected. For search purposes, the specified domainName is compared case insensitive. identifier=[id] Specifies to select principal maps that pass the specified id pattern. For search purposes, the specified id is compared case insensitive. manage When specified, principal maps that the requester may manage the permitted consumer list are selected. For search purposes, the specified manage filter is compared case insensitive. map=[mapName] Specifies to select principal maps that pass the specified mapName pattern. For search purposes, the specified mapName is compared case sensitive. own When specified, principal maps that the requester owns are selected. For search purposes, the specified own filter is compared case insensitive. owner=[id] Specifies to select principal maps that have an owner that passes the specified id pattern. For search purposes, the specified id is compared case insensitive. ownerName=[ownerName] Specifies to select principal maps that have an owner name that passes the specified ownerName pattern. For search purposes, the specified ownerName is compared case insensitive.
maps	out	AnySeqHolder	The requested principal maps.

Example

CORBA Definitions
attribute Description	Descriptive text to help identify the subject.
attribute Enabled	Return the subject's enabled status.
attribute Identifier	The unique identifier of the subject.
attribute Name	Display name of the subject.
method Close	Release resources held by this component.
method Refresh	Refresh the subject information.
method ListGroups	Retrieve group information.
method AddPrincipal	Add a principal.
method GetPrincipal	Retrieve the principal identity and password associated with the given domain.
method RemovePrincipal	Remove a credential set.
method ListPrincipals	Retrieve principal information.
method UpdatePrincipalPassword	Update the password of a principal.
method GetMappedPrincipal	Retrieve principal associated with a principal map.
method ListPrincipalMaps	Retrieve principal map information.

Java Classes
ISubjectAdminHelper	Used to manipulate the ISubjectAdmin type
ISubjectAdminHolder	Used to process the ISubjectAdmin type as an out parameter

Java Interfaces
ISubjectAdmin	The set of services available to view and manipulate a subject definition.

void	Close () Release resources held by this component.
void	Refresh () Refresh the subject information.
void	ListGroups ( java.lang.String columns , java.lang.String filter , AnySeqHolder groups ) throws ( GenericError ); Retrieve group information.
void	AddPrincipal ( java.lang.String principal , java.lang.String domain , java.lang.String pw ) throws ( GenericError ); Add a principal.
void	GetPrincipal ( java.lang.String domain , org.omg.CORBA.StringHolder principal , org.omg.CORBA.StringHolder pw ) throws ( GenericError ); Retrieve the principal identity and password associated with the given domain.
void	RemovePrincipal ( java.lang.String domain ) throws ( GenericError ); Remove a credential set.
void	ListPrincipals ( java.lang.String columns , AnySeqHolder principals ) throws ( GenericError ); Retrieve principal information.
void	UpdatePrincipalPassword ( java.lang.String domain , java.lang.String password ) throws ( GenericError ); Update the password of a principal.
void	GetMappedPrincipal ( java.lang.String consumingSubject , java.lang.String domain , java.lang.String groupingKey , java.lang.String scopingGroup , org.omg.CORBA.StringHolder principal , org.omg.CORBA.StringHolder pw ) throws ( GenericError ); Retrieve principal associated with a principal map.
void	ListPrincipalMaps ( java.lang.String columns , java.lang.String filter , AnySeqHolder maps ) throws ( GenericError ); Retrieve principal map information.