NAME
Tivoli::AccessManager::Admin::SSO::Cred
SYNOPSIS
use Tivoli::AccessManager::Admin;
my $pd = Tivoli::AccessManager::Admin->new( password => 'N3ew0nk' );
my $sso = Tivoli::AccessManager::Admin::SSO::Cred->new( $pd,
resource => 'fred',
uid => 'mik',
ssouid => 'mikfire',
ssopwd => 'pa$$w0rd',
);
unless ( $sso->exist ) {
$resp = $sso->create;
}
$resp = $sso->resource();
$resp = $sso->ssopwd('derf');
$resp = $sso->ssopwd();
# SSOUID
$resp = $sso->ssouid('derf');
$resp = $sso->ssouid();
# TYPE
$resp = $sso->type();
# USER
$resp = $sso->user();
$resp = $sso->list();
for ( $resp->value ) {
isa_ok($_, "Tivoli::AccessManager::Admin::SSO::Cred");
}
DESCRIPTION
Tivoli::AccessManager::Admin::SSO::Cred provides the interface to create and modify GSO credentials.
CONSTRUCTOR
new(PDADMIN[,resource => NAME, uid => UID, ssouid => GSO User ID, ssopwd => GSO password, type => <web|group>])
Creates a blessed Tivoli::AccessManager::Admin::SSO::Cred object.
Parameters
- PDADMIN
-
An initialized Tivoli::AccessManager::Admin::Context object. As with every other class, the only way to change the context is to destroy the Tivoli::AccessManager::Admin::SSO::Cred object and recreate it with the new context. This parameter is required.
- resource => NAME
-
The name of the GSO resource. This resource must already exist or an error will be generated. This parameter is optional but can only be provided to "new" or "create". Most other methods will not work without the resource name.
- uid => UID
-
The user's ID in TAM. As with resource, this parameter is optional, but can only be given to "new" or "create". Most of the methods will not work without it.
- ssouid => GSO User ID
-
The user ID to presented to the back end. This parameter is optional and can be provided/changed at any time.
- ssopwd => GSO password
-
The password to be presented to the back end. This parameter is optional and can be changed/provided when ever. I should make the observation that this password is stored in plain text in the Tivoli::AccessManager::Admin::SSO::Cred object. This means it may be readable in a core dump or something similar. Caveat emptor.
- type => <web|group>
-
Defines the resource as a web or group resource. This is optional. If not provided, I will try to figure it out. If I cannot figure out, it defaults to "web".
Returns
A fully blessed Tivoli::AccessManager::Admin::SSO::Cred object under normal circumstances, undef otherwise. Since no TAM API calls are made by this method, "other" can loosely be defined as "syntax error".
create(PDADMIN,resource => NAME, uid => UID, ssouid => GSO User ID, ssopwd => GSO password[, type => <web|group>])
Initializes the Tivoli::AccessManager::Admin::SSO::Cred and creates it in TAM as well.
Parameters
See the parameter list for "new". The only difference is that all of the parameters except type are now required.
Returns
A Tivoli::AccessManager::Admin::Response object indicating the success or failure of the create operation. If it could be created, the new Tivoli::AccessManager::Admin::SSO::Cred object will be embedded in the response object as well.
CLASS METHODS
list(PDADMIN, 'uid')
Lists all GSO credentials for the provided uid.
Parameters
- PDADMIN
-
An initialized Tivoli::AccessManager::Admin::Context object.
- uid => UID
-
The user's ID in TAM.
Returns
A list of initialized Tivoli::AccessManager::Admin::SSO::Cred objects, one for each GSO credential the user has. This list may be empty. Please do note that this is different from every other list method in Tivoli::AccessManager::Admin.
This list is, of course, embedded in a Tivoli::AccessManager::Admin::Response object.
METHODS
The standard disclaimer. All the methods will return a Tivoli::AccessManager::Admin::Response object unless specifically stated otherwise. See the documentation for that module on how to coax the values out.
The methods also follow the same basic pattern. If an optional parameter is provided, it will have the affect of setting the attribute. All method calls will embed the results of a 'get' in the Tivoli::AccessManager::Admin::Response object.
create( [resource => NAME, uid => UID, ssouid => GSO User ID, ssopwd => GSO password, type => <web|group>])
As you might expect, create can also be used as a method call.
Parameters
See "new" for a full description. Only those parameters not provided to "new" need to be sent to "create". However, all of them need to be provided to one method or the other (except type) for the create call to work.
Returns
The success or failure of the operation.
delete
Deletes the user's GSO cred.
Parameters
None.
Returns
The success or failure of the operation.
ssopwd('password')
Gets/sets the GSO password for this resource.
Parameters
Returns
The GSO password. Need I repeat the warnings about plain text passwords in memory?
ssouid('UID')
Gets/sets teh GSO user ID.
Parameters
Returns
The GSO user ID.
The following methods are all read only. The documentation for the underlying API calls implies otherwise, but I was not able to make it work. Rather than cause problems, I thought it better to make them read only.
resource
Returns the name of the GSO resource to which the cred belongs.
Parameters
None.
Returns
The name of the GSO resource.
type
Returns the type of the GSO resource
Parameters
None.
Returns
'web' or 'group'
user
Returns the TAM user ID associated with the resource
Parameters
None.
Returns
The TAM user ID
exist
Determines of the GSO cred exists or not.
Parameters
None.
Returns
1 if the object exists, 0 otherwise.
ACKNOWLEDGEMENTS
See Tivoli::AccessManager::Admin for the list. This was not possible without the help of a bunch of people smarter than I.
BUGS
None known.
TODO
I need to figure out if the three read only methods can be made read/write.
I need to make the create and new methods smarter. I would really like them to be able to figure out if the resource is a web or group resource. I would also like a force option that will create the GSO resource if: o it does not already exist and o the type was provided in the method call
AUTHOR
Mik Firestone <mikfire@gmail.com>
COPYRIGHT
Copyright (c) 2006-2013 Mik Firestone. All rights reserved. This program is free software; you can redistibute it and/or modify it under the same terms as Perl itself.
All references to TAM, Tivoli Access Manager, etc are copyrighted, trademarked and otherwise patented by IBM.