Tivoli::AccessManager::Admin::SSO::Cred
use Tivoli::AccessManager::Admin; my $pd = Tivoli::AccessManager::Admin->new( password => 'N3ew0nk' ); my $sso = Tivoli::AccessManager::Admin::SSO::Cred->new( $pd, resource => 'fred', uid => 'mik', ssouid => 'mikfire', ssopwd => 'pa$$w0rd', ); unless ( $sso->exist ) { $resp = $sso->create; } $resp = $sso->resource(); $resp = $sso->ssopwd('derf'); $resp = $sso->ssopwd(); # SSOUID $resp = $sso->ssouid('derf'); $resp = $sso->ssouid(); # TYPE $resp = $sso->type(); # USER $resp = $sso->user(); $resp = $sso->list(); for ( $resp->value ) { isa_ok($_, "Tivoli::AccessManager::Admin::SSO::Cred"); }
Tivoli::AccessManager::Admin::SSO::Cred provides the interface to create and modify GSO credentials.
Creates a blessed Tivoli::AccessManager::Admin::SSO::Cred object.
An initialized Tivoli::AccessManager::Admin::Context object. As with every other class, the only way to change the context is to destroy the Tivoli::AccessManager::Admin::SSO::Cred object and recreate it with the new context. This parameter is required.
The name of the GSO resource. This resource must already exist or an error will be generated. This parameter is optional but can only be provided to "new" or "create". Most other methods will not work without the resource name.
The user's ID in TAM. As with resource, this parameter is optional, but can only be given to "new" or "create". Most of the methods will not work without it.
The user ID to presented to the back end. This parameter is optional and can be provided/changed at any time.
The password to be presented to the back end. This parameter is optional and can be changed/provided when ever. I should make the observation that this password is stored in plain text in the Tivoli::AccessManager::Admin::SSO::Cred object. This means it may be readable in a core dump or something similar. Caveat emptor.
Defines the resource as a web or group resource. This is optional. If not provided, I will try to figure it out. If I cannot figure out, it defaults to "web".
A fully blessed Tivoli::AccessManager::Admin::SSO::Cred object under normal circumstances, undef otherwise. Since no TAM API calls are made by this method, "other" can loosely be defined as "syntax error".
Initializes the Tivoli::AccessManager::Admin::SSO::Cred and creates it in TAM as well.
See the parameter list for "new". The only difference is that all of the parameters except type are now required.
A Tivoli::AccessManager::Admin::Response object indicating the success or failure of the create operation. If it could be created, the new Tivoli::AccessManager::Admin::SSO::Cred object will be embedded in the response object as well.
Lists all GSO credentials for the provided uid.
An initialized Tivoli::AccessManager::Admin::Context object.
The user's ID in TAM.
A list of initialized Tivoli::AccessManager::Admin::SSO::Cred objects, one for each GSO credential the user has. This list may be empty. Please do note that this is different from every other list method in Tivoli::AccessManager::Admin.
This list is, of course, embedded in a Tivoli::AccessManager::Admin::Response object.
The standard disclaimer. All the methods will return a Tivoli::AccessManager::Admin::Response object unless specifically stated otherwise. See the documentation for that module on how to coax the values out.
The methods also follow the same basic pattern. If an optional parameter is provided, it will have the affect of setting the attribute. All method calls will embed the results of a 'get' in the Tivoli::AccessManager::Admin::Response object.
As you might expect, create can also be used as a method call.
See "new" for a full description. Only those parameters not provided to "new" need to be sent to "create". However, all of them need to be provided to one method or the other (except type) for the create call to work.
The success or failure of the operation.
Deletes the user's GSO cred.
None.
Gets/sets the GSO password for this resource.
The new GSO password.
The GSO password. Need I repeat the warnings about plain text passwords in memory?
Gets/sets teh GSO user ID.
The new GSO user ID.
The GSO user ID.
The following methods are all read only. The documentation for the underlying API calls implies otherwise, but I was not able to make it work. Rather than cause problems, I thought it better to make them read only.
Returns the name of the GSO resource to which the cred belongs.
The name of the GSO resource.
Returns the type of the GSO resource
'web' or 'group'
Returns the TAM user ID associated with the resource
The TAM user ID
Determines of the GSO cred exists or not.
1 if the object exists, 0 otherwise.
See Tivoli::AccessManager::Admin for the list. This was not possible without the help of a bunch of people smarter than I.
None known.
I need to figure out if the three read only methods can be made read/write.
I need to make the create and new methods smarter. I would really like them to be able to figure out if the resource is a web or group resource. I would also like a force option that will create the GSO resource if: o it does not already exist and o the type was provided in the method call
Mik Firestone <mikfire@gmail.com>
Copyright (c) 2006-2013 Mik Firestone. All rights reserved. This program is free software; you can redistibute it and/or modify it under the same terms as Perl itself.
All references to TAM, Tivoli Access Manager, etc are copyrighted, trademarked and otherwise patented by IBM.
To install Tivoli::AccessManager::Admin, copy and paste the appropriate command in to your terminal.
cpanm
cpanm Tivoli::AccessManager::Admin
CPAN shell
perl -MCPAN -e shell install Tivoli::AccessManager::Admin
For more information on module installation, please visit the detailed CPAN module installation guide.