Skip to main content
Version: 4.42

API reference — Policy management

Overview

Policies control which certificates can be used by which users, in which applications and sites, and when. This documentation describes the methods for managing the full policy lifecycle: creating, querying, editing, enabling or disabling, and deleting them.

note

Before creating a policy you need the IDs of the application groups and site groups you want to associate with it. See the policy group management reference to create those resources first.

Before you start

Before testing these methods, you need to set up SoapUI.

important

The <!--Optional:--> comments that appear in SOAP requests are generated automatically and may incorrectly mark required fields as optional.

This documentation explicitly states which fields are required or optional. Always trust this documentation.

Create a policy

AddPolicy

Creates a new policy in the system.

NameTypeRequiredDescription
namestringYesPolicy name.
commentstringNoFree-form description or comment about the policy.
priorityintegerYesPolicy priority. Lower values have higher priority.
activebooleanYesIf true, the policy is active from the moment it is created.
certificateIdsarray of integersNoIDs of the individual certificates included in the policy.
certificateGroupIdsarray of integersNoIDs of the certificate groups included in the policy.
userUIdsarray of stringsNoUIDs of the users included in the policy, in the format USER:<id>@<domain>. Find the values in ListUsersInDomain.
applicationGroupIdsarray of integersNoIDs of the application groups where the policy applies. Find the values in ListApplicationGroups.
siteGroupIdsarray of integersNoIDs of the site groups where the policy applies. Find the values in ListSiteGroups.
dssbooleanYesIf true, the policy allows use of the DSS service.
macAgentbooleanYesIf true, the policy allows use of the macOS Agent.
whensWhenYesPolicy time schedule. Includes: always (true for the policy to be always valid; false to use custom time slots) and entries (list of WhenEntry with days, startDate, endDate, startTime, and endTime). If always is true, send entries empty.
actionstringYesPolicy action: ALLOW to permit certificate use, DENY to block it.
allowAllBrowsersbooleanYesIf true, the policy applies to all browsers and allowedBrowsers is ignored.
allowedBrowsersarray of SupportedBrowsersNoBrowsers the policy applies to when allowAllBrowsers is false. Values: IE, FF, CH, EDGE.
userPinPolicystringYesUser PIN behavior: DO_NOTHING (no effect on PIN), ASK_FOR_USER_PIN (prompts the user for PIN), DONT_ASK_FOR_USER_PIN (does not prompt for PIN even if the certificate requires it).
<soap:Envelope xmlns:soap="http://www.w3.org/2003/05/soap-envelope" xmlns:urn="urn:evolium:redtrust:administration:ws" xmlns:rtad="http://schemas.datacontract.org/2004/07/RTAdminService.Types" xmlns:arr="http://schemas.microsoft.com/2003/10/Serialization/Arrays">
    <soap:Header/>
    <soap:Body>
        <urn:AddPolicy>
            <urn:name>Acceso portal corporativo</urn:name>
            <urn:comment></urn:comment>
            <urn:priority>1</urn:priority>
            <urn:active>true</urn:active>
            <urn:certificateIds/>
            <urn:certificateGroupIds/>
            <urn:userUIds/>
            <urn:applicationGroupIds/>
            <urn:siteGroupIds/>
            <urn:dss>false</urn:dss>
            <urn:macAgent>false</urn:macAgent>
            <urn:whens>
                <rtad:always>true</rtad:always>
                <rtad:entries/>
            </urn:whens>
            <urn:action>ALLOW</urn:action>
            <urn:allowAllBrowsers>true</urn:allowAllBrowsers>
            <urn:allowedBrowsers>
                <rtad:SupportedBrowsers></rtad:SupportedBrowsers>
            </urn:allowedBrowsers>
            <urn:userPinPolicy>DO_NOTHING</urn:userPinPolicy>
        </urn:AddPolicy>
    </soap:Body>
</soap:Envelope>

Query policies

ListPolicies

Returns the list of policies in the system with their main data.

NameTypeRequiredDescription
viewTypestringYesFilters policies by type: VIEW_ALL, VIEW_ALLOWED (ALLOW action only), VIEW_DENIED (DENY action only), VIEW_ACTIVE, VIEW_INACTIVE.
filterstringNoText that results must contain. If empty, returns all policies.
numBlockintegerYesResult block number to return (pagination). The first block is 0.
orderColumnstringYesSort column: ORDER_BY_PRIORITY, ORDER_BY_STATUS, ORDER_BY_NAME, ORDER_BY_PERMISSION.
orderTypestringYesSort direction: ORDER_ASCENDING, ORDER_DESCENDING.
<soap:Envelope xmlns:soap="http://www.w3.org/2003/05/soap-envelope" xmlns:urn="urn:evolium:redtrust:administration:ws">
    <soap:Header/>
    <soap:Body>
        <urn:ListPolicies>
            <urn:viewType>VIEW_ALL</urn:viewType>
            <urn:filter></urn:filter>
            <urn:numBlock>0</urn:numBlock>
            <urn:orderColumn>ORDER_BY_PRIORITY</urn:orderColumn>
            <urn:orderType>ORDER_ASCENDING</urn:orderType>
        </urn:ListPolicies>
    </soap:Body>
</soap:Envelope>

GetPolicyData

Returns the full data for a policy, including the details of its associated certificates, users, application groups, and site groups.

NameTypeRequiredDescription
policyIdintegerYesPolicy ID. Find the value in ListPolicies or ListPolicyIds.
<soap:Envelope xmlns:soap="http://www.w3.org/2003/05/soap-envelope" xmlns:urn="urn:evolium:redtrust:administration:ws">
    <soap:Header/>
    <soap:Body>
        <urn:GetPolicyData>
            <urn:policyId>10</urn:policyId>
        </urn:GetPolicyData>
    </soap:Body>
</soap:Envelope>

ListPolicyIds

Returns the list of policy IDs. Use this method to get policyId or policyIds values.

NameTypeRequiredDescription
viewTypestringYesFilters policies by type: VIEW_ALL, VIEW_ALLOWED, VIEW_DENIED, VIEW_ACTIVE, VIEW_INACTIVE.
filterstringNoText that results must contain. If empty, returns all IDs.
filterByActionstringNoFilters by action: ALLOW or DENY. Cannot be sent empty.
filterByActivebooleanNoIf true, returns only active policies. If false, returns only inactive. Cannot be sent empty.
<soap:Envelope xmlns:soap="http://www.w3.org/2003/05/soap-envelope" xmlns:urn="urn:evolium:redtrust:administration:ws">
    <soap:Header/>
    <soap:Body>
        <urn:ListPolicyIds>
            <urn:viewType>VIEW_ALL</urn:viewType>
            <urn:filter></urn:filter>
            <urn:filterByAction>ALLOW</urn:filterByAction>
            <urn:filterByActive>true</urn:filterByActive>
        </urn:ListPolicyIds>
    </soap:Body>
</soap:Envelope>

Update a policy

EditPolicy

Updates an existing policy. All parameters fully replace the current values.

NameTypeRequiredDescription
policyIdintegerYesID of the policy to update. Find the value in ListPolicies.
namestringYesPolicy name.
commentstringNoFree-form description or comment about the policy.
priorityintegerYesPolicy priority. Lower values have higher priority.
activebooleanYesPolicy status.
certificateIdsarray of integersNoIDs of the individual certificates included in the policy.
certificateGroupIdsarray of integersNoIDs of the certificate groups included in the policy.
userUIdsarray of stringsNoUIDs of the users included in the policy.
applicationGroupIdsarray of integersNoIDs of the application groups where the policy applies.
siteGroupIdsarray of integersNoIDs of the site groups where the policy applies.
dssbooleanYesIf true, the policy allows use of the DSS service.
macAgentbooleanYesIf true, the policy allows use of the macOS Agent.
whensWhenYesPolicy time schedule. Same structure as in AddPolicy.
actionstringYesPolicy action: ALLOW or DENY.
allowAllBrowsersbooleanYesIf true, the policy applies to all browsers.
allowedBrowsersarray of SupportedBrowsersNoSpecific browsers when allowAllBrowsers is false. Values: IE, FF, CH, EDGE.
userPinPolicystringYesUser PIN behavior: DO_NOTHING, ASK_FOR_USER_PIN, DONT_ASK_FOR_USER_PIN.
<soap:Envelope xmlns:soap="http://www.w3.org/2003/05/soap-envelope" xmlns:urn="urn:evolium:redtrust:administration:ws" xmlns:rtad="http://schemas.datacontract.org/2004/07/RTAdminService.Types" xmlns:arr="http://schemas.microsoft.com/2003/10/Serialization/Arrays">
    <soap:Header/>
    <soap:Body>
        <urn:EditPolicy>
            <urn:policyId>10</urn:policyId>
            <urn:name>Acceso portal corporativo</urn:name>
            <urn:comment>Permite el uso de certificados en el portal de la empresa</urn:comment>
            <urn:priority>1</urn:priority>
            <urn:active>true</urn:active>
            <urn:certificateIds>
                <arr:int>101</arr:int>
            </urn:certificateIds>
            <urn:certificateGroupIds/>
            <urn:userUIds>
                <arr:string>USER:1007@local.users</arr:string>
            </urn:userUIds>
            <urn:applicationGroupIds>
                <arr:int>1</arr:int>
            </urn:applicationGroupIds>
            <urn:siteGroupIds>
                <arr:int>2</arr:int>
            </urn:siteGroupIds>
            <urn:dss>false</urn:dss>
            <urn:macAgent>false</urn:macAgent>
            <urn:whens>
                <rtad:always>false</rtad:always>
                <rtad:entries>
                    <rtad:WhenEntry>
                        <rtad:days>
                            <rtad:DayOfWeek>Monday</rtad:DayOfWeek>
                            <rtad:DayOfWeek>Tuesday</rtad:DayOfWeek>
                            <rtad:DayOfWeek>Wednesday</rtad:DayOfWeek>
                            <rtad:DayOfWeek>Thursday</rtad:DayOfWeek>
                            <rtad:DayOfWeek>Friday</rtad:DayOfWeek>
                        </rtad:days>
                        <rtad:startTime>08:00:00</rtad:startTime>
                        <rtad:endTime>18:00:00</rtad:endTime>
                    </rtad:WhenEntry>
                </rtad:entries>
            </urn:whens>
            <urn:action>ALLOW</urn:action>
            <urn:allowAllBrowsers>false</urn:allowAllBrowsers>
            <urn:allowedBrowsers>
                <rtad:SupportedBrowsers>CH</rtad:SupportedBrowsers>
                <rtad:SupportedBrowsers>EDGE</rtad:SupportedBrowsers>
                <rtad:SupportedBrowsers>FF</rtad:SupportedBrowsers>
            </urn:allowedBrowsers>
            <urn:userPinPolicy>DO_NOTHING</urn:userPinPolicy>
        </urn:EditPolicy>
    </soap:Body>
</soap:Envelope>

Enable or disable policies

ChangePoliciesStatus

Enables or disables one or more policies at once.

NameTypeRequiredDescription
policyIdsarray of integersYesIDs of the policies to update. Find the values in ListPolicyIds.
statusbooleanYesStatus to apply: true to enable, false to disable.
<soap:Envelope xmlns:soap="http://www.w3.org/2003/05/soap-envelope" xmlns:urn="urn:evolium:redtrust:administration:ws" xmlns:arr="http://schemas.microsoft.com/2003/10/Serialization/Arrays">
    <soap:Header/>
    <soap:Body>
        <urn:ChangePoliciesStatus>
            <urn:policyIds>
                <arr:int>10</arr:int>
                <arr:int>11</arr:int>
            </urn:policyIds>
            <urn:status>false</urn:status>
        </urn:ChangePoliciesStatus>
    </soap:Body>
</soap:Envelope>

Assign policies to a role

AssignRoleToPolicies

Reassigns a set of policies to a different role.

NameTypeRequiredDescription
roleIdintegerYesID of the role to assign the policies to.
policyIdsarray of integersYesIDs of the policies to reassign. Find the values in ListPolicyIds.
<soap:Envelope xmlns:soap="http://www.w3.org/2003/05/soap-envelope" xmlns:urn="urn:evolium:redtrust:administration:ws" xmlns:arr="http://schemas.microsoft.com/2003/10/Serialization/Arrays">
    <soap:Header/>
    <soap:Body>
        <urn:AssignRoleToPolicies>
            <urn:roleId>3</urn:roleId>
            <urn:policyIds>
                <arr:int>10</arr:int>
                <arr:int>11</arr:int>
            </urn:policyIds>
        </urn:AssignRoleToPolicies>
    </soap:Body>
</soap:Envelope>

Delete policies

DeletePolicies

Permanently deletes one or more policies.

NameTypeRequiredDescription
policyIdsarray of integersYesIDs of the policies to delete. Find the values in ListPolicyIds.
<soap:Envelope xmlns:soap="http://www.w3.org/2003/05/soap-envelope" xmlns:urn="urn:evolium:redtrust:administration:ws" xmlns:arr="http://schemas.microsoft.com/2003/10/Serialization/Arrays">
    <soap:Header/>
    <soap:Body>
        <urn:DeletePolicies>
            <urn:policyIds>
                <arr:int>10</arr:int>
            </urn:policyIds>
        </urn:DeletePolicies>
    </soap:Body>
</soap:Envelope>

Export policies

DownloadPoliciesCSV

Downloads a CSV file with the list of policies in the system. Parameters go in the SOAP header, not the body.

NameTypeRequiredDescription
basicFilter (header)stringNoText that results must contain. If empty, includes all policies.
viewType (header)stringNoFilters policies by type: VIEW_ALL, VIEW_ALLOWED, VIEW_DENIED, VIEW_ACTIVE, VIEW_INACTIVE.
<soap:Envelope xmlns:soap="http://www.w3.org/2003/05/soap-envelope" xmlns:urn="urn:evolium:redtrust:administration:ws">
    <soap:Header>
        <urn:basicFilter></urn:basicFilter>
        <urn:viewType>VIEW_ALL</urn:viewType>
    </soap:Header>
    <soap:Body>
        <urn:DownloadPoliciesCSV/>
    </soap:Body>
</soap:Envelope>

Was this page helpful?