If you need the public hostname of SPS in the plugin, the plugin can read it from the /etc/hostnickname file.
Your plugin .zip file may contain an optional default.cfg sample configuration file. This file serves to provide an example configuration that you can use as a basis for customization if you wish to adapt the plugin to your site's needs.
The only prerequisites for this file are as follows:
Other than these prerequisites, the contents of the file are not restricted in any way.
On the default log level, One Identity Safeguard for Privileged Sessions (SPS) logs everything that the plugin writes to stdout and stderr. Log message lines are prefixed with the session ID of the proxy, which makes it easier to find correlating messages.
To transfer information between the methods of a plugin (for example, to include data in a log message when the session is closed), you can use a cookie.
If an error occurs while executing the plugin, SPS automatically terminates the session.
NOTE: This error is not visible in the verdict of the session. To find out why the session was terminated, you have to check the logs.
From SPS 5 LTS and later, this functionality is available using the Authentication and Authorization (AA) plugin.SPS executes the authorize method after the authentication method, and any inband gateway authentication or inband destination selection selection steps. As a result, the authorize method already has access the IP address of the target server, and the remote username (that is, the username used in the server-side connection).
To use an AA plugin to integrate SPS to a ticketing system, note the following points.
© 2024 One Identity LLC. ALL RIGHTS RESERVED. Terms of Use Privacy Cookie Preference Center