CheckOut
Use CheckOut method to check out a credentials with the PIMSlnHelper DLL. The check-out widget is an example of an implementation that uses the CheckOut method.
HRESULT CheckOut(
[in] ISERuntime* RuntimeObj,
[in] BSTR ItimSvcUrl,
[in] BSTR ItimAuthSvcId,
[in] BSTR PrivCredBag,
[in] VARIANT_BOOL IsPrivCredBagLocal,
[in] BSTR ApplicationName,
[in] VARIANT_BOOL ServiceLowerCaseConventionEnabled,
[in] VARIANT_BOOL ReAuthPasscodeEnabled,
[in] VARIANT_BOOL CheckInAllBeforeCheckOutEnabled,
[in] BSTR RoleSelectionDlgParentHwndSignature,
[in] VARIANT_BOOL SilentModeEnabled,
[in, defaultvalue("true")] VARIANT_BOOL IsRegistrationEnabled,
[in, defaultvalue("")] BSTR RecordingId,
[out, retval] int* pRet);
[out,retval] int* pRet);Parameters
- RuntimeObj
- Run time object obtained from the scripting host.
- ItimSvcUrl
- URL of the IBM® Security Identity Manager service. For example: https://pimva.example.com/itim/services/WSSharedAccessService.
- ItimAuthSvcId
- Authentication service ID of IBM Security Identity Manager. The user Wallet must contain the IBM Security Identity Manager credential.
- PrivCredBag
- Privileged credential bag stores:
- Checked-out privileged credentials.
- Application managed resource authentication service ID.
- IsPrivCredBagLocal
- Specify whether to use local bag for the privileged credential bag.
- ItimTokenBag
- This parameter is not used. It is included for compatibility with an earlier version.
- IsItimTokenBagLocal
- Specify whether to use local bag for IBM Security Identity Manager token bag.
- CheckInAllBeforeCheckOutEnabled
- Specify whether to reauthenticate user credentials before you check out.
- ReAuthPasscodeEnabled
- Specify whether to check in all credentials before checkout.
- RoleSelectionDlgParentHwndSignature
- Signature of the role selection dialog box parent window. If the parameter is an empty string, the role selection dialog box parent window is NULL.
- SilentModeEnabled
- If this parameter is true, no dialogs and prompts are displayed.
- IsRegistrationEnabled
- If this parameter is true, the background process automatically checks in the shared credential. It occurs when the process fails to check in the credential, for example, a user exits the program in an unexpected way.
- BSTR RecordingId
- Specifies the Privileged Session Recorder console recording ID.
Example VBScript action
' Perform CheckOut
Dim cicomgr
Dim pc
Dim result
Dim reauth_needed
Const PrivCredBag = "CICO_injection_bag"
Set pc = runtime.getPropertiesContainer()
RoleSelectionDlgParentHwndSignature = pc.GetPropValue("RoleSelectionDlgParentHwndSignature")
isim_url = pc.GetPropValue("WSPATH")
isim_auth_service = pc.GetPropValue("isim_auth_service")
ApplicationName = pc.GetAccDataItem(PrivCredBag, "ApplicationName")
RecordingId = pc.GetPropValue("recording_session_guid")
reauth_needed_str = pc.GetPropValue("reauth_needed")
if reauth_needed_str = "0" then
reauth_needed = False
else
reauth_needed = True
end if
Set cicomgr = CreateObject("PIMSlnHelper.CICOMgr")
result = cicomgr.CheckOut(runtime _
, isim_url _
, isim_auth_service _
, PrivCredBag _
, true _
, ApplicationName _
, true _
, reauth_needed _
, false _
, RoleSelectionDlgParentHwndSignature _
, false _
, True _
, RecordingId _
)
' save the result value so that we can show the error description
pc.SetPropValue "checkout_result", result
if result = 0 then
' succesful checkout
pc.SetPropValue "checkout_done","1"
pc.SetAccDataItem PrivCredBag, "checkout_done", "1"
elseif result = 5 then
' if ISIM credentials not found in wallet
pc.SetPropValue "checkout_done", "-1"
pc.SetAccDataItem PrivCredBag, "checkout_done", "-1"
else
' default error handling
pc.SetPropValue "checkout_done", "0"
pc.SetAccDataItem PrivCredBag, "checkout_done", "0"
end if