How to unprotect "/" while protecting all other resources under it
search cancel

How to unprotect "/" while protecting all other resources under it

book

Article ID: 10543

calendar_today

Updated On:

Products

CA Single Sign On Secure Proxy Server (SiteMinder) CA Single Sign On SOA Security Manager (SiteMinder) CA Single Sign-On SITEMINDER CA Single Sign On Agents (SiteMinder)

Issue/Introduction

How can we unprotect the root "/" without creating multiple rules to protect the rest of the resources?

This tip will show a protect all under root URL except root page.



A customer wants to allow access to https://_host.example.com/ without requiring a login.
But anything under "/" must require login, for example https://_host.example.com/abc. 

http://_host.example.com/    <= to be unprotected 

http://_host.example.com/abc <= to be protected
http://_host.example.com/xxx <= to be protected 

 

Environment

Policy server : r12.5 and above

Resolution

1. Unprotect root resource. 
Create root realm (effective resource filter = "/" ) as unprotected so users would not be challenged. 

You can have '*' for the rule to unprotect all and have sub-realms. 

 

2. Use Regular Expression with '.' for the rule. 

Create a rule with a regular expression to trigger only when there is a value. (expression = ".") 

Yes, a dot only. 

"." matches a single character. It does not matter what character it is, except a newline.

 

It means "." would only match if there is a value. 

With this combination, the rule would not trigger when accessing https://_host.example.com/
but it would for any request that is under it such as https://_host.example.com/123.

Additional Information

 

* Regular Expression can be tested on websites found over the internet.

* Ignore Unprotected Resources


The other scenario that if particular URI to be unprotected is described following document.

https://techdocs.broadcom.com/us/en/symantec-security-software/identity-security/siteminder/12-8/configuring/web-agent-configuration/performance/ignore-unprotected-resources.html

 

Attachments

1558707149896000010543_sktwi1f5rjvs16qky.png get_app
1558707147852000010543_sktwi1f5rjvs16qkx.png get_app