ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.

Realm :: Unprotecting Resources


Article ID: 51024


Updated On:


CA Single Sign On Secure Proxy Server (SiteMinder) CA Single Sign On SOA Security Manager (SiteMinder) CA Single Sign-On



On the basis of using only realms definitions, is it possible to unprotect realm within a more global protecting realm? How can I do it?


In order to unprotect some resources in that realm, you need to create a realm but without * character in ResourceFilter definition. Example:

First Realm:

/my_server (protected)
Rule to protect resource: /*

Second Realm to unprotect a specific resource in it:

"Realm for /my_server/my_application"
ResourceFilter: /my_server/my_application/

A more simple way to do it would be to apply the setting in the Web Agent ACO as:


By using Web Agent ACO instead, you avoid useless call to the Policy Server to unprotect Resources within a given realm, that make performances better and trouble shooting easier.


Component: SMPLC