On the basis of using only realms definitions, is it possible to unprotect realm within a more global protecting realm? How can I do it?
In order to unprotect some resources in that realm, you need to create a realm but without * character in ResourceFilter definition. Example:
First Realm:Second Realm to unprotect a specific resource in it:
Rule to protect resource: /*
"Realm for /my_server/my_application"
A more simple way to do it would be to apply the setting in the Web Agent ACO as:
By using Web Agent ACO instead, you avoid useless call to the Policy Server to unprotect Resources within a given realm, that make performances better and trouble shooting easier.