Realm :: Unprotecting Resources

book

Article ID: 51024

calendar_today

Updated On:

Products

CA Single Sign On Secure Proxy Server (SiteMinder) AXIOMATICS POLICY SERVER CA Single Sign On SOA Security Manager (SiteMinder) CA Single Sign-On

Issue/Introduction

Description:

On the basis of using only realms definitions, is it possible to unprotect realm within a more global protecting realm? How can I do it?

Solution:

In order to unprotect some resources in that realm, you need to create a realm but without * character in ResourceFilter definition. Example:

First Realm:

/my_server (protected)
Rule to protect resource: /*

Second Realm to unprotect a specific resource in it:

"Realm for /my_server/my_application"
ResourceFilter: /my_server/my_application/

A more simple way to do it would be to apply the setting in the Web Agent ACO as:

IgnoreUrl="http://www.my_company.com/my_server/my_application/"

By using Web Agent ACO instead, you avoid useless call to the Policy Server to unprotect Resources within a given realm, that make performances better and trouble shooting easier.

Environment

Release:
Component: SMPLC