AdminUI realm configuration with asterix * wildcard

book

Article ID: 53054

calendar_today

Updated On:

Products

CA Single Sign On Secure Proxy Server (SiteMinder) CA Single Sign On SOA Security Manager (SiteMinder) CA Single Sign-On SITEMINDER

Issue/Introduction

 

Planning to protect several resources as :

  | Resource          | Protection  |
  |-------------------+-------------|
  | / (root)          | protected   |
  | /person/_app_bin  | unprotected |
  | /contact/_app_bin | unprotected |
  | /address/_app_bin | unprotected |

Can be all these resources being unprotected with having only 2 Realms
as :

  | Realm       | Protection  |
  |-------------+-------------|
  | / (root)    | protected   |
  | /*/_vti_bin | unprotected |

Or said in another way, can wildcards be used in Realm definition ?

 

Resolution

 

Wildcards in Realms are not supported. Only string are allowed
(1). They would be treated as literal character. And as such, note
that * are reserved characters in URL and should not be in usage (2).

 

Additional Information

 

(1)

    Identify a Resource by Agent, Realm, and Rule

      Realm Resource Filter

      A string, such as a relative path to a directory, that specifies the
      resources covered by the realm.

      Rule Resource

      A string or regular expression that specifies the resources to which
      the rule applies

    https://techdocs.broadcom.com/us/en/symantec-security-software/identity-security/siteminder/12-8/configuring/policy-server-configuration/realms.html  


(2)

     Recommendations 

       The asterisk ("*", ASCII 2A hex) and exclamation mark ("!" ,
       ASCII 21 hex) are reserved for use as having special
       signifiance within specific schemes.

     https://www.w3.org/Addressing/URL/4_URI_Recommentations.html