|
|
|
Note: Ignore this section if you are configuring a TAI-only environment and proceed directly to Accessing the Snoop Servlet in a Web Browser.
In this example, the goal is to create a SiteMinder realm using an HTML forms authentication scheme so that the SiteMinder TAI intercepts the HTTP request for the Snoop servlet and challenges the user for credentials and authenticates the user. The role of the SiteMinder TAI is to verify that the user is authenticated or has a valid SiteMinder token (SiteMinder session cookie). If the TAI authenticates the user, then WebSphere will also do so because the Policy Server and WebSphere share the same user store.
Once this criteria is met, the configured SiteMinder JACC Provider authorizes the user to access the Snoop servlet.
Note: The following procedure provides an overview of the steps required to create the required policy objects with appropriate parameter settings. For detailed procedural information, see the Policy Server Configuration Guide.
To set up the example and protect the Snoop Servlet
The domain you created in step 4.
Default Snoop Realm.
Default Snoop Realm.
Agent identity for the SiteMinder Agent or, if using one Agent Configuration Object/Agent identity for each SiteMinder Agent module, the name of the Agent group that contains them
/snoop.
Protected.
The HTML Forms authentication scheme you created in Step 2.
Forms authentication must be hosted on the Web Agent.
The Default Snoop Realm you created in Step 5.
Snoop Protection Rule
*
Select the Web Agent Actions radio button and highlight the GET action.
Snoop Access Policy
Users or groups of users that are allowed access to the Snoop servlet.
The Snoop Protection Rule that you created in Step 6.
| Copyright © 2010 CA. All rights reserved. | Email CA Technologies about this topic |