Configuration Guides › Federation Security Services Guide › Deploying Federation without the FSS Sample Application › Set Up the Service Provider › Protect the Target Resource at the SP
Protect the Target Resource at the SP
After you configure a SAML 2.0 authentication scheme, use this scheme in a policy that protects the target resource at Service Provider.
To protect the target resource
- From the System tab of the FSS Administrative UI, create a policy domain named Domain for IdP.demo Visitors.
- Define a Web Agent. In this deployment, the Agent is sp-webagent. This Agent protects the server with the Web Agent Option Pack installed.
- Associate the sp-webagent with the Domain for Idp.demo Visitors to protect the realm in this domain.
- Add the user directory that holds users user1.
- To the policy domain, add a persistent realm with the following components then click OK to save it.
- Name
-
SP Target Page Protection Realm
- Agent
-
sp-webagent
- Resource Filter
-
Defines the path to the target resource at the Service Provider web server. For this deployment, the resource filter is
/spsample/protected.jsp
- Authentication Scheme
-
Partner IdP.demo Auth Scheme
- Default Resource Protection
-
Protected
- To the realm, add a rule with the following components then click OK to save it.
- Name
-
SP Target Page Protection Rule
- Realm
-
SP Target Page Protection Realm
- Resource
-
*
- Web Agent Actions
-
Get
Accept the defaults for all other fields.
- Add a policy with the following components then click OK to save it.
- Name
-
SP Target Page Protection Policy
- Users
-
Add user1 so this user has access to the target
- Rules
-
Add the SP Target Page Protection Rule
SiteMinder protects the target resource.
- Exit the Policy Server User Interface.
- Use HTML Pages to Test the Federation Set-up.
The protection policy for the target resource is complete.
