Previous Topic: SiteMinder WSS Agent Configuration ParametersNext Topic: Configure the Username and Password Digest Token Age Restriction

Web Services Security GuidesCA SiteMinder® Web Services Security Agent Guide for iPlanet Web ServersAdvanced ConfigurationConfigure a SiteMinder WSS Agent to Enable Fine-Grain Resource Identification

Configure a SiteMinder WSS Agent to Enable Fine-Grain Resource Identification

By default, the SiteMinder WSS Agent identifies incoming requests for web service resources as follows:

[URL][Web Service Name]

However, the SiteMinder WSS Agent can be configured to provide fine-grain resource identification, additionally identifying the requested web service operation name, so that requests are identified as:

[URL][Web Service Name][Web Service Operation]

This allows you to define fine-grain policies that include the web service operation in authorization decisions, but may adversely affect transaction performance.

Note: For more information on configuring fine-grain authorization policies, see the CA SiteMinder® Web Services Security Policy Configuration Guide.

Follow these steps:

  1. Ensure that the XMLSDKResourceIdentification Agent configuration parameter is present and set to Yes for the target SiteMinder WSS Agent.
  2. Edit the XmlToolkit.properties file located in agent_home\java to ensure that the WSDMResourceIdentification entry is present and set to "Yes".
  3. Save and close the XmlToolkit.properties file.
  4. Restart the target SiteMinder WSS Agent.

Note: You must enable fine-grain resource identification to use the Administrative UI to generate policies for web service resources protected by the SiteMinder WSS Agent from their associated WSDL files.