Agent for SharePoint Guide › How to Configure your CA SiteMinder Policy Server › Create an Authentication Scheme for the Agent for SharePoint › Configure Realms

Configure Realms

Realms are groupings of resources in a specific location on your network. CA SiteMinder <agents> protect the resources in a realm. When users request resources within a realm, the associated Agent for SharePoint authenticates the user. The realm uses the authentication scheme you configured. The SharePoint server authorizes the user.

Because most SharePoint resources are URL-based, define the URLs of your SharePoint resources that you want to protect. Use the following examples as guides:

• http://intranet.example.com
• http://intranet.example.com/finance
• http://intranet.example.com/investors

Follow these steps:

1. Click Policies, Domains.
2. Click Realm, Create Realm.

   The Create Realm: Select Domain pane appears.

3. Select the domain you created for your SharePoint resources from the Domain list, and then click Next.

   The Create Realm: Define Realm pane appears.

4. Complete the name and description fields.
5. Click the ellipsis option button.

   The Select an Agent screen appears.

6. Click the option button next to the Agent object you created for your SharePoint resources, and then click OK.

   Important: Do not add the 4.x agent object to any agent group, realm, or policy. This agent object exists only to support the internal operations of the Agent for SharePoint.

7. Click the Resource filter field, and then enter the URL of a SharePoint resource that you want to protect. The realms meet the minimum requirements to enable basic authentication:
   • Create a realm to protect the authentication URL:

     /affwebservices/redirectjsp/redirect.jsp
     

   • Create a realm to leave the ClaimsWS unprotected:

     /ClaimsWS/services/WSSharePointClaimsServiceImpl
     

   • (For SharePoint 2013 only) if you create a realm to protect all resources (/*), then create a realm to leave the following items unprotected:
     • /_vti_bin/wopi.ashx/
     • /affwebservices/spsignout.jsp (for single log-out)

   Note: We recommend protecting only URLs on SharePoint systems, not lists, or specific documents.

8. Under rules, create new rules or delete existing rules.
9. Under Sub realms, create new sub realms or delete existing sub realms.
10. Under Session, specify the session properties.
11. Under Advanced, specify the following:
    • Registration schemes.
    • Authorization directory mappings.
    • Types of events you want the realm to process.
12. Click Finish.

    The Create Realm Task is submitted for processing.