Agent for SharePoint Guide › How to Configure your SiteMinder Policy Server › Create a SiteMinder Application to Protect SharePoint Resources

Create a SiteMinder Application to Protect SharePoint Resources

SiteMinder applications protect resources by combining access privileges with specific conditions. Users who have the privileges and meet the conditions are granted access to the resources they request.

This section describes creating an application with the following components:

• A resource filter to protect the authentication URL.
• A resource filter to leave the claims web service (ClaimsWS) unprotected by SiteMinder.
• A connection to the user directory that contains your SharePoint users.

These components meet the minimum requirements of the Agent for SharePoint. We recommend creating few applications and components during evaluation, testing, or initial-deployment environments. You can add more applications and components at any time.

Note: If you want to use the CA DLP classification service with your Agent for SharePoint, the application model described here is required. Do not use the Domain/realm model from previous SiteMinder releases. The Agent for SharePoint r12.0 SP3 did not support the CA DLP classification service.

Follow these steps:

1. Click Policies, Applications.

   The applications screen appears.

2. Click Create Application.

   The Create Application: screen appears, with the General tab selected.

3. Enter a distinctive name and optional description.
4. Create the component for the authentication URL by doing the following steps:
   1. Click the Component Name field, and type a distinctive name to describe the SharePoint resources you want to protect, such as, "Protected SharePoint Resources."
   2. Verify that Web Agent appears in the Agent Type drop-down list.
   3. Click Lookup Agent/Agent Group.

      The Select Agent or Agent Group screen appears.

   4. Click the option button that corresponds to your Agent Object, and then click OK.

      Important: Do not add the 4.x agent object to any agent group, application, or component. This agent object exists only to support the internal operations of the Agent for SharePoint.

   5. Click the Resource Filter field, and then enter the following value:

      affwebservices/redirectjsp/redirect.jsp
      

      Verify that the field begins with one forward slash as shown in the following example:

      /affwebservices/redirectjsp/redirect.jsp
      

   6. Click the Authentication Scheme drop-down list, and then select the authentication scheme that you want.
   7. Click OK.
5. Create the component for the ClaimsWS by doing the following steps:
   1. Click Create Component.

      The Create Component screen appears, with the cursor in the Component Name field.

   2. Type a distinctive name to describe the SharePoint resources you want to protect, such as, "Claims Web Service."
   3. Verify that Web Agent appears in the Agent Type drop-down list.
   4. Click Lookup Agent/Agent Group.

      The Select Agent or Agent Group screen appears.

   5. Click the option button that corresponds to your Agent Object, and then click OK.

      Important: Do not add the 4.x agent object to any agent group, application, or component. This agent object exists only to support the internal operations of the Agent for SharePoint.

   6. Click the Resource Filter field, and then enter the following value:

      ClaimsWS/services/WSSharePointClaimsServiceImpl
      

   7. Verify that the field begins with one forward slash as shown in the following example:

      /ClaimsWS/services/WSSharePointClaimsServiceImpl
      

   8. Click the Unprotected option button.
   9. Click the Authentication Scheme drop-down list, and then select the authentication scheme that you want.
   10. Click OK.
6. Add your user directory connection by doing the following steps:
   1. Click Add/Remove.

      The Choose user directories screen appears.

   2. Under the Available Members, click the directory connections that you want, and then click the arrow icon between the lists.

      Your directory connections move to the Selected Members list.

   3. Click OK.

      The Choose user directories screen closes, and the Create Application: screen appears.

   Note: The components in Steps 5 and 6 are the basic components the Agent for SharePoint requires to operate. For testing or production environments, create additional components for the other SharePoint URLs resources you want to protect. Possible examples of components include the following items:

   • http://intranet.example.com
   • http://intranet.example.com/finance
   • http://intranet.example.com/investors
7. Click Submit.

   The application is created and a confirmation message appears.