SiteMinder Agent for SharePoint Guide › Configure r12.0 SP3 Policy Server for the Agent for SharePoint › How to Configure the r12.0 SP3 Policy Server › Configure a Realm

Configure a Realm

Realms are groupings of resources in a specific location on your network. SiteMinder <agents> protect the resources in a realm. When users request resources within a realm, the associated Agent for SharePoint authenticates the user. The realm uses the authentication scheme you configured. The SharePoint server authorizes the user.

Because most SharePoint resources are URL-based, define the URLs of your SharePoint resources that you want to protect. Use the following examples as guides:

• http://intranet.example.com
• http://intranet.example.com/finance
• http://intranet.example.com/investors

We recommend creating few realms first during the following types of deployments:

• Testing or evaluation of the Agent for SharePoint
• Initial deployment in your enterprise.

Create a minimum set of realms or rules to enable the Agent for SharePoint to perform basic authentication. A SiteMinder administrator can create additional realms or rules as required. The following are the minimum realms required to enable Agent for SharePoint basic authentication:

• Create a realm to protect access to the authentication URL (/affwebservices/redirectjsp/redirect.jsp).
• Create a realm to allow access to the ClaimsWS (/ClaimsWS/services/WSSharePointClaimsServiceImpl).

  Note: If you intend to protect all resources using the /* rule, then create a realm to allow unprotected access to the ClaimsWS, in addition to the /* realm.

Follow these steps:

1. Click Policies, Domains.
2. Click Realm, Create Realm.

   The Create Realm: Select Domain pane appears.

3. Select the domain you created for your SharePoint resources from the Domain list, and then click Next.

   The Create Realm: Define Realm pane appears.

4. Complete the name and description fields.
5. Click the ellipsis option button.

   The Select an Agent screen appears.

6. Click the option button next to the Agent object you created for your SharePoint resources, and then click OK.

   Important: Do not add the 4.x agent object to any agent group, realm, or policy. This agent object exists only to support the internal operations of the Agent for SharePoint.

7. Click the Resource filter field, and then enter the URL of a SharePoint resource that you want to protect.

   Note: We recommend protecting only URLs on SharePoint systems, not lists, or specific documents.

8. Under rules, create new rules or delete existing rules.
9. Under Sub realms, create new sub realms or delete existing sub realms.
10. Under Session, specify the session properties.
11. Under Advanced, specify the following:
    • Registration schemes.
    • Authorization directory mappings.
    • Types of events you want the realm to process.
12. Click Finish.

    The Create Realm Task is submitted for processing.