Policy Server Guides › Policy Server Configuration Guide › Using the Policy Server as a RADIUS Server › Policies in RADIUS Environments
Policies in RADIUS Environments
A SiteMinder RADIUS policy is enforced by a RADIUS Agent and is created by binding the following elements together:
- An authentication rule
- A response
- A user or user group, and
- Optionally, an IP address, Time, and an active policy.
The basic structure of a policy is shown in the following diagram.
Although RADIUS policies are composed of the same elements that are contained in policies used by SiteMinder Agents, RADIUS Agents interpret the components differently. Rules, realms, and responses perform different functions, as shown in the following table.
|
Policy Component
|
In a RADIUS Policy, this item:
|
In a SiteMinder Agent Policy, this item:
|
|
Realm
|
- Identifies the Agent.
- Identifies the authentication scheme.
- Defines session timeouts.
|
- Defines the resource filter (directory within the domain that the SiteMinder Agent will govern).
- Identifies the Agent.
- Identifies the authentication scheme.
- Defines the state (protected or unprotected) of the resource.
- Identifies which events (authentication or authorization) to process.
- Defines session timeouts.
|
|
Rule
|
- Authenticates only.
- Allows or denies access.
- Defines time or active rule restrictions.
|
- Defines the resource filter.
- Defines the action (Web Agent action, authorization event, or authentication event.
- Allows or denies access.
- Authorizes and authenticates.
- Defines time or active rule restrictions.
|
|
Response
|
- Defines the values to return for authentication events.
|
- Defines the value to return for an authorization event.
- Defines the values to return for authentication events.
- Defines the values to return for authorization reject events.
- Defines the values to return for authentication reject events.
|
