Federation Security Services Guide › Federation Web Services Application Setup › Protect the Federation Web Services Application › Enforce Policies that Protect Federation Web Services

Enforce Policies that Protect Federation Web Services

The Federation Web Services (FWS) application is protected by SiteMinder policies.

When you install the Policy Server, these policies and the related policy objects are automatically created by the ampolicy.smdif file. There is one policy for each service that makes up the Federation Web Services application.

The following table lists the objects and policies that protect FWS.

You must enforce protection of the Federation Web Services policies by adding the Web Agent protecting these services to an Agent group. All other aspects of configuring the policies, such as the Basic authentication scheme, realms and rules are set up automatically. Additionally, you must specify the affiliates/Service Providers who can access the Federation Web Services application. Additionally, you need to permit the affiliates access to the Federation Web Services application.

To enforce policies for the Federation Web Services application

1. Add the Web Agent that protects the Federation Web Services application to the Agent group FederationWebServicesAgentGroup.

   For ServletExec, this Agent is on the Web server where the Web Agent Option Pack is installed. For any application server, such as WebLogic or JBOSS, this is the Web Agent installed where the application server proxy is installed. The Web Agent Option Pack may be on a different system.

2. Specify the affiliates who are permitted to access the Federation Web Services application. This requires adding affiliates, Services Providers, or Resource Partners as users to the appropriate policies in the FederationWebServicesDomain.

   Note: You have to establish affiliate domains and add affiliates to the domains prior to giving the affiliates permission.