Federation Security Services Guide › Deploying Federation without the FSS Sample Application › Set Up the Service Provider › Protect the Target Resource at the SP

Protect the Target Resource at the SP

After configuring a SAML 2.0 authentication scheme, use this scheme in a policy that protects the target resource at Service Provider.

To protect the target resource

1. From the System tab of the FSS Administrative UI, create a policy domain called Domain for IdP.demo Visitors.
2. Define a Web Agent. In this deployment, the Agent is sp-webagent. This is the Agent protecting the server with the Web Agent Option Pack installed.
3. Associate the sp-webagent with the Domain for Idp.demo Visitors to protect the realm in this domain.
4. Add the user directory that holds users user1.
5. To the policy domain, add a persistent realm with the following components then click OK to save it.
   • Name

     SP Target Page Protection Realm

   • Agent

     sp-webagent

   • Resource Filter

     This is the path to the target resource at the Service Provider web server. For this deployment, the resource filter is
     /spsample/protected.jsp

   • Authentication Scheme

     Partner IdP.demo Auth Scheme

   • Default Resource Protection

     Protected

6. To the realm, add a rule with the following components then click OK to save it.
   • Name

     SP Target Page Protection Rule

   • Realm

     SP Target Page Protection Realm

   • Resource

     *

   • Web Agent Actions

     Get

   Accept the defaults for all other fields.

7. Add a policy with the following components then click OK to save it.
   • Name

     SP Target Page Protection Policy

   • Users

     Add user1 so this user has access to the target

   • Rules

     Add the SP Target Page Protection Rule

   The target resource is now protected by SiteMinder.

8. Exit the Policy Server User Interface.
9. Use HTML Pages to Test the Federation Set-up.

The protection policy for the target resource is complete.