Federation Security Services GuideAuthenticate WS-Federation Users at a Resource PartnerHow To Protect a Target Resource with a WS-Federation Authentication Scheme › Configure a Unique Realm for Each WS-Fed Authentication Scheme

Previous Topic: How To Protect a Target Resource with a WS-Federation Authentication Scheme

Next Topic: Form the Policy to Protect the Target Resource

Configure a Unique Realm for Each WS-Fed Authentication Scheme

The procedure for configuring a unique realm for each WS-Federation authentication scheme (artifact or profile) follows the standard instructions for creating realms in the FSS Administrative UI.

To create a realm for each WS-Federation authentication scheme

  1. Log on to the FSS Administrative UI.
  2. Click the System tab.
  3. Click Edit, System Configuration, Create Domain.

    The Domain dialog opens.

  4. Create a policy domain that will contain the realm with the target resources.
  5. Create a realm under the policy domain you created in the previous step, noting the following:
    1. Select the Web Agent protecting the web server where the target federation resources reside for the Agent field.
    2. Select the WS-Federation authentication scheme for the Authentication Scheme field. This is the authentication scheme that should protect the realm.
  6. Create a rule for the realm.

    As part of the rule you select a Web Agent action (Get, Post, or Put), which allows you to control processing when users authenticate to gain access to a resource.

Note: Click Help for descriptions of settings and controls, including their respective requirements and limits.

The realm is now configured.

Copyright © 2010 CA. All rights reserved. Email CA about this topic