Federation Security Services Guide › Configure SiteMinder as an Account Partner › Authenticate Users without a SiteMinder Session › Create a Policy to Protect the Authentication URL

Create a Policy to Protect the Authentication URL

To create a policy to protect the Authentication URL

1. Log into the FSS Administrative UI.
2. From the System tab, create Web Agents to bind to the realms that you define for the Account Partner Web Server. You can assign unique Agent names for the Web Server at the Account Partner and the Federation Web Services application or use the same Agent name for both.
3. Create a policy domain for the users who want to access Resource Partner resources.
4. From the Users tab, select the users who must have access to the resources that are part of the policy domain.
5. Define a realm for the policy domain with the following values:
   1. Agent: select the Agent for the Web Server at the Account Partner.
   2. Resource Filter:

      Web Agents v5.x QMR 4 and later, and SPS federation gateway enter:

      /siteminderagent/redirectjsp/

      Web Agents v5.x QMR 1, 2, or 3, enter:

      /affwebservices/redirectjsp/

      The resource filter, /siteminderagent/redirectjsp/ is an alias, set up automatically by the Federation Web Services application. It is a reference to the following:

      • For a Web Agent:

        web_agent_home/affwebservices/redirectjsp

      • For an SPS federation gateway:

        sps_home/secure-proxy/Tomcat/webapps/affwebservices/redirectjsp

   3. For the remaining settings, accept the defaults or modify as needed.
6. Click OK to save the realm.
7. Create a rule for the realm. In the Resource field, accept the default value, the asterisk (*), to protect all resources for the realm. Select the Web Agent actions GET, POST, and PUT as the allowed actions.
8. Create a policy for the Web Server at the Account Partner that includes the rule created in the previous step.