Federation Security Services Guide › Configure SiteMinder as a SAML 2.0 Identity Provider › Configure Single Sign-on for SAML 2.0 › Configure IP Address Restrictions for Service Providers (optional)

Configure IP Address Restrictions for Service Providers (optional)

The FSS Administrative UI allows you to specify an IP address, range of IP addresses, or a subnet mask of the Web server on which a user’s browser must be running for the user to access a Service Provider. If IP addresses have been specified for a Service Provider, only users who access the Service Provider from the appropriate IP addresses will be accepted by the Service Provider.

To specify IP addresses

1. Log in to the FSS Administrative UI and select the Service Provider you want to configure.
2. Open the SAML Service Provider Properties dialog box.
3. Select the SSO tab, then click on Restrictions.
4. Click Add.

   The Add an IP Address dialog box opens.

5. Select one of the following radio buttons to indicate the type of IP address value you are adding:

   Note: If you do not know the IP address, but you have a domain name for the address, you can click on the DNS Lookup button to open the DNS Lookup dialog box. Enter a fully qualified host name in the Host Name field and click OK.

   • Single Host--specifies a single IP address that hosts the user’s browser. If you specify a single IP address, the Service Provider can only be accessed by users from the specified IP address.
   • Host Name--specifies a Web server using its host name. If you specify a host name, the Service Provider is only accessible to users who access it from the specified host.
   • Subnet Mask--specifies a subnet mask for a Web server. If you specify a subnet mask, the Service Provider is only accessible to users who access the Service Provider resources from the specified subnet mask. If you select this button, the Add An Address and Subnet Mask dialog opens. Use the Left and Right arrow buttons, or click and drag the slider bar to select a subnet mask.
   • Range--specifies IP address range. If you specify a range of IP addresses, the Service Provider only permits users who access the Service Provider resources from one of the IP addresses in the range of addresses. You enter a starting (FROM) and ending (TO) addresses to determine the range.
6. Click OK to save your configuration.