Create a Global Rule for Authorization Events
You create a global rule for authentication events to control actions that occur when users authenticate to gain access to a resource.
To create a global rule
The Create Global Rule pane appears.
Note: Click Help for descriptions of settings and controls, including their respective requirements and limits.
Note: If you specify an Agent Group and have also configured domain-specific rules associated with the same resource, you may adversely affect system performance by effectively duplicating processing steps. Consider domain-specific rules that may duplicate the responses generated by global rules. In such cases, only one response is returned to the Agent because the Policy Server automatically deletes duplicate responses before passing information back to the requesting Agent.
The global rule is saved.
You enable a global rule to ensure SiteMinder fires the rule if a user accesses the specified resource and triggers the authentication or authorization event. You disable a global rule to prevent SiteMinder from firing the rule if a user accesses the specified resource and triggers the authentication or authorization event.
To enable or disable a global rule
The rule is saved.
You add time restrictions to a global policy to ensure that the global policy only fires at specific times. If a user attempts to access a resource outside of the period specified by the time restriction, the policy does not fire.
To add a time restriction to a global rule
The Time Restrictions pane opens.
Note: Click Help for descriptions of settings and controls, including their respective requirements and limits.
Note: Each check box represents one hour. When a check box is selected, the rule fires during that hour, and the rule applies to the specified resources. When a check box is cleared, the rule does not fire during that hour, and the rule will not apply to the specified resources.
You configure an active rule for dynamic authorization based on external business logic. The Policy Server invokes a function in a customer-supplied shared library. This shared library must conform to the interface specified by the Authorization API, which is available in the Software Development Kit.
Note: For more information about shared libraries, see the Programming Guide for C.
To configure an Active Rule
The active rule string is displayed in the Active Rule field.
Note: Click Help for descriptions of settings and controls, including their respective requirements and limits.
The active rule is saved.
If you delete a global rule, the rule is automatically removed from any global policies that include the global rule. The global policies remain on your system. Verify that the global policies function without the deleted rule.
Global policies must contain at least one global rule.
Note: More information about modifying and deleting Policy Server objects exists in Manage Policy Server Objects.
Global responses are the part of a global policy that define the attributes to be returned after a user triggers the authentication or authorization event specified in a global rule.
Note: You may use global responses in domain policies. In order to be returned, a global response must be added to a domain-specific or global policy. Within policies, the global response will be processed like a domain-specific response.
|
Copyright © 2012 CA.
All rights reserved.
|
|