Previous Topic: How To Protect a Target Resource with a WS-Federation Authentication SchemeNext Topic: Configure a Single Target Realm for All WS-Federation Authentication Schemes

Federation Security Services GuideConfigure SiteMinder as a Resource PartnerHow To Protect a Target Resource with a WS-Federation Authentication SchemeConfigure a Unique Realm for Each WS-Fed Authentication Scheme

Configure a Unique Realm for Each WS-Fed Authentication Scheme

The procedure for configuring a unique realm for each WS-Federation authentication scheme (artifact or profile) follows the standard instructions for creating realms in the FSS Administrative UI.

To create a realm for each WS-Federation authentication scheme

  1. Log on to the FSS Administrative UI.
  2. Click the System tab.
  3. Click Edit, System Configuration, Create Domain.

    The Domain dialog opens.

  4. Create a policy domain.
  5. Create a realm under the policy domain from the previous step, noting the following:
    1. Select the Web Agent protecting the web server where the target federation resources reside for the Agent field.
    2. Select the WS-Federation authentication scheme for the Authentication Scheme field. This authentication scheme protects the realm.
  6. Create a rule for the realm.

    As part of the rule you select a Web Agent action (Get, Post, or Put), which allows you to control processing when users authenticate to gain access to a resource.

  7. Configure the policy, using the realm you created.
  8. Save the policy.
  9. Exit the FSS Administrative UI.

Note: Click Help for descriptions of settings and controls, including their respective requirements and limits.

A policy with a unique realm now protects the federated resource.