Previous Topic: Set the Redirect Mode to Store SAML AttributesNext Topic: Configure a Response to Send Attributes as HTTP Headers

Federation Security Services GuideConfigure SiteMinder as a SAML 2.0 Service ProviderSupply SAML Attributes as HTTP HeadersCreate an Authorization Rule to Validate Users

Create an Authorization Rule to Validate Users

For the realm containing the protected target resource, create a rule that is triggered during the authorization process to retrieve the SAML attributes from the session store.

The rule is based on an authorization event (onAccessAccept).Because the user has already been authenticated by the FWS application, the Web Agent cannot reauthenticate the user and pass on the HTTP headers. The retrieval of the attributes happen during the authorization stage.

To create an OnAccessAccept Rule for the realm

  1. Log on to the FSS Administrative UI.
  2. From the Domains tab, navigate to the realm which protects the target resource.
  3. Select the realm with the target resource and select Create Rule under Realm.

    The Rule Properties dialog opens.

  4. Enter a name in the Name field that describes the rules purpose as an authorization rule.
  5. Select the realm protecting the target resource for the Realm field.
  6. Enter an asterisk (*) in the Resource field.
  7. Select Authorization events and OnAccessAccept in the Action section.
  8. Verify that Enabled is selected in the Allow/Deny and Enable/Disable section.
  9. Click OK to save the rule.

The authorization rule is now defined for the realm with the protected resource.