If your SiteMinder TAI is not configured to challenge requests for credentials (the challengeforcredentials Agent configuration parameter is set to no), you configure a SiteMinder TAI Assertion Realm in which SiteMinder simply asserts the identities obtained from SiteMinder session cookies associated with HTTP requests. This assures that requests by HTTP clients already authenticated by SiteMinder (and thus with associated SiteMinder session cookies) are not rechallenged by WebSphere when they access your web applications. Other requests are rejected.
Note: The following procedure provides an overview of the steps required to create the required policy objects with appropriate parameter settings. For detailed procedural information, see the Policy Server Configuration Guide.
To create a realm for non-challenged requests
The domain you created in step 3.
SiteMinder TAI Assertion Realm.
SiteMinder TAI Assertion Realm.
The SiteMinder Agent Identity you configured for the SiteMinder TAI.
/AssertionAuthResource (any value is valid, but it must match value of AssertionAuthResource Agent configuration parameter specified for the TAI module).
For example, /siteminderassertion.
Protected.
Basic or any authentication scheme.
This option must be disabled.
This option must be disabled.
Non-persistent.
Configuring rules or policies for this assertion realm is unnecessary. However, to implement user mapping, you must set an authentication response attribute, and then configure appropriate rules and policies for the assertion realm.
Copyright © 2010 CA. All rights reserved. | Email CA Technologies about this topic |