resourceaccessdenied
accessdenied 时间:2021-04-13 阅读:()
ConfiguringaSecureAccesseTrustSiteMinderServerInstance(NSMProcedure)WithintheSecureAccessdevice,aSiteMinderinstanceisasetofconfigurationsettingsthatdefineshowtheSecureAccessdeviceinteractswiththeSiteMinderpolicyserver.
ToconfiguretheSiteMinderserverinstance:1.
IntheNSMnavigationtree,selectDeviceManager>Devices.
2.
ClicktheDeviceTreetab,andthendouble-clicktheSecureAccessdeviceforwhichyouwanttoconfigureeTrustSiteMinderserverinstance.
3.
ClicktheConfigurationtabandselectAuthentication>AuthServers.
Thecorrespondingworkspaceappears.
NOTE:Ifyouwanttoupdateanexistingserverinstance,clicktheappropriatelinkintheAuthServerNamebox,andperformtheSteps5through10.
4.
ClicktheNewbutton.
TheNewdialogboxappears.
5.
IntheAuthServerNamelist,specifyanametoidentifytheserverinstance.
6.
SelectSiteMinderServerfromtheAuthServerTypelist.
7.
ConfiguretheserverusingthesettingsdescribedinTable1.
8.
Clickone:OK—Savesthechanges.
Cancel—Cancelsthemodifications.
9.
SetadvancedSiteMinderconfigurationoptions(optional)usingthesettingsdescribedinTable2.
Table1:SecureAccesseTrustSiteMinderConfigurationDetailsYourActionFunctionOptionSiteminderSettings>BasicSettingstabEnteranameorIPaddress.
SpecifiesthenameorIPaddressoftheSiteMinderpolicyserver.
PolicyServerEnteracomma-delimitedlistofbackuppolicyservers(optional).
Specifiesalistofbackuppolicyservers(optional).
BackupServer(s)ConfiguringaSecureAccesseTrustSiteMinderServerInstance(NSMProcedure)1Table1:SecureAccesseTrustSiteMinderConfigurationDetails(continued)YourActionFunctionOptionSelectYes—SecureAccessdeviceusesthemainpolicyserverunlessitfails.
SelectNo—SecureAccessdeviceloadbalancesamongallthespecifiedpolicyservers.
AllowstheSecureAccessdevicetousethemainpolicyserverunlessitfails.
FailoverModeEnteranagentname.
NOTE:Sharedsecretandagentnamearecase-sensitive.
SpecifiestheSiteMinderagentname.
AgentNameEnterasharedsecretname.
NOTE:Sharedsecretandagentnamearecase-sensitive.
Specifiesthesharedsecret.
SecretSelecttheserverversionfromthedrop-downlist.
SpecifiesaSiteMinderserverversion.
Version5.
5supports5.
5and6.
0.
Version6.
0supportsonly6.
0oftheSiteMinderserverAPI.
Thedefaultvalueis5.
5policyservers.
CompatiblewithEnteraURL.
SpecifiesaURLtowhichusersareredirectedwhentheysignoutoftheSecureAccessdevice(optional).
Ifyouleavethisfieldempty,usersseethedefaultSecureAccessdevicesign-inpage.
Onlogout,redirecttoEnteraURL.
NOTE:Youmustenteraforwardslash(/)atthebeginningoftheresource(forexample,enter"/ive-authentication").
Specifiesadefaultprotectedresource.
Ifyoudonotcreatesign-inpoliciesforSiteMinder,theSecureAccessdeviceusesthisdefaultURLtosettheuser'sprotectionlevelforthesession.
TheSecureAccessdevicealsousesthisdefaultURLifyouselecttheAutomaticSign-Inoption.
ProtectedResourceSiteminderSettings>SMSESSIONcookiesettingstab2ConfiguringaSecureAccesseTrustSiteMinderServerInstance(NSMProcedure)Table1:SecureAccesseTrustSiteMinderConfigurationDetails(continued)YourActionFunctionOptionEnteraURLforthecookiedomain.
NOTE:Multipledomainsshouldusealeadingperiodandbecommaseparated.
Forexample:.
sales.
myorg.
com,.
marketing.
myorg.
com.
Domainnamesarecase-sensitive.
Youcannotusewildcardcharacters.
Forexample,ifyoudefine".
juniper.
net",theusermustaccesstheSecureAccessdeviceas"http://secureaccessdevice.
juniper.
net"toensurethathisSMSESSIONcookieissentbacktotheSecureAccessdevice.
SpecifiesthecookiedomainoftheSecureAccessdevice.
CookieDomainEnteraURL.
Specifiestheinternetdomain(s)towhichtheSecureAccessdevicesendstheSMSESSIONcookieusingthesameguidelinesoutlinedfortheCookieDomainfield.
IVECookieDomainSelecttheprotocolfromthedrop-downlist:HTTPS—SendscookiessecurelyifotherWebagentsaresetuptoacceptsecurecookies.
HTTP—Sendscookiesnonsecurely.
Sendscookiessecurelyandnonsecurely.
ProtocolSiteminderSettings>AuthenticationtabSelecttheAutomaticSign-Inoptiontoenablethisfeature.
AllowsuserswithavalidSMSESSIONtoautomaticallysignintotheSecureAccessdevice.
AutomaticSign-InSelectanauthenticationrealmfromthedrop-downlist.
Specifiesanauthenticationrealmforautomaticallysigned-inusers.
TheSecureAccessdevicemapstheusertoarolebasedontherolemappingrulesdefinedintheselectedrealm.
AutomaticSignInrealmtouseConfiguringaSecureAccesseTrustSiteMinderServerInstance(NSMProcedure)3Table1:SecureAccesseTrustSiteMinderConfigurationDetails(continued)YourActionFunctionOptionEnteraURL.
SpecifiesanalternateURLforuserswhosignintotheSecureAccessdevicethroughtheAutomaticSign-Inmechanism.
TheSecureAccessdeviceredirectsuserstothespecifiedURLiftheSecureAccessdevicefailstoauthenticateandnoredirectresponseisreceivedfromtheSiteMinderpolicyserver.
Ifyouleavethisfieldempty,usersarepromptedtosignbackintotheSecureAccessdevice.
NOTE:Userswhosigninthroughthesign-inpagearealwaysredirectedbacktotheSecureAccessdevicesign-inpageifauthenticationfails.
IfAutomaticSignInfails,redirecttoSelectSiteminderSettings>Authentication>AuthenticationType>CustomAgentoptionfromtheAuthenticationTypedrop-downlist.
AuthenticatesusingtheSecureAccessdevicecustomWebagent.
AuthenticationType>CustomAgentSelectSiteminderSettings>Authentication>AuthenticationType>FormPOSToptionfromtheAuthenticationTypedrop-downlisttoallowtheWebagenttocontactthepolicyservertodeterminetheappropriatesign-inpagetodisplaytotheuser.
PostsusercredentialstoastandardWebagentthatyouhavealreadyconfiguredratherthancontactingtheSiteMinderpolicyserverdirectly.
AuthenticationType>FormPOSTEnterthetargetURL.
SpecifiesthetargetURL.
NOTE:Theformposttarget,formpostprotocol,formpostWebagent,formpostport,formpostpath,andformpostparametersfieldaredisplayedonlywhenyouselectFormPOSToptionfromtheAuthenticationtypedropdownlist.
FormPOSTTarget4ConfiguringaSecureAccesseTrustSiteMinderServerInstance(NSMProcedure)Table1:SecureAccesseTrustSiteMinderConfigurationDetails(continued)YourActionFunctionOptionSelecttheprotocolfromthedrop-downlist:HTTP—Fornonsecurecommunication.
HTTPS—Forsecurecommunication.
AllowsyoutospecifytheprotocolforcommunicationbetweenIVEandthespecifiedWebagent.
NOTE:ThisfieldisdisplayedonlywhenyouselecttheFormPOSToptionfromtheAuthenticationTypedrop-downlist.
FormPOSTProtocolEnterthenameofthewebagent.
SpecifiesthenameoftheWebagentfromwhichtheSecureAccessdeviceistoobtainSMSESSIONcookies.
NOTE:ThisfieldisdisplayedonlywhenyouselectFormPOSToptionfromtheAuthenticationTypedrop-downlist.
FormPOSTWebagentEnterport80forHTTPorport443forHTTPS.
Specifiestheportfortheprotocol.
NOTE:ThisfieldisdisplayedonlywhenyouselecttheFormPOSToptionfromtheAuthenticationTypedrop-downlist.
FormPOSTPortEnterthepathoftheWebagent'ssign-inpage.
NOTE:Thepathmuststartwithabackslash(/)character.
IntheWebagentsign-inpageURL,thepathappearsaftertheWebagent.
Specifiesthepathofthesign-inpage.
NOTE:ThisfieldisdisplayedonlywhenyouselecttheFormPOSToptionfromtheAuthenticationTypedrop-downlist.
FormPOSTPathEnterthepostparameters.
CommonSiteMindervariablesthatyoucanuseinclude__USER__,__PASS__,and__TARGET__.
ThesevariablesarereplacedbytheusernameandpasswordenteredbytheuserontheWebagent'ssign-inpageandbythevaluespecifiedintheTargetfield.
Thesearethedefaultparametersforlogin.
fcc—ifyouhavemadecustomizations,youmayneedtochangetheseparameters.
Specifiesthepostparameterstobesentwhenausersignsin.
NOTE:ThisfieldisdisplayedonlywhenyouselecttheFormPOSToptionfromtheAuthenticationTypedrop-downlist.
FormPOSTParametersConfiguringaSecureAccesseTrustSiteMinderServerInstance(NSMProcedure)5Table1:SecureAccesseTrustSiteMinderConfigurationDetails(continued)YourActionFunctionOptionSelectSiteminderSettings>Authentication>AuthenticationType>DelegatetoaStandardAgentoptionfromtheAuthenticationTypedrop-downlist.
Delegatesauthenticationtoastandardagent.
WhentheuseraccessestheSecureAccessdevicesign-inpage,theSecureAccessdevicedeterminestheFCCURLassociatedwiththeprotectedresource'sauthenticationscheme.
TheSecureAccessdeviceredirectstheusertothatURL,settingtheSecureAccessdevicesign-inURLasthetarget.
Aftersuccessfullyauthenticatingwiththestandardagent,anSMSESSIONcookieissetintheuser'sbrowserandtheuserisredirectedbacktotheSecureAccessdevice.
TheSecureAccessdevicethenautomaticallysignsintheuserandestablishesaSecureAccesssession.
AuthenticationType>DelegatetoaStandardAgentSiteminderSettings>AuthorizationtabSelectSiteminderSettings>Authorization>AuthorizerequestsagainstSiteMinderpolicyserver.
UsesSiteMinderpolicyserverrulestoauthorizeuserWebresourcerequests.
Ifyouselectthisoption,makesurethatyoucreatetheappropriaterulesinSiteMinderthatstartwiththeservernamefollowedbyaforwardslash,suchas:"www.
yahoo.
com/","www.
yahoo.
com/*",and"www.
yahoo.
com/r/f1".
AuthorizerequestsagainstSiteMinderpolicyserver6ConfiguringaSecureAccesseTrustSiteMinderServerInstance(NSMProcedure)Table1:SecureAccesseTrustSiteMinderConfigurationDetails(continued)YourActionFunctionOptionEnteraURL.
SpecifiesanalternativeURLthatusersareredirectedtoiftheSecureAccessdevicefailstoauthorizeandnoredirectresponseisreceivedfromtheSiteMinderpolicyserver.
Ifyouleavethisfieldempty,usersarepromptedtosignbackintotheSecureAccessdevice.
NOTE:Ifyouareusinganauthorization-onlyaccesspolicy,youmustenteranalternativeURLinthisfieldregardlessofwhethertheAuthorizerequestsagainstSiteMinderpolicyserveroptionisselected.
UsersareredirectedtothisURLwhenanaccessdeniederroroccurs.
See"Definingauthorization-onlyaccesspolicies.
"Ifauthorizationfails,redirecttoEnteraURL.
SpecifiesaresourceontheWebagenttowhichtheSecureAccessdeviceredirectsuserswhentheydonothavetheappropriatepermissions.
ResourceforinsufficientprotectionlevelEntertheextensionsofeachfiletypethatyouwanttoignore,separatingeachwithacomma.
Forexample,enter.
gif,.
jpeg,.
jpg,.
bmptoignorevariousimagetypes.
Youcannotusewildcardcharacters(suchas*,*.
*,or.
*)toignorearangeoffiletypes.
Specifiesfileextensionscorrespondingtofiletypesthatdonotrequireauthorization.
IgnoreauthorizationforfileswithextensionsServerCatalog>ExpressionstabEnteraname.
SpecifiesanamefortheuserexpressionintheSiteMinderuserdirectory.
NameEnteravalue.
SpecifiesavaluefortheuserexpressionintheSiteMinderuserdirectory.
ValueServerCatalog>AttributestabEnteraname.
SpecifiesthenameoftheuserattributecookieintheSiteMinderuserdirectory.
NameConfiguringaSecureAccesseTrustSiteMinderServerInstance(NSMProcedure)7Table2:SecureAccesseTrustSiteMinderAdvancedConfigurationDetailsYourActionFunctionOptionSiteminderSettings>AdvancedtabEnterthepollintervalinseconds.
SpecifiestheintervalatwhichSecureAccessdevicepollstheSiteMinderpolicyservertocheckforanewkey.
PollInterval(seconds)Enteranumber.
ControlsthemaximumnumberofsimultaneousconnectionsthattheSecureAccessdeviceisallowedtomaketothepolicyserver.
NOTE:Thedefaultsettingis20.
MaximumAgentsEnteranumber.
ControlsthemaximumnumberofrequeststhatthepolicyserverconnectionhandlesbeforetheSecureAccessdeviceendstheconnection.
Ifnecessary,tunetoincreaseperformance.
NOTE:Thedefaultsettingis1000.
MaximumRequests/AgentEntertheIdletimeoutinminutes.
Controlsthemaximumnumberofminutesaconnectiontothepolicyservermayremainidle(theconnectionisnothandlingrequests)beforetheSecureAccessdeviceendstheconnection.
Thedefaultsettingof"none"indicatesnotimelimit.
IdleTimeout(minutes)SelectSiteminderSettings>Advanced>AuthorizewhileAuthenticating.
SpecifiesthattheSecureAccessdeviceshouldlookupuserattributesonthepolicyserverimmediatelyafterauthenticationtodetermineiftheuseristrulyauthenticated.
AuthorizewhileAuthenticating8ConfiguringaSecureAccesseTrustSiteMinderServerInstance(NSMProcedure)Table2:SecureAccesseTrustSiteMinderAdvancedConfigurationDetails(continued)YourActionFunctionOptionSiteminderSettings>AdvancedtabSelectSiteminderSettings>Advanced>EnableSessionGracePeriodtoenablethisfeature.
Youcaneliminatetheoverheadofverifyingauser'sSMSESSIONcookieeachtimetheuserrequeststhesameresourcebyindicatingthattheSecureAccessdeviceshouldconsiderthecookievalidforacertainperiodoftime.
Duringthatperiod,theSecureAccessdeviceassumesthatitscachedcookieisvalidratherthanrevalidatingitagainstthepolicyserver.
Notethatthevalueenteredheredoesnotaffectsessionoridletimeoutchecking.
Eliminatestheoverheadofverifyingauser'sSMSESSIONcookieeachtimetheuserrequeststhesameresourcebyindicatingthattheSecureAccessdeviceshouldconsiderthecookievalidforacertainperiodoftime.
Ifyoudonotselectthisoption,theSecureAccessdevicecheckstheuser'sSMSESSIONcookieoneachrequest.
EnableSessionGracePeriodEnterthetimeperiodinseconds.
SpecifiesthetimeperiodfortheSecureAccessdevicetoeliminatetheoverheadofverifyingauser'sSMSESSIONcookieeachtimetheuserrequeststhesameresourcebyindicatingthattheSecureAccessdeviceshouldconsiderthecookievalidforacertainperiodoftime.
Validatecookieevery(seconds)SelecttheIgnoreQueryDataoptiontoenablethisfeature.
SpecifiesthattheSecureAccessdevicedoesnotcachethequeryparameterinitsURLs.
Therefore,ifauserrequeststhesameresourceasisspecifiedinthecachedURL,therequestshouldnotfail.
IgnoreQueryDataEnterthevalue.
SpecifiesthatthevalueenteredinthisfieldmustmatchtheaccountingportvalueenteredthroughthePolicyServerManagementConsoleinthewebUI.
Bydefault,thisfieldmatchesthepolicyserver'sdefaultsettingof44441.
AccountingPortConfiguringaSecureAccesseTrustSiteMinderServerInstance(NSMProcedure)9Table2:SecureAccesseTrustSiteMinderAdvancedConfigurationDetails(continued)YourActionFunctionOptionSiteminderSettings>AdvancedtabEnteravalue.
ThevalueenteredinthisfieldmustmatchtheauthenticationportvalueenteredthroughthePolicyServerManagementConsole.
Bydefault,thisfieldmatchesthepolicyserver'sdefaultsettingof44442.
AuthenticationPortEnteravalue.
ThevalueenteredinthisfieldmustmatchtheauthorizationportvalueenteredthroughthePolicyServerManagementConsole.
Bydefault,thisfieldmatchesthepolicyserver'sdefaultsettingof44443.
AuthorizationPortRelatedTopicsConfiguringaSecureAccessCertificateServerInstance(NSMProcedure)ConfiguringaSecureAccessSAMLServerInstance(NSMProcedure)ConfiguringaSecureAccessAnonymousServerInstance(NSMProcedure)Published:2009-08-2010ConfiguringaSecureAccesseTrustSiteMinderServerInstance(NSMProcedure)
ToconfiguretheSiteMinderserverinstance:1.
IntheNSMnavigationtree,selectDeviceManager>Devices.
2.
ClicktheDeviceTreetab,andthendouble-clicktheSecureAccessdeviceforwhichyouwanttoconfigureeTrustSiteMinderserverinstance.
3.
ClicktheConfigurationtabandselectAuthentication>AuthServers.
Thecorrespondingworkspaceappears.
NOTE:Ifyouwanttoupdateanexistingserverinstance,clicktheappropriatelinkintheAuthServerNamebox,andperformtheSteps5through10.
4.
ClicktheNewbutton.
TheNewdialogboxappears.
5.
IntheAuthServerNamelist,specifyanametoidentifytheserverinstance.
6.
SelectSiteMinderServerfromtheAuthServerTypelist.
7.
ConfiguretheserverusingthesettingsdescribedinTable1.
8.
Clickone:OK—Savesthechanges.
Cancel—Cancelsthemodifications.
9.
SetadvancedSiteMinderconfigurationoptions(optional)usingthesettingsdescribedinTable2.
Table1:SecureAccesseTrustSiteMinderConfigurationDetailsYourActionFunctionOptionSiteminderSettings>BasicSettingstabEnteranameorIPaddress.
SpecifiesthenameorIPaddressoftheSiteMinderpolicyserver.
PolicyServerEnteracomma-delimitedlistofbackuppolicyservers(optional).
Specifiesalistofbackuppolicyservers(optional).
BackupServer(s)ConfiguringaSecureAccesseTrustSiteMinderServerInstance(NSMProcedure)1Table1:SecureAccesseTrustSiteMinderConfigurationDetails(continued)YourActionFunctionOptionSelectYes—SecureAccessdeviceusesthemainpolicyserverunlessitfails.
SelectNo—SecureAccessdeviceloadbalancesamongallthespecifiedpolicyservers.
AllowstheSecureAccessdevicetousethemainpolicyserverunlessitfails.
FailoverModeEnteranagentname.
NOTE:Sharedsecretandagentnamearecase-sensitive.
SpecifiestheSiteMinderagentname.
AgentNameEnterasharedsecretname.
NOTE:Sharedsecretandagentnamearecase-sensitive.
Specifiesthesharedsecret.
SecretSelecttheserverversionfromthedrop-downlist.
SpecifiesaSiteMinderserverversion.
Version5.
5supports5.
5and6.
0.
Version6.
0supportsonly6.
0oftheSiteMinderserverAPI.
Thedefaultvalueis5.
5policyservers.
CompatiblewithEnteraURL.
SpecifiesaURLtowhichusersareredirectedwhentheysignoutoftheSecureAccessdevice(optional).
Ifyouleavethisfieldempty,usersseethedefaultSecureAccessdevicesign-inpage.
Onlogout,redirecttoEnteraURL.
NOTE:Youmustenteraforwardslash(/)atthebeginningoftheresource(forexample,enter"/ive-authentication").
Specifiesadefaultprotectedresource.
Ifyoudonotcreatesign-inpoliciesforSiteMinder,theSecureAccessdeviceusesthisdefaultURLtosettheuser'sprotectionlevelforthesession.
TheSecureAccessdevicealsousesthisdefaultURLifyouselecttheAutomaticSign-Inoption.
ProtectedResourceSiteminderSettings>SMSESSIONcookiesettingstab2ConfiguringaSecureAccesseTrustSiteMinderServerInstance(NSMProcedure)Table1:SecureAccesseTrustSiteMinderConfigurationDetails(continued)YourActionFunctionOptionEnteraURLforthecookiedomain.
NOTE:Multipledomainsshouldusealeadingperiodandbecommaseparated.
Forexample:.
sales.
myorg.
com,.
marketing.
myorg.
com.
Domainnamesarecase-sensitive.
Youcannotusewildcardcharacters.
Forexample,ifyoudefine".
juniper.
net",theusermustaccesstheSecureAccessdeviceas"http://secureaccessdevice.
juniper.
net"toensurethathisSMSESSIONcookieissentbacktotheSecureAccessdevice.
SpecifiesthecookiedomainoftheSecureAccessdevice.
CookieDomainEnteraURL.
Specifiestheinternetdomain(s)towhichtheSecureAccessdevicesendstheSMSESSIONcookieusingthesameguidelinesoutlinedfortheCookieDomainfield.
IVECookieDomainSelecttheprotocolfromthedrop-downlist:HTTPS—SendscookiessecurelyifotherWebagentsaresetuptoacceptsecurecookies.
HTTP—Sendscookiesnonsecurely.
Sendscookiessecurelyandnonsecurely.
ProtocolSiteminderSettings>AuthenticationtabSelecttheAutomaticSign-Inoptiontoenablethisfeature.
AllowsuserswithavalidSMSESSIONtoautomaticallysignintotheSecureAccessdevice.
AutomaticSign-InSelectanauthenticationrealmfromthedrop-downlist.
Specifiesanauthenticationrealmforautomaticallysigned-inusers.
TheSecureAccessdevicemapstheusertoarolebasedontherolemappingrulesdefinedintheselectedrealm.
AutomaticSignInrealmtouseConfiguringaSecureAccesseTrustSiteMinderServerInstance(NSMProcedure)3Table1:SecureAccesseTrustSiteMinderConfigurationDetails(continued)YourActionFunctionOptionEnteraURL.
SpecifiesanalternateURLforuserswhosignintotheSecureAccessdevicethroughtheAutomaticSign-Inmechanism.
TheSecureAccessdeviceredirectsuserstothespecifiedURLiftheSecureAccessdevicefailstoauthenticateandnoredirectresponseisreceivedfromtheSiteMinderpolicyserver.
Ifyouleavethisfieldempty,usersarepromptedtosignbackintotheSecureAccessdevice.
NOTE:Userswhosigninthroughthesign-inpagearealwaysredirectedbacktotheSecureAccessdevicesign-inpageifauthenticationfails.
IfAutomaticSignInfails,redirecttoSelectSiteminderSettings>Authentication>AuthenticationType>CustomAgentoptionfromtheAuthenticationTypedrop-downlist.
AuthenticatesusingtheSecureAccessdevicecustomWebagent.
AuthenticationType>CustomAgentSelectSiteminderSettings>Authentication>AuthenticationType>FormPOSToptionfromtheAuthenticationTypedrop-downlisttoallowtheWebagenttocontactthepolicyservertodeterminetheappropriatesign-inpagetodisplaytotheuser.
PostsusercredentialstoastandardWebagentthatyouhavealreadyconfiguredratherthancontactingtheSiteMinderpolicyserverdirectly.
AuthenticationType>FormPOSTEnterthetargetURL.
SpecifiesthetargetURL.
NOTE:Theformposttarget,formpostprotocol,formpostWebagent,formpostport,formpostpath,andformpostparametersfieldaredisplayedonlywhenyouselectFormPOSToptionfromtheAuthenticationtypedropdownlist.
FormPOSTTarget4ConfiguringaSecureAccesseTrustSiteMinderServerInstance(NSMProcedure)Table1:SecureAccesseTrustSiteMinderConfigurationDetails(continued)YourActionFunctionOptionSelecttheprotocolfromthedrop-downlist:HTTP—Fornonsecurecommunication.
HTTPS—Forsecurecommunication.
AllowsyoutospecifytheprotocolforcommunicationbetweenIVEandthespecifiedWebagent.
NOTE:ThisfieldisdisplayedonlywhenyouselecttheFormPOSToptionfromtheAuthenticationTypedrop-downlist.
FormPOSTProtocolEnterthenameofthewebagent.
SpecifiesthenameoftheWebagentfromwhichtheSecureAccessdeviceistoobtainSMSESSIONcookies.
NOTE:ThisfieldisdisplayedonlywhenyouselectFormPOSToptionfromtheAuthenticationTypedrop-downlist.
FormPOSTWebagentEnterport80forHTTPorport443forHTTPS.
Specifiestheportfortheprotocol.
NOTE:ThisfieldisdisplayedonlywhenyouselecttheFormPOSToptionfromtheAuthenticationTypedrop-downlist.
FormPOSTPortEnterthepathoftheWebagent'ssign-inpage.
NOTE:Thepathmuststartwithabackslash(/)character.
IntheWebagentsign-inpageURL,thepathappearsaftertheWebagent.
Specifiesthepathofthesign-inpage.
NOTE:ThisfieldisdisplayedonlywhenyouselecttheFormPOSToptionfromtheAuthenticationTypedrop-downlist.
FormPOSTPathEnterthepostparameters.
CommonSiteMindervariablesthatyoucanuseinclude__USER__,__PASS__,and__TARGET__.
ThesevariablesarereplacedbytheusernameandpasswordenteredbytheuserontheWebagent'ssign-inpageandbythevaluespecifiedintheTargetfield.
Thesearethedefaultparametersforlogin.
fcc—ifyouhavemadecustomizations,youmayneedtochangetheseparameters.
Specifiesthepostparameterstobesentwhenausersignsin.
NOTE:ThisfieldisdisplayedonlywhenyouselecttheFormPOSToptionfromtheAuthenticationTypedrop-downlist.
FormPOSTParametersConfiguringaSecureAccesseTrustSiteMinderServerInstance(NSMProcedure)5Table1:SecureAccesseTrustSiteMinderConfigurationDetails(continued)YourActionFunctionOptionSelectSiteminderSettings>Authentication>AuthenticationType>DelegatetoaStandardAgentoptionfromtheAuthenticationTypedrop-downlist.
Delegatesauthenticationtoastandardagent.
WhentheuseraccessestheSecureAccessdevicesign-inpage,theSecureAccessdevicedeterminestheFCCURLassociatedwiththeprotectedresource'sauthenticationscheme.
TheSecureAccessdeviceredirectstheusertothatURL,settingtheSecureAccessdevicesign-inURLasthetarget.
Aftersuccessfullyauthenticatingwiththestandardagent,anSMSESSIONcookieissetintheuser'sbrowserandtheuserisredirectedbacktotheSecureAccessdevice.
TheSecureAccessdevicethenautomaticallysignsintheuserandestablishesaSecureAccesssession.
AuthenticationType>DelegatetoaStandardAgentSiteminderSettings>AuthorizationtabSelectSiteminderSettings>Authorization>AuthorizerequestsagainstSiteMinderpolicyserver.
UsesSiteMinderpolicyserverrulestoauthorizeuserWebresourcerequests.
Ifyouselectthisoption,makesurethatyoucreatetheappropriaterulesinSiteMinderthatstartwiththeservernamefollowedbyaforwardslash,suchas:"www.
yahoo.
com/","www.
yahoo.
com/*",and"www.
yahoo.
com/r/f1".
AuthorizerequestsagainstSiteMinderpolicyserver6ConfiguringaSecureAccesseTrustSiteMinderServerInstance(NSMProcedure)Table1:SecureAccesseTrustSiteMinderConfigurationDetails(continued)YourActionFunctionOptionEnteraURL.
SpecifiesanalternativeURLthatusersareredirectedtoiftheSecureAccessdevicefailstoauthorizeandnoredirectresponseisreceivedfromtheSiteMinderpolicyserver.
Ifyouleavethisfieldempty,usersarepromptedtosignbackintotheSecureAccessdevice.
NOTE:Ifyouareusinganauthorization-onlyaccesspolicy,youmustenteranalternativeURLinthisfieldregardlessofwhethertheAuthorizerequestsagainstSiteMinderpolicyserveroptionisselected.
UsersareredirectedtothisURLwhenanaccessdeniederroroccurs.
See"Definingauthorization-onlyaccesspolicies.
"Ifauthorizationfails,redirecttoEnteraURL.
SpecifiesaresourceontheWebagenttowhichtheSecureAccessdeviceredirectsuserswhentheydonothavetheappropriatepermissions.
ResourceforinsufficientprotectionlevelEntertheextensionsofeachfiletypethatyouwanttoignore,separatingeachwithacomma.
Forexample,enter.
gif,.
jpeg,.
jpg,.
bmptoignorevariousimagetypes.
Youcannotusewildcardcharacters(suchas*,*.
*,or.
*)toignorearangeoffiletypes.
Specifiesfileextensionscorrespondingtofiletypesthatdonotrequireauthorization.
IgnoreauthorizationforfileswithextensionsServerCatalog>ExpressionstabEnteraname.
SpecifiesanamefortheuserexpressionintheSiteMinderuserdirectory.
NameEnteravalue.
SpecifiesavaluefortheuserexpressionintheSiteMinderuserdirectory.
ValueServerCatalog>AttributestabEnteraname.
SpecifiesthenameoftheuserattributecookieintheSiteMinderuserdirectory.
NameConfiguringaSecureAccesseTrustSiteMinderServerInstance(NSMProcedure)7Table2:SecureAccesseTrustSiteMinderAdvancedConfigurationDetailsYourActionFunctionOptionSiteminderSettings>AdvancedtabEnterthepollintervalinseconds.
SpecifiestheintervalatwhichSecureAccessdevicepollstheSiteMinderpolicyservertocheckforanewkey.
PollInterval(seconds)Enteranumber.
ControlsthemaximumnumberofsimultaneousconnectionsthattheSecureAccessdeviceisallowedtomaketothepolicyserver.
NOTE:Thedefaultsettingis20.
MaximumAgentsEnteranumber.
ControlsthemaximumnumberofrequeststhatthepolicyserverconnectionhandlesbeforetheSecureAccessdeviceendstheconnection.
Ifnecessary,tunetoincreaseperformance.
NOTE:Thedefaultsettingis1000.
MaximumRequests/AgentEntertheIdletimeoutinminutes.
Controlsthemaximumnumberofminutesaconnectiontothepolicyservermayremainidle(theconnectionisnothandlingrequests)beforetheSecureAccessdeviceendstheconnection.
Thedefaultsettingof"none"indicatesnotimelimit.
IdleTimeout(minutes)SelectSiteminderSettings>Advanced>AuthorizewhileAuthenticating.
SpecifiesthattheSecureAccessdeviceshouldlookupuserattributesonthepolicyserverimmediatelyafterauthenticationtodetermineiftheuseristrulyauthenticated.
AuthorizewhileAuthenticating8ConfiguringaSecureAccesseTrustSiteMinderServerInstance(NSMProcedure)Table2:SecureAccesseTrustSiteMinderAdvancedConfigurationDetails(continued)YourActionFunctionOptionSiteminderSettings>AdvancedtabSelectSiteminderSettings>Advanced>EnableSessionGracePeriodtoenablethisfeature.
Youcaneliminatetheoverheadofverifyingauser'sSMSESSIONcookieeachtimetheuserrequeststhesameresourcebyindicatingthattheSecureAccessdeviceshouldconsiderthecookievalidforacertainperiodoftime.
Duringthatperiod,theSecureAccessdeviceassumesthatitscachedcookieisvalidratherthanrevalidatingitagainstthepolicyserver.
Notethatthevalueenteredheredoesnotaffectsessionoridletimeoutchecking.
Eliminatestheoverheadofverifyingauser'sSMSESSIONcookieeachtimetheuserrequeststhesameresourcebyindicatingthattheSecureAccessdeviceshouldconsiderthecookievalidforacertainperiodoftime.
Ifyoudonotselectthisoption,theSecureAccessdevicecheckstheuser'sSMSESSIONcookieoneachrequest.
EnableSessionGracePeriodEnterthetimeperiodinseconds.
SpecifiesthetimeperiodfortheSecureAccessdevicetoeliminatetheoverheadofverifyingauser'sSMSESSIONcookieeachtimetheuserrequeststhesameresourcebyindicatingthattheSecureAccessdeviceshouldconsiderthecookievalidforacertainperiodoftime.
Validatecookieevery(seconds)SelecttheIgnoreQueryDataoptiontoenablethisfeature.
SpecifiesthattheSecureAccessdevicedoesnotcachethequeryparameterinitsURLs.
Therefore,ifauserrequeststhesameresourceasisspecifiedinthecachedURL,therequestshouldnotfail.
IgnoreQueryDataEnterthevalue.
SpecifiesthatthevalueenteredinthisfieldmustmatchtheaccountingportvalueenteredthroughthePolicyServerManagementConsoleinthewebUI.
Bydefault,thisfieldmatchesthepolicyserver'sdefaultsettingof44441.
AccountingPortConfiguringaSecureAccesseTrustSiteMinderServerInstance(NSMProcedure)9Table2:SecureAccesseTrustSiteMinderAdvancedConfigurationDetails(continued)YourActionFunctionOptionSiteminderSettings>AdvancedtabEnteravalue.
ThevalueenteredinthisfieldmustmatchtheauthenticationportvalueenteredthroughthePolicyServerManagementConsole.
Bydefault,thisfieldmatchesthepolicyserver'sdefaultsettingof44442.
AuthenticationPortEnteravalue.
ThevalueenteredinthisfieldmustmatchtheauthorizationportvalueenteredthroughthePolicyServerManagementConsole.
Bydefault,thisfieldmatchesthepolicyserver'sdefaultsettingof44443.
AuthorizationPortRelatedTopicsConfiguringaSecureAccessCertificateServerInstance(NSMProcedure)ConfiguringaSecureAccessSAMLServerInstance(NSMProcedure)ConfiguringaSecureAccessAnonymousServerInstance(NSMProcedure)Published:2009-08-2010ConfiguringaSecureAccesseTrustSiteMinderServerInstance(NSMProcedure)
- resourceaccessdenied相关文档
- Repositoriesaccessdenied
- 网关accessdenied
- mainaccessdenied
- networksaccessdenied
- 口罩accessdenied
- Remoteaccessdenied
Vultr新用户省钱福利,最新可用优惠码/优惠券更新
如今我们无论线上还是线下选择商品的时候是不是习惯问问是不是有优惠活动,如果有的话会加速购买欲望。同样的,如果我们有准备选择Vultr商家云服务器的时候,也会问问是不是有Vultr优惠码或者优惠券这类。确实,目前Vultr商家有一些时候会有针对新注册用户赠送一定的优惠券活动。那就定期抽点时间在这篇文章中专门整理最新可用Vultr优惠码和商家促销活动。不过需要令我们老用户失望的,至少近五年我们看到Vu...
HostHatch(15美元)大硬盘VPS,香港NVMe,美国、英国、荷兰、印度、挪威、澳大利亚
HostHatch在当地时间7月30日发布了一系列的促销套餐,涉及亚洲和欧美的多个地区机房,最低年付15美元起,一次买2年还能免费升级双倍资源。商家成立于2011年,提供基于KVM架构的VPS主机,数据中心包括中国香港、美国、英国、荷兰、印度、挪威、澳大利亚等国家的十几个地区机房。官方网站:https://hosthatch.com/NVMe VPS(香港/悉尼)1 CPU core (12.5%...
特网云(1050元),IP数5 个可用 IP (/29) ,美国高防御服务器 无视攻击
特网云特网云为您提供高速、稳定、安全、弹性的云计算服务计算、存储、监控、安全,完善的云产品满足您的一切所需,深耕云计算领域10余年;我们拥有前沿的核心技术,始终致力于为政府机构、企业组织和个人开发者提供稳定、安全、可靠、高性价比的云计算产品与服务。官方网站:https://www.56dr.com/ 10年老品牌 值得信赖 有需要的请联系======================特网云美国高防御...
accessdenied为你推荐
-
信用卡applecentos6.5如何安装linux centos6.5美要求解锁iPhone美版解锁的iphone在大陆怎么用重庆网站制作我想做个网站,我是重庆的人。想在本地找个做网站的公司,请教一下在重庆那个公司比较好一点,,,,谢谢我要购买|我要查询|我要开户科创板首批名单2019年房产税试点城市名单小型汽车网上自主编号申请成都新车上牌办理流程和办理条件是如何的爱买网超爱买网的特点35互联在中国哪家服务商提供的企业邮箱好呢?中国保健养猪网最具权威的养猪信息网站是哪个 啊