resourceaccessdenied
accessdenied 时间:2021-04-13 阅读:()
ConfiguringaSecureAccesseTrustSiteMinderServerInstance(NSMProcedure)WithintheSecureAccessdevice,aSiteMinderinstanceisasetofconfigurationsettingsthatdefineshowtheSecureAccessdeviceinteractswiththeSiteMinderpolicyserver.
ToconfiguretheSiteMinderserverinstance:1.
IntheNSMnavigationtree,selectDeviceManager>Devices.
2.
ClicktheDeviceTreetab,andthendouble-clicktheSecureAccessdeviceforwhichyouwanttoconfigureeTrustSiteMinderserverinstance.
3.
ClicktheConfigurationtabandselectAuthentication>AuthServers.
Thecorrespondingworkspaceappears.
NOTE:Ifyouwanttoupdateanexistingserverinstance,clicktheappropriatelinkintheAuthServerNamebox,andperformtheSteps5through10.
4.
ClicktheNewbutton.
TheNewdialogboxappears.
5.
IntheAuthServerNamelist,specifyanametoidentifytheserverinstance.
6.
SelectSiteMinderServerfromtheAuthServerTypelist.
7.
ConfiguretheserverusingthesettingsdescribedinTable1.
8.
Clickone:OK—Savesthechanges.
Cancel—Cancelsthemodifications.
9.
SetadvancedSiteMinderconfigurationoptions(optional)usingthesettingsdescribedinTable2.
Table1:SecureAccesseTrustSiteMinderConfigurationDetailsYourActionFunctionOptionSiteminderSettings>BasicSettingstabEnteranameorIPaddress.
SpecifiesthenameorIPaddressoftheSiteMinderpolicyserver.
PolicyServerEnteracomma-delimitedlistofbackuppolicyservers(optional).
Specifiesalistofbackuppolicyservers(optional).
BackupServer(s)ConfiguringaSecureAccesseTrustSiteMinderServerInstance(NSMProcedure)1Table1:SecureAccesseTrustSiteMinderConfigurationDetails(continued)YourActionFunctionOptionSelectYes—SecureAccessdeviceusesthemainpolicyserverunlessitfails.
SelectNo—SecureAccessdeviceloadbalancesamongallthespecifiedpolicyservers.
AllowstheSecureAccessdevicetousethemainpolicyserverunlessitfails.
FailoverModeEnteranagentname.
NOTE:Sharedsecretandagentnamearecase-sensitive.
SpecifiestheSiteMinderagentname.
AgentNameEnterasharedsecretname.
NOTE:Sharedsecretandagentnamearecase-sensitive.
Specifiesthesharedsecret.
SecretSelecttheserverversionfromthedrop-downlist.
SpecifiesaSiteMinderserverversion.
Version5.
5supports5.
5and6.
0.
Version6.
0supportsonly6.
0oftheSiteMinderserverAPI.
Thedefaultvalueis5.
5policyservers.
CompatiblewithEnteraURL.
SpecifiesaURLtowhichusersareredirectedwhentheysignoutoftheSecureAccessdevice(optional).
Ifyouleavethisfieldempty,usersseethedefaultSecureAccessdevicesign-inpage.
Onlogout,redirecttoEnteraURL.
NOTE:Youmustenteraforwardslash(/)atthebeginningoftheresource(forexample,enter"/ive-authentication").
Specifiesadefaultprotectedresource.
Ifyoudonotcreatesign-inpoliciesforSiteMinder,theSecureAccessdeviceusesthisdefaultURLtosettheuser'sprotectionlevelforthesession.
TheSecureAccessdevicealsousesthisdefaultURLifyouselecttheAutomaticSign-Inoption.
ProtectedResourceSiteminderSettings>SMSESSIONcookiesettingstab2ConfiguringaSecureAccesseTrustSiteMinderServerInstance(NSMProcedure)Table1:SecureAccesseTrustSiteMinderConfigurationDetails(continued)YourActionFunctionOptionEnteraURLforthecookiedomain.
NOTE:Multipledomainsshouldusealeadingperiodandbecommaseparated.
Forexample:.
sales.
myorg.
com,.
marketing.
myorg.
com.
Domainnamesarecase-sensitive.
Youcannotusewildcardcharacters.
Forexample,ifyoudefine".
juniper.
net",theusermustaccesstheSecureAccessdeviceas"http://secureaccessdevice.
juniper.
net"toensurethathisSMSESSIONcookieissentbacktotheSecureAccessdevice.
SpecifiesthecookiedomainoftheSecureAccessdevice.
CookieDomainEnteraURL.
Specifiestheinternetdomain(s)towhichtheSecureAccessdevicesendstheSMSESSIONcookieusingthesameguidelinesoutlinedfortheCookieDomainfield.
IVECookieDomainSelecttheprotocolfromthedrop-downlist:HTTPS—SendscookiessecurelyifotherWebagentsaresetuptoacceptsecurecookies.
HTTP—Sendscookiesnonsecurely.
Sendscookiessecurelyandnonsecurely.
ProtocolSiteminderSettings>AuthenticationtabSelecttheAutomaticSign-Inoptiontoenablethisfeature.
AllowsuserswithavalidSMSESSIONtoautomaticallysignintotheSecureAccessdevice.
AutomaticSign-InSelectanauthenticationrealmfromthedrop-downlist.
Specifiesanauthenticationrealmforautomaticallysigned-inusers.
TheSecureAccessdevicemapstheusertoarolebasedontherolemappingrulesdefinedintheselectedrealm.
AutomaticSignInrealmtouseConfiguringaSecureAccesseTrustSiteMinderServerInstance(NSMProcedure)3Table1:SecureAccesseTrustSiteMinderConfigurationDetails(continued)YourActionFunctionOptionEnteraURL.
SpecifiesanalternateURLforuserswhosignintotheSecureAccessdevicethroughtheAutomaticSign-Inmechanism.
TheSecureAccessdeviceredirectsuserstothespecifiedURLiftheSecureAccessdevicefailstoauthenticateandnoredirectresponseisreceivedfromtheSiteMinderpolicyserver.
Ifyouleavethisfieldempty,usersarepromptedtosignbackintotheSecureAccessdevice.
NOTE:Userswhosigninthroughthesign-inpagearealwaysredirectedbacktotheSecureAccessdevicesign-inpageifauthenticationfails.
IfAutomaticSignInfails,redirecttoSelectSiteminderSettings>Authentication>AuthenticationType>CustomAgentoptionfromtheAuthenticationTypedrop-downlist.
AuthenticatesusingtheSecureAccessdevicecustomWebagent.
AuthenticationType>CustomAgentSelectSiteminderSettings>Authentication>AuthenticationType>FormPOSToptionfromtheAuthenticationTypedrop-downlisttoallowtheWebagenttocontactthepolicyservertodeterminetheappropriatesign-inpagetodisplaytotheuser.
PostsusercredentialstoastandardWebagentthatyouhavealreadyconfiguredratherthancontactingtheSiteMinderpolicyserverdirectly.
AuthenticationType>FormPOSTEnterthetargetURL.
SpecifiesthetargetURL.
NOTE:Theformposttarget,formpostprotocol,formpostWebagent,formpostport,formpostpath,andformpostparametersfieldaredisplayedonlywhenyouselectFormPOSToptionfromtheAuthenticationtypedropdownlist.
FormPOSTTarget4ConfiguringaSecureAccesseTrustSiteMinderServerInstance(NSMProcedure)Table1:SecureAccesseTrustSiteMinderConfigurationDetails(continued)YourActionFunctionOptionSelecttheprotocolfromthedrop-downlist:HTTP—Fornonsecurecommunication.
HTTPS—Forsecurecommunication.
AllowsyoutospecifytheprotocolforcommunicationbetweenIVEandthespecifiedWebagent.
NOTE:ThisfieldisdisplayedonlywhenyouselecttheFormPOSToptionfromtheAuthenticationTypedrop-downlist.
FormPOSTProtocolEnterthenameofthewebagent.
SpecifiesthenameoftheWebagentfromwhichtheSecureAccessdeviceistoobtainSMSESSIONcookies.
NOTE:ThisfieldisdisplayedonlywhenyouselectFormPOSToptionfromtheAuthenticationTypedrop-downlist.
FormPOSTWebagentEnterport80forHTTPorport443forHTTPS.
Specifiestheportfortheprotocol.
NOTE:ThisfieldisdisplayedonlywhenyouselecttheFormPOSToptionfromtheAuthenticationTypedrop-downlist.
FormPOSTPortEnterthepathoftheWebagent'ssign-inpage.
NOTE:Thepathmuststartwithabackslash(/)character.
IntheWebagentsign-inpageURL,thepathappearsaftertheWebagent.
Specifiesthepathofthesign-inpage.
NOTE:ThisfieldisdisplayedonlywhenyouselecttheFormPOSToptionfromtheAuthenticationTypedrop-downlist.
FormPOSTPathEnterthepostparameters.
CommonSiteMindervariablesthatyoucanuseinclude__USER__,__PASS__,and__TARGET__.
ThesevariablesarereplacedbytheusernameandpasswordenteredbytheuserontheWebagent'ssign-inpageandbythevaluespecifiedintheTargetfield.
Thesearethedefaultparametersforlogin.
fcc—ifyouhavemadecustomizations,youmayneedtochangetheseparameters.
Specifiesthepostparameterstobesentwhenausersignsin.
NOTE:ThisfieldisdisplayedonlywhenyouselecttheFormPOSToptionfromtheAuthenticationTypedrop-downlist.
FormPOSTParametersConfiguringaSecureAccesseTrustSiteMinderServerInstance(NSMProcedure)5Table1:SecureAccesseTrustSiteMinderConfigurationDetails(continued)YourActionFunctionOptionSelectSiteminderSettings>Authentication>AuthenticationType>DelegatetoaStandardAgentoptionfromtheAuthenticationTypedrop-downlist.
Delegatesauthenticationtoastandardagent.
WhentheuseraccessestheSecureAccessdevicesign-inpage,theSecureAccessdevicedeterminestheFCCURLassociatedwiththeprotectedresource'sauthenticationscheme.
TheSecureAccessdeviceredirectstheusertothatURL,settingtheSecureAccessdevicesign-inURLasthetarget.
Aftersuccessfullyauthenticatingwiththestandardagent,anSMSESSIONcookieissetintheuser'sbrowserandtheuserisredirectedbacktotheSecureAccessdevice.
TheSecureAccessdevicethenautomaticallysignsintheuserandestablishesaSecureAccesssession.
AuthenticationType>DelegatetoaStandardAgentSiteminderSettings>AuthorizationtabSelectSiteminderSettings>Authorization>AuthorizerequestsagainstSiteMinderpolicyserver.
UsesSiteMinderpolicyserverrulestoauthorizeuserWebresourcerequests.
Ifyouselectthisoption,makesurethatyoucreatetheappropriaterulesinSiteMinderthatstartwiththeservernamefollowedbyaforwardslash,suchas:"www.
yahoo.
com/","www.
yahoo.
com/*",and"www.
yahoo.
com/r/f1".
AuthorizerequestsagainstSiteMinderpolicyserver6ConfiguringaSecureAccesseTrustSiteMinderServerInstance(NSMProcedure)Table1:SecureAccesseTrustSiteMinderConfigurationDetails(continued)YourActionFunctionOptionEnteraURL.
SpecifiesanalternativeURLthatusersareredirectedtoiftheSecureAccessdevicefailstoauthorizeandnoredirectresponseisreceivedfromtheSiteMinderpolicyserver.
Ifyouleavethisfieldempty,usersarepromptedtosignbackintotheSecureAccessdevice.
NOTE:Ifyouareusinganauthorization-onlyaccesspolicy,youmustenteranalternativeURLinthisfieldregardlessofwhethertheAuthorizerequestsagainstSiteMinderpolicyserveroptionisselected.
UsersareredirectedtothisURLwhenanaccessdeniederroroccurs.
See"Definingauthorization-onlyaccesspolicies.
"Ifauthorizationfails,redirecttoEnteraURL.
SpecifiesaresourceontheWebagenttowhichtheSecureAccessdeviceredirectsuserswhentheydonothavetheappropriatepermissions.
ResourceforinsufficientprotectionlevelEntertheextensionsofeachfiletypethatyouwanttoignore,separatingeachwithacomma.
Forexample,enter.
gif,.
jpeg,.
jpg,.
bmptoignorevariousimagetypes.
Youcannotusewildcardcharacters(suchas*,*.
*,or.
*)toignorearangeoffiletypes.
Specifiesfileextensionscorrespondingtofiletypesthatdonotrequireauthorization.
IgnoreauthorizationforfileswithextensionsServerCatalog>ExpressionstabEnteraname.
SpecifiesanamefortheuserexpressionintheSiteMinderuserdirectory.
NameEnteravalue.
SpecifiesavaluefortheuserexpressionintheSiteMinderuserdirectory.
ValueServerCatalog>AttributestabEnteraname.
SpecifiesthenameoftheuserattributecookieintheSiteMinderuserdirectory.
NameConfiguringaSecureAccesseTrustSiteMinderServerInstance(NSMProcedure)7Table2:SecureAccesseTrustSiteMinderAdvancedConfigurationDetailsYourActionFunctionOptionSiteminderSettings>AdvancedtabEnterthepollintervalinseconds.
SpecifiestheintervalatwhichSecureAccessdevicepollstheSiteMinderpolicyservertocheckforanewkey.
PollInterval(seconds)Enteranumber.
ControlsthemaximumnumberofsimultaneousconnectionsthattheSecureAccessdeviceisallowedtomaketothepolicyserver.
NOTE:Thedefaultsettingis20.
MaximumAgentsEnteranumber.
ControlsthemaximumnumberofrequeststhatthepolicyserverconnectionhandlesbeforetheSecureAccessdeviceendstheconnection.
Ifnecessary,tunetoincreaseperformance.
NOTE:Thedefaultsettingis1000.
MaximumRequests/AgentEntertheIdletimeoutinminutes.
Controlsthemaximumnumberofminutesaconnectiontothepolicyservermayremainidle(theconnectionisnothandlingrequests)beforetheSecureAccessdeviceendstheconnection.
Thedefaultsettingof"none"indicatesnotimelimit.
IdleTimeout(minutes)SelectSiteminderSettings>Advanced>AuthorizewhileAuthenticating.
SpecifiesthattheSecureAccessdeviceshouldlookupuserattributesonthepolicyserverimmediatelyafterauthenticationtodetermineiftheuseristrulyauthenticated.
AuthorizewhileAuthenticating8ConfiguringaSecureAccesseTrustSiteMinderServerInstance(NSMProcedure)Table2:SecureAccesseTrustSiteMinderAdvancedConfigurationDetails(continued)YourActionFunctionOptionSiteminderSettings>AdvancedtabSelectSiteminderSettings>Advanced>EnableSessionGracePeriodtoenablethisfeature.
Youcaneliminatetheoverheadofverifyingauser'sSMSESSIONcookieeachtimetheuserrequeststhesameresourcebyindicatingthattheSecureAccessdeviceshouldconsiderthecookievalidforacertainperiodoftime.
Duringthatperiod,theSecureAccessdeviceassumesthatitscachedcookieisvalidratherthanrevalidatingitagainstthepolicyserver.
Notethatthevalueenteredheredoesnotaffectsessionoridletimeoutchecking.
Eliminatestheoverheadofverifyingauser'sSMSESSIONcookieeachtimetheuserrequeststhesameresourcebyindicatingthattheSecureAccessdeviceshouldconsiderthecookievalidforacertainperiodoftime.
Ifyoudonotselectthisoption,theSecureAccessdevicecheckstheuser'sSMSESSIONcookieoneachrequest.
EnableSessionGracePeriodEnterthetimeperiodinseconds.
SpecifiesthetimeperiodfortheSecureAccessdevicetoeliminatetheoverheadofverifyingauser'sSMSESSIONcookieeachtimetheuserrequeststhesameresourcebyindicatingthattheSecureAccessdeviceshouldconsiderthecookievalidforacertainperiodoftime.
Validatecookieevery(seconds)SelecttheIgnoreQueryDataoptiontoenablethisfeature.
SpecifiesthattheSecureAccessdevicedoesnotcachethequeryparameterinitsURLs.
Therefore,ifauserrequeststhesameresourceasisspecifiedinthecachedURL,therequestshouldnotfail.
IgnoreQueryDataEnterthevalue.
SpecifiesthatthevalueenteredinthisfieldmustmatchtheaccountingportvalueenteredthroughthePolicyServerManagementConsoleinthewebUI.
Bydefault,thisfieldmatchesthepolicyserver'sdefaultsettingof44441.
AccountingPortConfiguringaSecureAccesseTrustSiteMinderServerInstance(NSMProcedure)9Table2:SecureAccesseTrustSiteMinderAdvancedConfigurationDetails(continued)YourActionFunctionOptionSiteminderSettings>AdvancedtabEnteravalue.
ThevalueenteredinthisfieldmustmatchtheauthenticationportvalueenteredthroughthePolicyServerManagementConsole.
Bydefault,thisfieldmatchesthepolicyserver'sdefaultsettingof44442.
AuthenticationPortEnteravalue.
ThevalueenteredinthisfieldmustmatchtheauthorizationportvalueenteredthroughthePolicyServerManagementConsole.
Bydefault,thisfieldmatchesthepolicyserver'sdefaultsettingof44443.
AuthorizationPortRelatedTopicsConfiguringaSecureAccessCertificateServerInstance(NSMProcedure)ConfiguringaSecureAccessSAMLServerInstance(NSMProcedure)ConfiguringaSecureAccessAnonymousServerInstance(NSMProcedure)Published:2009-08-2010ConfiguringaSecureAccesseTrustSiteMinderServerInstance(NSMProcedure)
ToconfiguretheSiteMinderserverinstance:1.
IntheNSMnavigationtree,selectDeviceManager>Devices.
2.
ClicktheDeviceTreetab,andthendouble-clicktheSecureAccessdeviceforwhichyouwanttoconfigureeTrustSiteMinderserverinstance.
3.
ClicktheConfigurationtabandselectAuthentication>AuthServers.
Thecorrespondingworkspaceappears.
NOTE:Ifyouwanttoupdateanexistingserverinstance,clicktheappropriatelinkintheAuthServerNamebox,andperformtheSteps5through10.
4.
ClicktheNewbutton.
TheNewdialogboxappears.
5.
IntheAuthServerNamelist,specifyanametoidentifytheserverinstance.
6.
SelectSiteMinderServerfromtheAuthServerTypelist.
7.
ConfiguretheserverusingthesettingsdescribedinTable1.
8.
Clickone:OK—Savesthechanges.
Cancel—Cancelsthemodifications.
9.
SetadvancedSiteMinderconfigurationoptions(optional)usingthesettingsdescribedinTable2.
Table1:SecureAccesseTrustSiteMinderConfigurationDetailsYourActionFunctionOptionSiteminderSettings>BasicSettingstabEnteranameorIPaddress.
SpecifiesthenameorIPaddressoftheSiteMinderpolicyserver.
PolicyServerEnteracomma-delimitedlistofbackuppolicyservers(optional).
Specifiesalistofbackuppolicyservers(optional).
BackupServer(s)ConfiguringaSecureAccesseTrustSiteMinderServerInstance(NSMProcedure)1Table1:SecureAccesseTrustSiteMinderConfigurationDetails(continued)YourActionFunctionOptionSelectYes—SecureAccessdeviceusesthemainpolicyserverunlessitfails.
SelectNo—SecureAccessdeviceloadbalancesamongallthespecifiedpolicyservers.
AllowstheSecureAccessdevicetousethemainpolicyserverunlessitfails.
FailoverModeEnteranagentname.
NOTE:Sharedsecretandagentnamearecase-sensitive.
SpecifiestheSiteMinderagentname.
AgentNameEnterasharedsecretname.
NOTE:Sharedsecretandagentnamearecase-sensitive.
Specifiesthesharedsecret.
SecretSelecttheserverversionfromthedrop-downlist.
SpecifiesaSiteMinderserverversion.
Version5.
5supports5.
5and6.
0.
Version6.
0supportsonly6.
0oftheSiteMinderserverAPI.
Thedefaultvalueis5.
5policyservers.
CompatiblewithEnteraURL.
SpecifiesaURLtowhichusersareredirectedwhentheysignoutoftheSecureAccessdevice(optional).
Ifyouleavethisfieldempty,usersseethedefaultSecureAccessdevicesign-inpage.
Onlogout,redirecttoEnteraURL.
NOTE:Youmustenteraforwardslash(/)atthebeginningoftheresource(forexample,enter"/ive-authentication").
Specifiesadefaultprotectedresource.
Ifyoudonotcreatesign-inpoliciesforSiteMinder,theSecureAccessdeviceusesthisdefaultURLtosettheuser'sprotectionlevelforthesession.
TheSecureAccessdevicealsousesthisdefaultURLifyouselecttheAutomaticSign-Inoption.
ProtectedResourceSiteminderSettings>SMSESSIONcookiesettingstab2ConfiguringaSecureAccesseTrustSiteMinderServerInstance(NSMProcedure)Table1:SecureAccesseTrustSiteMinderConfigurationDetails(continued)YourActionFunctionOptionEnteraURLforthecookiedomain.
NOTE:Multipledomainsshouldusealeadingperiodandbecommaseparated.
Forexample:.
sales.
myorg.
com,.
marketing.
myorg.
com.
Domainnamesarecase-sensitive.
Youcannotusewildcardcharacters.
Forexample,ifyoudefine".
juniper.
net",theusermustaccesstheSecureAccessdeviceas"http://secureaccessdevice.
juniper.
net"toensurethathisSMSESSIONcookieissentbacktotheSecureAccessdevice.
SpecifiesthecookiedomainoftheSecureAccessdevice.
CookieDomainEnteraURL.
Specifiestheinternetdomain(s)towhichtheSecureAccessdevicesendstheSMSESSIONcookieusingthesameguidelinesoutlinedfortheCookieDomainfield.
IVECookieDomainSelecttheprotocolfromthedrop-downlist:HTTPS—SendscookiessecurelyifotherWebagentsaresetuptoacceptsecurecookies.
HTTP—Sendscookiesnonsecurely.
Sendscookiessecurelyandnonsecurely.
ProtocolSiteminderSettings>AuthenticationtabSelecttheAutomaticSign-Inoptiontoenablethisfeature.
AllowsuserswithavalidSMSESSIONtoautomaticallysignintotheSecureAccessdevice.
AutomaticSign-InSelectanauthenticationrealmfromthedrop-downlist.
Specifiesanauthenticationrealmforautomaticallysigned-inusers.
TheSecureAccessdevicemapstheusertoarolebasedontherolemappingrulesdefinedintheselectedrealm.
AutomaticSignInrealmtouseConfiguringaSecureAccesseTrustSiteMinderServerInstance(NSMProcedure)3Table1:SecureAccesseTrustSiteMinderConfigurationDetails(continued)YourActionFunctionOptionEnteraURL.
SpecifiesanalternateURLforuserswhosignintotheSecureAccessdevicethroughtheAutomaticSign-Inmechanism.
TheSecureAccessdeviceredirectsuserstothespecifiedURLiftheSecureAccessdevicefailstoauthenticateandnoredirectresponseisreceivedfromtheSiteMinderpolicyserver.
Ifyouleavethisfieldempty,usersarepromptedtosignbackintotheSecureAccessdevice.
NOTE:Userswhosigninthroughthesign-inpagearealwaysredirectedbacktotheSecureAccessdevicesign-inpageifauthenticationfails.
IfAutomaticSignInfails,redirecttoSelectSiteminderSettings>Authentication>AuthenticationType>CustomAgentoptionfromtheAuthenticationTypedrop-downlist.
AuthenticatesusingtheSecureAccessdevicecustomWebagent.
AuthenticationType>CustomAgentSelectSiteminderSettings>Authentication>AuthenticationType>FormPOSToptionfromtheAuthenticationTypedrop-downlisttoallowtheWebagenttocontactthepolicyservertodeterminetheappropriatesign-inpagetodisplaytotheuser.
PostsusercredentialstoastandardWebagentthatyouhavealreadyconfiguredratherthancontactingtheSiteMinderpolicyserverdirectly.
AuthenticationType>FormPOSTEnterthetargetURL.
SpecifiesthetargetURL.
NOTE:Theformposttarget,formpostprotocol,formpostWebagent,formpostport,formpostpath,andformpostparametersfieldaredisplayedonlywhenyouselectFormPOSToptionfromtheAuthenticationtypedropdownlist.
FormPOSTTarget4ConfiguringaSecureAccesseTrustSiteMinderServerInstance(NSMProcedure)Table1:SecureAccesseTrustSiteMinderConfigurationDetails(continued)YourActionFunctionOptionSelecttheprotocolfromthedrop-downlist:HTTP—Fornonsecurecommunication.
HTTPS—Forsecurecommunication.
AllowsyoutospecifytheprotocolforcommunicationbetweenIVEandthespecifiedWebagent.
NOTE:ThisfieldisdisplayedonlywhenyouselecttheFormPOSToptionfromtheAuthenticationTypedrop-downlist.
FormPOSTProtocolEnterthenameofthewebagent.
SpecifiesthenameoftheWebagentfromwhichtheSecureAccessdeviceistoobtainSMSESSIONcookies.
NOTE:ThisfieldisdisplayedonlywhenyouselectFormPOSToptionfromtheAuthenticationTypedrop-downlist.
FormPOSTWebagentEnterport80forHTTPorport443forHTTPS.
Specifiestheportfortheprotocol.
NOTE:ThisfieldisdisplayedonlywhenyouselecttheFormPOSToptionfromtheAuthenticationTypedrop-downlist.
FormPOSTPortEnterthepathoftheWebagent'ssign-inpage.
NOTE:Thepathmuststartwithabackslash(/)character.
IntheWebagentsign-inpageURL,thepathappearsaftertheWebagent.
Specifiesthepathofthesign-inpage.
NOTE:ThisfieldisdisplayedonlywhenyouselecttheFormPOSToptionfromtheAuthenticationTypedrop-downlist.
FormPOSTPathEnterthepostparameters.
CommonSiteMindervariablesthatyoucanuseinclude__USER__,__PASS__,and__TARGET__.
ThesevariablesarereplacedbytheusernameandpasswordenteredbytheuserontheWebagent'ssign-inpageandbythevaluespecifiedintheTargetfield.
Thesearethedefaultparametersforlogin.
fcc—ifyouhavemadecustomizations,youmayneedtochangetheseparameters.
Specifiesthepostparameterstobesentwhenausersignsin.
NOTE:ThisfieldisdisplayedonlywhenyouselecttheFormPOSToptionfromtheAuthenticationTypedrop-downlist.
FormPOSTParametersConfiguringaSecureAccesseTrustSiteMinderServerInstance(NSMProcedure)5Table1:SecureAccesseTrustSiteMinderConfigurationDetails(continued)YourActionFunctionOptionSelectSiteminderSettings>Authentication>AuthenticationType>DelegatetoaStandardAgentoptionfromtheAuthenticationTypedrop-downlist.
Delegatesauthenticationtoastandardagent.
WhentheuseraccessestheSecureAccessdevicesign-inpage,theSecureAccessdevicedeterminestheFCCURLassociatedwiththeprotectedresource'sauthenticationscheme.
TheSecureAccessdeviceredirectstheusertothatURL,settingtheSecureAccessdevicesign-inURLasthetarget.
Aftersuccessfullyauthenticatingwiththestandardagent,anSMSESSIONcookieissetintheuser'sbrowserandtheuserisredirectedbacktotheSecureAccessdevice.
TheSecureAccessdevicethenautomaticallysignsintheuserandestablishesaSecureAccesssession.
AuthenticationType>DelegatetoaStandardAgentSiteminderSettings>AuthorizationtabSelectSiteminderSettings>Authorization>AuthorizerequestsagainstSiteMinderpolicyserver.
UsesSiteMinderpolicyserverrulestoauthorizeuserWebresourcerequests.
Ifyouselectthisoption,makesurethatyoucreatetheappropriaterulesinSiteMinderthatstartwiththeservernamefollowedbyaforwardslash,suchas:"www.
yahoo.
com/","www.
yahoo.
com/*",and"www.
yahoo.
com/r/f1".
AuthorizerequestsagainstSiteMinderpolicyserver6ConfiguringaSecureAccesseTrustSiteMinderServerInstance(NSMProcedure)Table1:SecureAccesseTrustSiteMinderConfigurationDetails(continued)YourActionFunctionOptionEnteraURL.
SpecifiesanalternativeURLthatusersareredirectedtoiftheSecureAccessdevicefailstoauthorizeandnoredirectresponseisreceivedfromtheSiteMinderpolicyserver.
Ifyouleavethisfieldempty,usersarepromptedtosignbackintotheSecureAccessdevice.
NOTE:Ifyouareusinganauthorization-onlyaccesspolicy,youmustenteranalternativeURLinthisfieldregardlessofwhethertheAuthorizerequestsagainstSiteMinderpolicyserveroptionisselected.
UsersareredirectedtothisURLwhenanaccessdeniederroroccurs.
See"Definingauthorization-onlyaccesspolicies.
"Ifauthorizationfails,redirecttoEnteraURL.
SpecifiesaresourceontheWebagenttowhichtheSecureAccessdeviceredirectsuserswhentheydonothavetheappropriatepermissions.
ResourceforinsufficientprotectionlevelEntertheextensionsofeachfiletypethatyouwanttoignore,separatingeachwithacomma.
Forexample,enter.
gif,.
jpeg,.
jpg,.
bmptoignorevariousimagetypes.
Youcannotusewildcardcharacters(suchas*,*.
*,or.
*)toignorearangeoffiletypes.
Specifiesfileextensionscorrespondingtofiletypesthatdonotrequireauthorization.
IgnoreauthorizationforfileswithextensionsServerCatalog>ExpressionstabEnteraname.
SpecifiesanamefortheuserexpressionintheSiteMinderuserdirectory.
NameEnteravalue.
SpecifiesavaluefortheuserexpressionintheSiteMinderuserdirectory.
ValueServerCatalog>AttributestabEnteraname.
SpecifiesthenameoftheuserattributecookieintheSiteMinderuserdirectory.
NameConfiguringaSecureAccesseTrustSiteMinderServerInstance(NSMProcedure)7Table2:SecureAccesseTrustSiteMinderAdvancedConfigurationDetailsYourActionFunctionOptionSiteminderSettings>AdvancedtabEnterthepollintervalinseconds.
SpecifiestheintervalatwhichSecureAccessdevicepollstheSiteMinderpolicyservertocheckforanewkey.
PollInterval(seconds)Enteranumber.
ControlsthemaximumnumberofsimultaneousconnectionsthattheSecureAccessdeviceisallowedtomaketothepolicyserver.
NOTE:Thedefaultsettingis20.
MaximumAgentsEnteranumber.
ControlsthemaximumnumberofrequeststhatthepolicyserverconnectionhandlesbeforetheSecureAccessdeviceendstheconnection.
Ifnecessary,tunetoincreaseperformance.
NOTE:Thedefaultsettingis1000.
MaximumRequests/AgentEntertheIdletimeoutinminutes.
Controlsthemaximumnumberofminutesaconnectiontothepolicyservermayremainidle(theconnectionisnothandlingrequests)beforetheSecureAccessdeviceendstheconnection.
Thedefaultsettingof"none"indicatesnotimelimit.
IdleTimeout(minutes)SelectSiteminderSettings>Advanced>AuthorizewhileAuthenticating.
SpecifiesthattheSecureAccessdeviceshouldlookupuserattributesonthepolicyserverimmediatelyafterauthenticationtodetermineiftheuseristrulyauthenticated.
AuthorizewhileAuthenticating8ConfiguringaSecureAccesseTrustSiteMinderServerInstance(NSMProcedure)Table2:SecureAccesseTrustSiteMinderAdvancedConfigurationDetails(continued)YourActionFunctionOptionSiteminderSettings>AdvancedtabSelectSiteminderSettings>Advanced>EnableSessionGracePeriodtoenablethisfeature.
Youcaneliminatetheoverheadofverifyingauser'sSMSESSIONcookieeachtimetheuserrequeststhesameresourcebyindicatingthattheSecureAccessdeviceshouldconsiderthecookievalidforacertainperiodoftime.
Duringthatperiod,theSecureAccessdeviceassumesthatitscachedcookieisvalidratherthanrevalidatingitagainstthepolicyserver.
Notethatthevalueenteredheredoesnotaffectsessionoridletimeoutchecking.
Eliminatestheoverheadofverifyingauser'sSMSESSIONcookieeachtimetheuserrequeststhesameresourcebyindicatingthattheSecureAccessdeviceshouldconsiderthecookievalidforacertainperiodoftime.
Ifyoudonotselectthisoption,theSecureAccessdevicecheckstheuser'sSMSESSIONcookieoneachrequest.
EnableSessionGracePeriodEnterthetimeperiodinseconds.
SpecifiesthetimeperiodfortheSecureAccessdevicetoeliminatetheoverheadofverifyingauser'sSMSESSIONcookieeachtimetheuserrequeststhesameresourcebyindicatingthattheSecureAccessdeviceshouldconsiderthecookievalidforacertainperiodoftime.
Validatecookieevery(seconds)SelecttheIgnoreQueryDataoptiontoenablethisfeature.
SpecifiesthattheSecureAccessdevicedoesnotcachethequeryparameterinitsURLs.
Therefore,ifauserrequeststhesameresourceasisspecifiedinthecachedURL,therequestshouldnotfail.
IgnoreQueryDataEnterthevalue.
SpecifiesthatthevalueenteredinthisfieldmustmatchtheaccountingportvalueenteredthroughthePolicyServerManagementConsoleinthewebUI.
Bydefault,thisfieldmatchesthepolicyserver'sdefaultsettingof44441.
AccountingPortConfiguringaSecureAccesseTrustSiteMinderServerInstance(NSMProcedure)9Table2:SecureAccesseTrustSiteMinderAdvancedConfigurationDetails(continued)YourActionFunctionOptionSiteminderSettings>AdvancedtabEnteravalue.
ThevalueenteredinthisfieldmustmatchtheauthenticationportvalueenteredthroughthePolicyServerManagementConsole.
Bydefault,thisfieldmatchesthepolicyserver'sdefaultsettingof44442.
AuthenticationPortEnteravalue.
ThevalueenteredinthisfieldmustmatchtheauthorizationportvalueenteredthroughthePolicyServerManagementConsole.
Bydefault,thisfieldmatchesthepolicyserver'sdefaultsettingof44443.
AuthorizationPortRelatedTopicsConfiguringaSecureAccessCertificateServerInstance(NSMProcedure)ConfiguringaSecureAccessSAMLServerInstance(NSMProcedure)ConfiguringaSecureAccessAnonymousServerInstance(NSMProcedure)Published:2009-08-2010ConfiguringaSecureAccesseTrustSiteMinderServerInstance(NSMProcedure)
- resourceaccessdenied相关文档
- Repositoriesaccessdenied
- 网关accessdenied
- mainaccessdenied
- networksaccessdenied
- 口罩accessdenied
- Remoteaccessdenied
pia云低至20/月,七折美国服务器
Pia云是一家2018的开办的国人商家,原名叫哔哔云,目前整合到了魔方云平台上,商家主要销售VPS服务,采用KVM虚拟架构 ,机房有美国洛杉矶、中国香港和深圳地区,洛杉矶为crea机房,三网回程CN2 GIA,带20G防御,常看我测评的朋友应该知道,一般带防御去程都是骨干线路,香港的线路也是CN2直连大陆,目前商家重新开业,价格非常美丽,性价比较非常高,有需要的朋友可以关注一下。活动方案...
腾讯云轻量应用服务器关于多个实例套餐带宽
腾讯云轻量应用服务器又要免费升级配置了,之前已经免费升级过一次了(腾讯云轻量应用服务器套餐配置升级 轻量老用户专享免费升配!),这次在上次的基础上再次升级。也许这就是良心云吧,名不虚传。腾讯云怎么样?腾讯云好不好。腾讯云轻量应用服务器 Lighthouse 是一种易于使用和管理、适合承载轻量级业务负载的云服务器,能帮助个人和企业在云端快速构建网站、博客、电商、论坛等各类应用以及开发测试环境,并提供...
ParkinHost:俄罗斯离岸主机,抗投诉VPS,200Mbps带宽/莫斯科CN2线路/不限流量/无视DMCA/55折促销26.4欧元 /年起
外贸主机哪家好?抗投诉VPS哪家好?无视DMCA。ParkinHost今年还没有搞过促销,这次parkinhost俄罗斯机房上新服务器,母机采用2个E5-2680v3处理器、128G内存、RAID10硬盘、2Gbps上行线路。具体到VPS全部200Mbps带宽,除了最便宜的套餐限制流量之外,其他的全部是无限流量VPS。ParkinHost,成立于 2013 年,印度主机商,隶属于 DiggDigi...
accessdenied为你推荐
-
sns平台sns是什么平台filezillaserverfilezilla server interface怎么填360免费建站怎样给360免费自助建站制作的企业网站做一级域名解析绑定?购物车在超市、商场中为什么需要使用购物车呢?即时通请问有没有人知道即时通是什么?怎样先可以开??网站方案设计求一篇校园网络设计的方案什么是通配符什么是直女癌?开源网店开源网店iWebMall中会员管理包括哪些只要内容呢?ie假死我的电脑,IE一直会死机,怎么回事???网上支付功能怎样开通网上支付功能?