resourceaccessdenied
accessdenied 时间:2021-04-13 阅读:()
ConfiguringaSecureAccesseTrustSiteMinderServerInstance(NSMProcedure)WithintheSecureAccessdevice,aSiteMinderinstanceisasetofconfigurationsettingsthatdefineshowtheSecureAccessdeviceinteractswiththeSiteMinderpolicyserver.
ToconfiguretheSiteMinderserverinstance:1.
IntheNSMnavigationtree,selectDeviceManager>Devices.
2.
ClicktheDeviceTreetab,andthendouble-clicktheSecureAccessdeviceforwhichyouwanttoconfigureeTrustSiteMinderserverinstance.
3.
ClicktheConfigurationtabandselectAuthentication>AuthServers.
Thecorrespondingworkspaceappears.
NOTE:Ifyouwanttoupdateanexistingserverinstance,clicktheappropriatelinkintheAuthServerNamebox,andperformtheSteps5through10.
4.
ClicktheNewbutton.
TheNewdialogboxappears.
5.
IntheAuthServerNamelist,specifyanametoidentifytheserverinstance.
6.
SelectSiteMinderServerfromtheAuthServerTypelist.
7.
ConfiguretheserverusingthesettingsdescribedinTable1.
8.
Clickone:OK—Savesthechanges.
Cancel—Cancelsthemodifications.
9.
SetadvancedSiteMinderconfigurationoptions(optional)usingthesettingsdescribedinTable2.
Table1:SecureAccesseTrustSiteMinderConfigurationDetailsYourActionFunctionOptionSiteminderSettings>BasicSettingstabEnteranameorIPaddress.
SpecifiesthenameorIPaddressoftheSiteMinderpolicyserver.
PolicyServerEnteracomma-delimitedlistofbackuppolicyservers(optional).
Specifiesalistofbackuppolicyservers(optional).
BackupServer(s)ConfiguringaSecureAccesseTrustSiteMinderServerInstance(NSMProcedure)1Table1:SecureAccesseTrustSiteMinderConfigurationDetails(continued)YourActionFunctionOptionSelectYes—SecureAccessdeviceusesthemainpolicyserverunlessitfails.
SelectNo—SecureAccessdeviceloadbalancesamongallthespecifiedpolicyservers.
AllowstheSecureAccessdevicetousethemainpolicyserverunlessitfails.
FailoverModeEnteranagentname.
NOTE:Sharedsecretandagentnamearecase-sensitive.
SpecifiestheSiteMinderagentname.
AgentNameEnterasharedsecretname.
NOTE:Sharedsecretandagentnamearecase-sensitive.
Specifiesthesharedsecret.
SecretSelecttheserverversionfromthedrop-downlist.
SpecifiesaSiteMinderserverversion.
Version5.
5supports5.
5and6.
0.
Version6.
0supportsonly6.
0oftheSiteMinderserverAPI.
Thedefaultvalueis5.
5policyservers.
CompatiblewithEnteraURL.
SpecifiesaURLtowhichusersareredirectedwhentheysignoutoftheSecureAccessdevice(optional).
Ifyouleavethisfieldempty,usersseethedefaultSecureAccessdevicesign-inpage.
Onlogout,redirecttoEnteraURL.
NOTE:Youmustenteraforwardslash(/)atthebeginningoftheresource(forexample,enter"/ive-authentication").
Specifiesadefaultprotectedresource.
Ifyoudonotcreatesign-inpoliciesforSiteMinder,theSecureAccessdeviceusesthisdefaultURLtosettheuser'sprotectionlevelforthesession.
TheSecureAccessdevicealsousesthisdefaultURLifyouselecttheAutomaticSign-Inoption.
ProtectedResourceSiteminderSettings>SMSESSIONcookiesettingstab2ConfiguringaSecureAccesseTrustSiteMinderServerInstance(NSMProcedure)Table1:SecureAccesseTrustSiteMinderConfigurationDetails(continued)YourActionFunctionOptionEnteraURLforthecookiedomain.
NOTE:Multipledomainsshouldusealeadingperiodandbecommaseparated.
Forexample:.
sales.
myorg.
com,.
marketing.
myorg.
com.
Domainnamesarecase-sensitive.
Youcannotusewildcardcharacters.
Forexample,ifyoudefine".
juniper.
net",theusermustaccesstheSecureAccessdeviceas"http://secureaccessdevice.
juniper.
net"toensurethathisSMSESSIONcookieissentbacktotheSecureAccessdevice.
SpecifiesthecookiedomainoftheSecureAccessdevice.
CookieDomainEnteraURL.
Specifiestheinternetdomain(s)towhichtheSecureAccessdevicesendstheSMSESSIONcookieusingthesameguidelinesoutlinedfortheCookieDomainfield.
IVECookieDomainSelecttheprotocolfromthedrop-downlist:HTTPS—SendscookiessecurelyifotherWebagentsaresetuptoacceptsecurecookies.
HTTP—Sendscookiesnonsecurely.
Sendscookiessecurelyandnonsecurely.
ProtocolSiteminderSettings>AuthenticationtabSelecttheAutomaticSign-Inoptiontoenablethisfeature.
AllowsuserswithavalidSMSESSIONtoautomaticallysignintotheSecureAccessdevice.
AutomaticSign-InSelectanauthenticationrealmfromthedrop-downlist.
Specifiesanauthenticationrealmforautomaticallysigned-inusers.
TheSecureAccessdevicemapstheusertoarolebasedontherolemappingrulesdefinedintheselectedrealm.
AutomaticSignInrealmtouseConfiguringaSecureAccesseTrustSiteMinderServerInstance(NSMProcedure)3Table1:SecureAccesseTrustSiteMinderConfigurationDetails(continued)YourActionFunctionOptionEnteraURL.
SpecifiesanalternateURLforuserswhosignintotheSecureAccessdevicethroughtheAutomaticSign-Inmechanism.
TheSecureAccessdeviceredirectsuserstothespecifiedURLiftheSecureAccessdevicefailstoauthenticateandnoredirectresponseisreceivedfromtheSiteMinderpolicyserver.
Ifyouleavethisfieldempty,usersarepromptedtosignbackintotheSecureAccessdevice.
NOTE:Userswhosigninthroughthesign-inpagearealwaysredirectedbacktotheSecureAccessdevicesign-inpageifauthenticationfails.
IfAutomaticSignInfails,redirecttoSelectSiteminderSettings>Authentication>AuthenticationType>CustomAgentoptionfromtheAuthenticationTypedrop-downlist.
AuthenticatesusingtheSecureAccessdevicecustomWebagent.
AuthenticationType>CustomAgentSelectSiteminderSettings>Authentication>AuthenticationType>FormPOSToptionfromtheAuthenticationTypedrop-downlisttoallowtheWebagenttocontactthepolicyservertodeterminetheappropriatesign-inpagetodisplaytotheuser.
PostsusercredentialstoastandardWebagentthatyouhavealreadyconfiguredratherthancontactingtheSiteMinderpolicyserverdirectly.
AuthenticationType>FormPOSTEnterthetargetURL.
SpecifiesthetargetURL.
NOTE:Theformposttarget,formpostprotocol,formpostWebagent,formpostport,formpostpath,andformpostparametersfieldaredisplayedonlywhenyouselectFormPOSToptionfromtheAuthenticationtypedropdownlist.
FormPOSTTarget4ConfiguringaSecureAccesseTrustSiteMinderServerInstance(NSMProcedure)Table1:SecureAccesseTrustSiteMinderConfigurationDetails(continued)YourActionFunctionOptionSelecttheprotocolfromthedrop-downlist:HTTP—Fornonsecurecommunication.
HTTPS—Forsecurecommunication.
AllowsyoutospecifytheprotocolforcommunicationbetweenIVEandthespecifiedWebagent.
NOTE:ThisfieldisdisplayedonlywhenyouselecttheFormPOSToptionfromtheAuthenticationTypedrop-downlist.
FormPOSTProtocolEnterthenameofthewebagent.
SpecifiesthenameoftheWebagentfromwhichtheSecureAccessdeviceistoobtainSMSESSIONcookies.
NOTE:ThisfieldisdisplayedonlywhenyouselectFormPOSToptionfromtheAuthenticationTypedrop-downlist.
FormPOSTWebagentEnterport80forHTTPorport443forHTTPS.
Specifiestheportfortheprotocol.
NOTE:ThisfieldisdisplayedonlywhenyouselecttheFormPOSToptionfromtheAuthenticationTypedrop-downlist.
FormPOSTPortEnterthepathoftheWebagent'ssign-inpage.
NOTE:Thepathmuststartwithabackslash(/)character.
IntheWebagentsign-inpageURL,thepathappearsaftertheWebagent.
Specifiesthepathofthesign-inpage.
NOTE:ThisfieldisdisplayedonlywhenyouselecttheFormPOSToptionfromtheAuthenticationTypedrop-downlist.
FormPOSTPathEnterthepostparameters.
CommonSiteMindervariablesthatyoucanuseinclude__USER__,__PASS__,and__TARGET__.
ThesevariablesarereplacedbytheusernameandpasswordenteredbytheuserontheWebagent'ssign-inpageandbythevaluespecifiedintheTargetfield.
Thesearethedefaultparametersforlogin.
fcc—ifyouhavemadecustomizations,youmayneedtochangetheseparameters.
Specifiesthepostparameterstobesentwhenausersignsin.
NOTE:ThisfieldisdisplayedonlywhenyouselecttheFormPOSToptionfromtheAuthenticationTypedrop-downlist.
FormPOSTParametersConfiguringaSecureAccesseTrustSiteMinderServerInstance(NSMProcedure)5Table1:SecureAccesseTrustSiteMinderConfigurationDetails(continued)YourActionFunctionOptionSelectSiteminderSettings>Authentication>AuthenticationType>DelegatetoaStandardAgentoptionfromtheAuthenticationTypedrop-downlist.
Delegatesauthenticationtoastandardagent.
WhentheuseraccessestheSecureAccessdevicesign-inpage,theSecureAccessdevicedeterminestheFCCURLassociatedwiththeprotectedresource'sauthenticationscheme.
TheSecureAccessdeviceredirectstheusertothatURL,settingtheSecureAccessdevicesign-inURLasthetarget.
Aftersuccessfullyauthenticatingwiththestandardagent,anSMSESSIONcookieissetintheuser'sbrowserandtheuserisredirectedbacktotheSecureAccessdevice.
TheSecureAccessdevicethenautomaticallysignsintheuserandestablishesaSecureAccesssession.
AuthenticationType>DelegatetoaStandardAgentSiteminderSettings>AuthorizationtabSelectSiteminderSettings>Authorization>AuthorizerequestsagainstSiteMinderpolicyserver.
UsesSiteMinderpolicyserverrulestoauthorizeuserWebresourcerequests.
Ifyouselectthisoption,makesurethatyoucreatetheappropriaterulesinSiteMinderthatstartwiththeservernamefollowedbyaforwardslash,suchas:"www.
yahoo.
com/","www.
yahoo.
com/*",and"www.
yahoo.
com/r/f1".
AuthorizerequestsagainstSiteMinderpolicyserver6ConfiguringaSecureAccesseTrustSiteMinderServerInstance(NSMProcedure)Table1:SecureAccesseTrustSiteMinderConfigurationDetails(continued)YourActionFunctionOptionEnteraURL.
SpecifiesanalternativeURLthatusersareredirectedtoiftheSecureAccessdevicefailstoauthorizeandnoredirectresponseisreceivedfromtheSiteMinderpolicyserver.
Ifyouleavethisfieldempty,usersarepromptedtosignbackintotheSecureAccessdevice.
NOTE:Ifyouareusinganauthorization-onlyaccesspolicy,youmustenteranalternativeURLinthisfieldregardlessofwhethertheAuthorizerequestsagainstSiteMinderpolicyserveroptionisselected.
UsersareredirectedtothisURLwhenanaccessdeniederroroccurs.
See"Definingauthorization-onlyaccesspolicies.
"Ifauthorizationfails,redirecttoEnteraURL.
SpecifiesaresourceontheWebagenttowhichtheSecureAccessdeviceredirectsuserswhentheydonothavetheappropriatepermissions.
ResourceforinsufficientprotectionlevelEntertheextensionsofeachfiletypethatyouwanttoignore,separatingeachwithacomma.
Forexample,enter.
gif,.
jpeg,.
jpg,.
bmptoignorevariousimagetypes.
Youcannotusewildcardcharacters(suchas*,*.
*,or.
*)toignorearangeoffiletypes.
Specifiesfileextensionscorrespondingtofiletypesthatdonotrequireauthorization.
IgnoreauthorizationforfileswithextensionsServerCatalog>ExpressionstabEnteraname.
SpecifiesanamefortheuserexpressionintheSiteMinderuserdirectory.
NameEnteravalue.
SpecifiesavaluefortheuserexpressionintheSiteMinderuserdirectory.
ValueServerCatalog>AttributestabEnteraname.
SpecifiesthenameoftheuserattributecookieintheSiteMinderuserdirectory.
NameConfiguringaSecureAccesseTrustSiteMinderServerInstance(NSMProcedure)7Table2:SecureAccesseTrustSiteMinderAdvancedConfigurationDetailsYourActionFunctionOptionSiteminderSettings>AdvancedtabEnterthepollintervalinseconds.
SpecifiestheintervalatwhichSecureAccessdevicepollstheSiteMinderpolicyservertocheckforanewkey.
PollInterval(seconds)Enteranumber.
ControlsthemaximumnumberofsimultaneousconnectionsthattheSecureAccessdeviceisallowedtomaketothepolicyserver.
NOTE:Thedefaultsettingis20.
MaximumAgentsEnteranumber.
ControlsthemaximumnumberofrequeststhatthepolicyserverconnectionhandlesbeforetheSecureAccessdeviceendstheconnection.
Ifnecessary,tunetoincreaseperformance.
NOTE:Thedefaultsettingis1000.
MaximumRequests/AgentEntertheIdletimeoutinminutes.
Controlsthemaximumnumberofminutesaconnectiontothepolicyservermayremainidle(theconnectionisnothandlingrequests)beforetheSecureAccessdeviceendstheconnection.
Thedefaultsettingof"none"indicatesnotimelimit.
IdleTimeout(minutes)SelectSiteminderSettings>Advanced>AuthorizewhileAuthenticating.
SpecifiesthattheSecureAccessdeviceshouldlookupuserattributesonthepolicyserverimmediatelyafterauthenticationtodetermineiftheuseristrulyauthenticated.
AuthorizewhileAuthenticating8ConfiguringaSecureAccesseTrustSiteMinderServerInstance(NSMProcedure)Table2:SecureAccesseTrustSiteMinderAdvancedConfigurationDetails(continued)YourActionFunctionOptionSiteminderSettings>AdvancedtabSelectSiteminderSettings>Advanced>EnableSessionGracePeriodtoenablethisfeature.
Youcaneliminatetheoverheadofverifyingauser'sSMSESSIONcookieeachtimetheuserrequeststhesameresourcebyindicatingthattheSecureAccessdeviceshouldconsiderthecookievalidforacertainperiodoftime.
Duringthatperiod,theSecureAccessdeviceassumesthatitscachedcookieisvalidratherthanrevalidatingitagainstthepolicyserver.
Notethatthevalueenteredheredoesnotaffectsessionoridletimeoutchecking.
Eliminatestheoverheadofverifyingauser'sSMSESSIONcookieeachtimetheuserrequeststhesameresourcebyindicatingthattheSecureAccessdeviceshouldconsiderthecookievalidforacertainperiodoftime.
Ifyoudonotselectthisoption,theSecureAccessdevicecheckstheuser'sSMSESSIONcookieoneachrequest.
EnableSessionGracePeriodEnterthetimeperiodinseconds.
SpecifiesthetimeperiodfortheSecureAccessdevicetoeliminatetheoverheadofverifyingauser'sSMSESSIONcookieeachtimetheuserrequeststhesameresourcebyindicatingthattheSecureAccessdeviceshouldconsiderthecookievalidforacertainperiodoftime.
Validatecookieevery(seconds)SelecttheIgnoreQueryDataoptiontoenablethisfeature.
SpecifiesthattheSecureAccessdevicedoesnotcachethequeryparameterinitsURLs.
Therefore,ifauserrequeststhesameresourceasisspecifiedinthecachedURL,therequestshouldnotfail.
IgnoreQueryDataEnterthevalue.
SpecifiesthatthevalueenteredinthisfieldmustmatchtheaccountingportvalueenteredthroughthePolicyServerManagementConsoleinthewebUI.
Bydefault,thisfieldmatchesthepolicyserver'sdefaultsettingof44441.
AccountingPortConfiguringaSecureAccesseTrustSiteMinderServerInstance(NSMProcedure)9Table2:SecureAccesseTrustSiteMinderAdvancedConfigurationDetails(continued)YourActionFunctionOptionSiteminderSettings>AdvancedtabEnteravalue.
ThevalueenteredinthisfieldmustmatchtheauthenticationportvalueenteredthroughthePolicyServerManagementConsole.
Bydefault,thisfieldmatchesthepolicyserver'sdefaultsettingof44442.
AuthenticationPortEnteravalue.
ThevalueenteredinthisfieldmustmatchtheauthorizationportvalueenteredthroughthePolicyServerManagementConsole.
Bydefault,thisfieldmatchesthepolicyserver'sdefaultsettingof44443.
AuthorizationPortRelatedTopicsConfiguringaSecureAccessCertificateServerInstance(NSMProcedure)ConfiguringaSecureAccessSAMLServerInstance(NSMProcedure)ConfiguringaSecureAccessAnonymousServerInstance(NSMProcedure)Published:2009-08-2010ConfiguringaSecureAccesseTrustSiteMinderServerInstance(NSMProcedure)
ToconfiguretheSiteMinderserverinstance:1.
IntheNSMnavigationtree,selectDeviceManager>Devices.
2.
ClicktheDeviceTreetab,andthendouble-clicktheSecureAccessdeviceforwhichyouwanttoconfigureeTrustSiteMinderserverinstance.
3.
ClicktheConfigurationtabandselectAuthentication>AuthServers.
Thecorrespondingworkspaceappears.
NOTE:Ifyouwanttoupdateanexistingserverinstance,clicktheappropriatelinkintheAuthServerNamebox,andperformtheSteps5through10.
4.
ClicktheNewbutton.
TheNewdialogboxappears.
5.
IntheAuthServerNamelist,specifyanametoidentifytheserverinstance.
6.
SelectSiteMinderServerfromtheAuthServerTypelist.
7.
ConfiguretheserverusingthesettingsdescribedinTable1.
8.
Clickone:OK—Savesthechanges.
Cancel—Cancelsthemodifications.
9.
SetadvancedSiteMinderconfigurationoptions(optional)usingthesettingsdescribedinTable2.
Table1:SecureAccesseTrustSiteMinderConfigurationDetailsYourActionFunctionOptionSiteminderSettings>BasicSettingstabEnteranameorIPaddress.
SpecifiesthenameorIPaddressoftheSiteMinderpolicyserver.
PolicyServerEnteracomma-delimitedlistofbackuppolicyservers(optional).
Specifiesalistofbackuppolicyservers(optional).
BackupServer(s)ConfiguringaSecureAccesseTrustSiteMinderServerInstance(NSMProcedure)1Table1:SecureAccesseTrustSiteMinderConfigurationDetails(continued)YourActionFunctionOptionSelectYes—SecureAccessdeviceusesthemainpolicyserverunlessitfails.
SelectNo—SecureAccessdeviceloadbalancesamongallthespecifiedpolicyservers.
AllowstheSecureAccessdevicetousethemainpolicyserverunlessitfails.
FailoverModeEnteranagentname.
NOTE:Sharedsecretandagentnamearecase-sensitive.
SpecifiestheSiteMinderagentname.
AgentNameEnterasharedsecretname.
NOTE:Sharedsecretandagentnamearecase-sensitive.
Specifiesthesharedsecret.
SecretSelecttheserverversionfromthedrop-downlist.
SpecifiesaSiteMinderserverversion.
Version5.
5supports5.
5and6.
0.
Version6.
0supportsonly6.
0oftheSiteMinderserverAPI.
Thedefaultvalueis5.
5policyservers.
CompatiblewithEnteraURL.
SpecifiesaURLtowhichusersareredirectedwhentheysignoutoftheSecureAccessdevice(optional).
Ifyouleavethisfieldempty,usersseethedefaultSecureAccessdevicesign-inpage.
Onlogout,redirecttoEnteraURL.
NOTE:Youmustenteraforwardslash(/)atthebeginningoftheresource(forexample,enter"/ive-authentication").
Specifiesadefaultprotectedresource.
Ifyoudonotcreatesign-inpoliciesforSiteMinder,theSecureAccessdeviceusesthisdefaultURLtosettheuser'sprotectionlevelforthesession.
TheSecureAccessdevicealsousesthisdefaultURLifyouselecttheAutomaticSign-Inoption.
ProtectedResourceSiteminderSettings>SMSESSIONcookiesettingstab2ConfiguringaSecureAccesseTrustSiteMinderServerInstance(NSMProcedure)Table1:SecureAccesseTrustSiteMinderConfigurationDetails(continued)YourActionFunctionOptionEnteraURLforthecookiedomain.
NOTE:Multipledomainsshouldusealeadingperiodandbecommaseparated.
Forexample:.
sales.
myorg.
com,.
marketing.
myorg.
com.
Domainnamesarecase-sensitive.
Youcannotusewildcardcharacters.
Forexample,ifyoudefine".
juniper.
net",theusermustaccesstheSecureAccessdeviceas"http://secureaccessdevice.
juniper.
net"toensurethathisSMSESSIONcookieissentbacktotheSecureAccessdevice.
SpecifiesthecookiedomainoftheSecureAccessdevice.
CookieDomainEnteraURL.
Specifiestheinternetdomain(s)towhichtheSecureAccessdevicesendstheSMSESSIONcookieusingthesameguidelinesoutlinedfortheCookieDomainfield.
IVECookieDomainSelecttheprotocolfromthedrop-downlist:HTTPS—SendscookiessecurelyifotherWebagentsaresetuptoacceptsecurecookies.
HTTP—Sendscookiesnonsecurely.
Sendscookiessecurelyandnonsecurely.
ProtocolSiteminderSettings>AuthenticationtabSelecttheAutomaticSign-Inoptiontoenablethisfeature.
AllowsuserswithavalidSMSESSIONtoautomaticallysignintotheSecureAccessdevice.
AutomaticSign-InSelectanauthenticationrealmfromthedrop-downlist.
Specifiesanauthenticationrealmforautomaticallysigned-inusers.
TheSecureAccessdevicemapstheusertoarolebasedontherolemappingrulesdefinedintheselectedrealm.
AutomaticSignInrealmtouseConfiguringaSecureAccesseTrustSiteMinderServerInstance(NSMProcedure)3Table1:SecureAccesseTrustSiteMinderConfigurationDetails(continued)YourActionFunctionOptionEnteraURL.
SpecifiesanalternateURLforuserswhosignintotheSecureAccessdevicethroughtheAutomaticSign-Inmechanism.
TheSecureAccessdeviceredirectsuserstothespecifiedURLiftheSecureAccessdevicefailstoauthenticateandnoredirectresponseisreceivedfromtheSiteMinderpolicyserver.
Ifyouleavethisfieldempty,usersarepromptedtosignbackintotheSecureAccessdevice.
NOTE:Userswhosigninthroughthesign-inpagearealwaysredirectedbacktotheSecureAccessdevicesign-inpageifauthenticationfails.
IfAutomaticSignInfails,redirecttoSelectSiteminderSettings>Authentication>AuthenticationType>CustomAgentoptionfromtheAuthenticationTypedrop-downlist.
AuthenticatesusingtheSecureAccessdevicecustomWebagent.
AuthenticationType>CustomAgentSelectSiteminderSettings>Authentication>AuthenticationType>FormPOSToptionfromtheAuthenticationTypedrop-downlisttoallowtheWebagenttocontactthepolicyservertodeterminetheappropriatesign-inpagetodisplaytotheuser.
PostsusercredentialstoastandardWebagentthatyouhavealreadyconfiguredratherthancontactingtheSiteMinderpolicyserverdirectly.
AuthenticationType>FormPOSTEnterthetargetURL.
SpecifiesthetargetURL.
NOTE:Theformposttarget,formpostprotocol,formpostWebagent,formpostport,formpostpath,andformpostparametersfieldaredisplayedonlywhenyouselectFormPOSToptionfromtheAuthenticationtypedropdownlist.
FormPOSTTarget4ConfiguringaSecureAccesseTrustSiteMinderServerInstance(NSMProcedure)Table1:SecureAccesseTrustSiteMinderConfigurationDetails(continued)YourActionFunctionOptionSelecttheprotocolfromthedrop-downlist:HTTP—Fornonsecurecommunication.
HTTPS—Forsecurecommunication.
AllowsyoutospecifytheprotocolforcommunicationbetweenIVEandthespecifiedWebagent.
NOTE:ThisfieldisdisplayedonlywhenyouselecttheFormPOSToptionfromtheAuthenticationTypedrop-downlist.
FormPOSTProtocolEnterthenameofthewebagent.
SpecifiesthenameoftheWebagentfromwhichtheSecureAccessdeviceistoobtainSMSESSIONcookies.
NOTE:ThisfieldisdisplayedonlywhenyouselectFormPOSToptionfromtheAuthenticationTypedrop-downlist.
FormPOSTWebagentEnterport80forHTTPorport443forHTTPS.
Specifiestheportfortheprotocol.
NOTE:ThisfieldisdisplayedonlywhenyouselecttheFormPOSToptionfromtheAuthenticationTypedrop-downlist.
FormPOSTPortEnterthepathoftheWebagent'ssign-inpage.
NOTE:Thepathmuststartwithabackslash(/)character.
IntheWebagentsign-inpageURL,thepathappearsaftertheWebagent.
Specifiesthepathofthesign-inpage.
NOTE:ThisfieldisdisplayedonlywhenyouselecttheFormPOSToptionfromtheAuthenticationTypedrop-downlist.
FormPOSTPathEnterthepostparameters.
CommonSiteMindervariablesthatyoucanuseinclude__USER__,__PASS__,and__TARGET__.
ThesevariablesarereplacedbytheusernameandpasswordenteredbytheuserontheWebagent'ssign-inpageandbythevaluespecifiedintheTargetfield.
Thesearethedefaultparametersforlogin.
fcc—ifyouhavemadecustomizations,youmayneedtochangetheseparameters.
Specifiesthepostparameterstobesentwhenausersignsin.
NOTE:ThisfieldisdisplayedonlywhenyouselecttheFormPOSToptionfromtheAuthenticationTypedrop-downlist.
FormPOSTParametersConfiguringaSecureAccesseTrustSiteMinderServerInstance(NSMProcedure)5Table1:SecureAccesseTrustSiteMinderConfigurationDetails(continued)YourActionFunctionOptionSelectSiteminderSettings>Authentication>AuthenticationType>DelegatetoaStandardAgentoptionfromtheAuthenticationTypedrop-downlist.
Delegatesauthenticationtoastandardagent.
WhentheuseraccessestheSecureAccessdevicesign-inpage,theSecureAccessdevicedeterminestheFCCURLassociatedwiththeprotectedresource'sauthenticationscheme.
TheSecureAccessdeviceredirectstheusertothatURL,settingtheSecureAccessdevicesign-inURLasthetarget.
Aftersuccessfullyauthenticatingwiththestandardagent,anSMSESSIONcookieissetintheuser'sbrowserandtheuserisredirectedbacktotheSecureAccessdevice.
TheSecureAccessdevicethenautomaticallysignsintheuserandestablishesaSecureAccesssession.
AuthenticationType>DelegatetoaStandardAgentSiteminderSettings>AuthorizationtabSelectSiteminderSettings>Authorization>AuthorizerequestsagainstSiteMinderpolicyserver.
UsesSiteMinderpolicyserverrulestoauthorizeuserWebresourcerequests.
Ifyouselectthisoption,makesurethatyoucreatetheappropriaterulesinSiteMinderthatstartwiththeservernamefollowedbyaforwardslash,suchas:"www.
yahoo.
com/","www.
yahoo.
com/*",and"www.
yahoo.
com/r/f1".
AuthorizerequestsagainstSiteMinderpolicyserver6ConfiguringaSecureAccesseTrustSiteMinderServerInstance(NSMProcedure)Table1:SecureAccesseTrustSiteMinderConfigurationDetails(continued)YourActionFunctionOptionEnteraURL.
SpecifiesanalternativeURLthatusersareredirectedtoiftheSecureAccessdevicefailstoauthorizeandnoredirectresponseisreceivedfromtheSiteMinderpolicyserver.
Ifyouleavethisfieldempty,usersarepromptedtosignbackintotheSecureAccessdevice.
NOTE:Ifyouareusinganauthorization-onlyaccesspolicy,youmustenteranalternativeURLinthisfieldregardlessofwhethertheAuthorizerequestsagainstSiteMinderpolicyserveroptionisselected.
UsersareredirectedtothisURLwhenanaccessdeniederroroccurs.
See"Definingauthorization-onlyaccesspolicies.
"Ifauthorizationfails,redirecttoEnteraURL.
SpecifiesaresourceontheWebagenttowhichtheSecureAccessdeviceredirectsuserswhentheydonothavetheappropriatepermissions.
ResourceforinsufficientprotectionlevelEntertheextensionsofeachfiletypethatyouwanttoignore,separatingeachwithacomma.
Forexample,enter.
gif,.
jpeg,.
jpg,.
bmptoignorevariousimagetypes.
Youcannotusewildcardcharacters(suchas*,*.
*,or.
*)toignorearangeoffiletypes.
Specifiesfileextensionscorrespondingtofiletypesthatdonotrequireauthorization.
IgnoreauthorizationforfileswithextensionsServerCatalog>ExpressionstabEnteraname.
SpecifiesanamefortheuserexpressionintheSiteMinderuserdirectory.
NameEnteravalue.
SpecifiesavaluefortheuserexpressionintheSiteMinderuserdirectory.
ValueServerCatalog>AttributestabEnteraname.
SpecifiesthenameoftheuserattributecookieintheSiteMinderuserdirectory.
NameConfiguringaSecureAccesseTrustSiteMinderServerInstance(NSMProcedure)7Table2:SecureAccesseTrustSiteMinderAdvancedConfigurationDetailsYourActionFunctionOptionSiteminderSettings>AdvancedtabEnterthepollintervalinseconds.
SpecifiestheintervalatwhichSecureAccessdevicepollstheSiteMinderpolicyservertocheckforanewkey.
PollInterval(seconds)Enteranumber.
ControlsthemaximumnumberofsimultaneousconnectionsthattheSecureAccessdeviceisallowedtomaketothepolicyserver.
NOTE:Thedefaultsettingis20.
MaximumAgentsEnteranumber.
ControlsthemaximumnumberofrequeststhatthepolicyserverconnectionhandlesbeforetheSecureAccessdeviceendstheconnection.
Ifnecessary,tunetoincreaseperformance.
NOTE:Thedefaultsettingis1000.
MaximumRequests/AgentEntertheIdletimeoutinminutes.
Controlsthemaximumnumberofminutesaconnectiontothepolicyservermayremainidle(theconnectionisnothandlingrequests)beforetheSecureAccessdeviceendstheconnection.
Thedefaultsettingof"none"indicatesnotimelimit.
IdleTimeout(minutes)SelectSiteminderSettings>Advanced>AuthorizewhileAuthenticating.
SpecifiesthattheSecureAccessdeviceshouldlookupuserattributesonthepolicyserverimmediatelyafterauthenticationtodetermineiftheuseristrulyauthenticated.
AuthorizewhileAuthenticating8ConfiguringaSecureAccesseTrustSiteMinderServerInstance(NSMProcedure)Table2:SecureAccesseTrustSiteMinderAdvancedConfigurationDetails(continued)YourActionFunctionOptionSiteminderSettings>AdvancedtabSelectSiteminderSettings>Advanced>EnableSessionGracePeriodtoenablethisfeature.
Youcaneliminatetheoverheadofverifyingauser'sSMSESSIONcookieeachtimetheuserrequeststhesameresourcebyindicatingthattheSecureAccessdeviceshouldconsiderthecookievalidforacertainperiodoftime.
Duringthatperiod,theSecureAccessdeviceassumesthatitscachedcookieisvalidratherthanrevalidatingitagainstthepolicyserver.
Notethatthevalueenteredheredoesnotaffectsessionoridletimeoutchecking.
Eliminatestheoverheadofverifyingauser'sSMSESSIONcookieeachtimetheuserrequeststhesameresourcebyindicatingthattheSecureAccessdeviceshouldconsiderthecookievalidforacertainperiodoftime.
Ifyoudonotselectthisoption,theSecureAccessdevicecheckstheuser'sSMSESSIONcookieoneachrequest.
EnableSessionGracePeriodEnterthetimeperiodinseconds.
SpecifiesthetimeperiodfortheSecureAccessdevicetoeliminatetheoverheadofverifyingauser'sSMSESSIONcookieeachtimetheuserrequeststhesameresourcebyindicatingthattheSecureAccessdeviceshouldconsiderthecookievalidforacertainperiodoftime.
Validatecookieevery(seconds)SelecttheIgnoreQueryDataoptiontoenablethisfeature.
SpecifiesthattheSecureAccessdevicedoesnotcachethequeryparameterinitsURLs.
Therefore,ifauserrequeststhesameresourceasisspecifiedinthecachedURL,therequestshouldnotfail.
IgnoreQueryDataEnterthevalue.
SpecifiesthatthevalueenteredinthisfieldmustmatchtheaccountingportvalueenteredthroughthePolicyServerManagementConsoleinthewebUI.
Bydefault,thisfieldmatchesthepolicyserver'sdefaultsettingof44441.
AccountingPortConfiguringaSecureAccesseTrustSiteMinderServerInstance(NSMProcedure)9Table2:SecureAccesseTrustSiteMinderAdvancedConfigurationDetails(continued)YourActionFunctionOptionSiteminderSettings>AdvancedtabEnteravalue.
ThevalueenteredinthisfieldmustmatchtheauthenticationportvalueenteredthroughthePolicyServerManagementConsole.
Bydefault,thisfieldmatchesthepolicyserver'sdefaultsettingof44442.
AuthenticationPortEnteravalue.
ThevalueenteredinthisfieldmustmatchtheauthorizationportvalueenteredthroughthePolicyServerManagementConsole.
Bydefault,thisfieldmatchesthepolicyserver'sdefaultsettingof44443.
AuthorizationPortRelatedTopicsConfiguringaSecureAccessCertificateServerInstance(NSMProcedure)ConfiguringaSecureAccessSAMLServerInstance(NSMProcedure)ConfiguringaSecureAccessAnonymousServerInstance(NSMProcedure)Published:2009-08-2010ConfiguringaSecureAccesseTrustSiteMinderServerInstance(NSMProcedure)
- resourceaccessdenied相关文档
- Repositoriesaccessdenied
- 网关accessdenied
- mainaccessdenied
- networksaccessdenied
- 口罩accessdenied
- Remoteaccessdenied
日本美国站群服务器raksmart站群新增,限量低至月1.99美元
RAKsmart 商家八月份的促销活动今天更新。基本上和上个月的产品套餐活动差不多的,不过也是有简单的微调。对于RAKsmart商家还是比较了解的,他们家产品虽然这两年增加多个机房,以及在VPS主机方案上有丰富的机房和调整到一些自营机房,他们家的策划能力还是有限,基本上每个月的套餐活动都差不多。RAKsmart 在八月份看到有新增香港高防服务器可选,最高100GB防御。同时原来上个月缺货的日本独立...
TmhHost暑假活动:高端线路VPS季付8折优惠,可选洛杉矶CN2 GIA/日本软银/香港三网CN2 GIA/韩国双向CN2等
tmhhost怎么样?tmhhost正在搞暑假大促销活动,全部是高端线路VPS,现在直接季付8折优惠,活动截止时间是8月31日。可选机房及线路有美国洛杉矶cn2 gia+200G高防、洛杉矶三网CN2 GIA、洛杉矶CERA机房CN2 GIA,日本软银(100M带宽)、香港BGP直连200M带宽、香港三网CN2 GIA、韩国双向CN2。点击进入:tmhhost官方网站地址tmhhost优惠码:Tm...
VoLLcloud7折月付$3,香港CMI云服务器原生IP解锁,香港VoLLcloud
vollcloud怎么样?vollcloud LLC创立于2020年,是一家以互联网基础业务服务为主的 技术型企业,运营全球数据中心业务。VoLLcloud LLC针对新老用户推出全场年付产品7折促销优惠,共30个,机会难得,所有产品支持3日内无条件退款,同时提供产品免费体验。目前所有产品中,“镇店之宝”产品性价比高,适用大部分用户基础应用,卖的也是最好,同时,在这里感谢新老用户的支持和信任,我们...
accessdenied为你推荐
-
accessdenied网页打开显示Access Denied,怎么解决cisco2960思科2960如何划分vlan?支付宝调整还款日花呗还款日是什么时候呢特朗普吐槽iPhone为什么那么多人吐槽iphone申请支付宝账户支付宝账户怎么申请?平阴县教育和体育局下属锦东小学教学设备采购项目竞争性磋商文件文档下载请问手机版wps如何把云文档下载到手机上的本地文档?温州商标注册温州注册公司在哪里注册我爱e书网手机怎么下载电子书佛山海虹海虹蒸多长时间