resourceaccessdenied
accessdenied 时间:2021-04-13 阅读:()
ConfiguringaSecureAccesseTrustSiteMinderServerInstance(NSMProcedure)WithintheSecureAccessdevice,aSiteMinderinstanceisasetofconfigurationsettingsthatdefineshowtheSecureAccessdeviceinteractswiththeSiteMinderpolicyserver.
ToconfiguretheSiteMinderserverinstance:1.
IntheNSMnavigationtree,selectDeviceManager>Devices.
2.
ClicktheDeviceTreetab,andthendouble-clicktheSecureAccessdeviceforwhichyouwanttoconfigureeTrustSiteMinderserverinstance.
3.
ClicktheConfigurationtabandselectAuthentication>AuthServers.
Thecorrespondingworkspaceappears.
NOTE:Ifyouwanttoupdateanexistingserverinstance,clicktheappropriatelinkintheAuthServerNamebox,andperformtheSteps5through10.
4.
ClicktheNewbutton.
TheNewdialogboxappears.
5.
IntheAuthServerNamelist,specifyanametoidentifytheserverinstance.
6.
SelectSiteMinderServerfromtheAuthServerTypelist.
7.
ConfiguretheserverusingthesettingsdescribedinTable1.
8.
Clickone:OK—Savesthechanges.
Cancel—Cancelsthemodifications.
9.
SetadvancedSiteMinderconfigurationoptions(optional)usingthesettingsdescribedinTable2.
Table1:SecureAccesseTrustSiteMinderConfigurationDetailsYourActionFunctionOptionSiteminderSettings>BasicSettingstabEnteranameorIPaddress.
SpecifiesthenameorIPaddressoftheSiteMinderpolicyserver.
PolicyServerEnteracomma-delimitedlistofbackuppolicyservers(optional).
Specifiesalistofbackuppolicyservers(optional).
BackupServer(s)ConfiguringaSecureAccesseTrustSiteMinderServerInstance(NSMProcedure)1Table1:SecureAccesseTrustSiteMinderConfigurationDetails(continued)YourActionFunctionOptionSelectYes—SecureAccessdeviceusesthemainpolicyserverunlessitfails.
SelectNo—SecureAccessdeviceloadbalancesamongallthespecifiedpolicyservers.
AllowstheSecureAccessdevicetousethemainpolicyserverunlessitfails.
FailoverModeEnteranagentname.
NOTE:Sharedsecretandagentnamearecase-sensitive.
SpecifiestheSiteMinderagentname.
AgentNameEnterasharedsecretname.
NOTE:Sharedsecretandagentnamearecase-sensitive.
Specifiesthesharedsecret.
SecretSelecttheserverversionfromthedrop-downlist.
SpecifiesaSiteMinderserverversion.
Version5.
5supports5.
5and6.
0.
Version6.
0supportsonly6.
0oftheSiteMinderserverAPI.
Thedefaultvalueis5.
5policyservers.
CompatiblewithEnteraURL.
SpecifiesaURLtowhichusersareredirectedwhentheysignoutoftheSecureAccessdevice(optional).
Ifyouleavethisfieldempty,usersseethedefaultSecureAccessdevicesign-inpage.
Onlogout,redirecttoEnteraURL.
NOTE:Youmustenteraforwardslash(/)atthebeginningoftheresource(forexample,enter"/ive-authentication").
Specifiesadefaultprotectedresource.
Ifyoudonotcreatesign-inpoliciesforSiteMinder,theSecureAccessdeviceusesthisdefaultURLtosettheuser'sprotectionlevelforthesession.
TheSecureAccessdevicealsousesthisdefaultURLifyouselecttheAutomaticSign-Inoption.
ProtectedResourceSiteminderSettings>SMSESSIONcookiesettingstab2ConfiguringaSecureAccesseTrustSiteMinderServerInstance(NSMProcedure)Table1:SecureAccesseTrustSiteMinderConfigurationDetails(continued)YourActionFunctionOptionEnteraURLforthecookiedomain.
NOTE:Multipledomainsshouldusealeadingperiodandbecommaseparated.
Forexample:.
sales.
myorg.
com,.
marketing.
myorg.
com.
Domainnamesarecase-sensitive.
Youcannotusewildcardcharacters.
Forexample,ifyoudefine".
juniper.
net",theusermustaccesstheSecureAccessdeviceas"http://secureaccessdevice.
juniper.
net"toensurethathisSMSESSIONcookieissentbacktotheSecureAccessdevice.
SpecifiesthecookiedomainoftheSecureAccessdevice.
CookieDomainEnteraURL.
Specifiestheinternetdomain(s)towhichtheSecureAccessdevicesendstheSMSESSIONcookieusingthesameguidelinesoutlinedfortheCookieDomainfield.
IVECookieDomainSelecttheprotocolfromthedrop-downlist:HTTPS—SendscookiessecurelyifotherWebagentsaresetuptoacceptsecurecookies.
HTTP—Sendscookiesnonsecurely.
Sendscookiessecurelyandnonsecurely.
ProtocolSiteminderSettings>AuthenticationtabSelecttheAutomaticSign-Inoptiontoenablethisfeature.
AllowsuserswithavalidSMSESSIONtoautomaticallysignintotheSecureAccessdevice.
AutomaticSign-InSelectanauthenticationrealmfromthedrop-downlist.
Specifiesanauthenticationrealmforautomaticallysigned-inusers.
TheSecureAccessdevicemapstheusertoarolebasedontherolemappingrulesdefinedintheselectedrealm.
AutomaticSignInrealmtouseConfiguringaSecureAccesseTrustSiteMinderServerInstance(NSMProcedure)3Table1:SecureAccesseTrustSiteMinderConfigurationDetails(continued)YourActionFunctionOptionEnteraURL.
SpecifiesanalternateURLforuserswhosignintotheSecureAccessdevicethroughtheAutomaticSign-Inmechanism.
TheSecureAccessdeviceredirectsuserstothespecifiedURLiftheSecureAccessdevicefailstoauthenticateandnoredirectresponseisreceivedfromtheSiteMinderpolicyserver.
Ifyouleavethisfieldempty,usersarepromptedtosignbackintotheSecureAccessdevice.
NOTE:Userswhosigninthroughthesign-inpagearealwaysredirectedbacktotheSecureAccessdevicesign-inpageifauthenticationfails.
IfAutomaticSignInfails,redirecttoSelectSiteminderSettings>Authentication>AuthenticationType>CustomAgentoptionfromtheAuthenticationTypedrop-downlist.
AuthenticatesusingtheSecureAccessdevicecustomWebagent.
AuthenticationType>CustomAgentSelectSiteminderSettings>Authentication>AuthenticationType>FormPOSToptionfromtheAuthenticationTypedrop-downlisttoallowtheWebagenttocontactthepolicyservertodeterminetheappropriatesign-inpagetodisplaytotheuser.
PostsusercredentialstoastandardWebagentthatyouhavealreadyconfiguredratherthancontactingtheSiteMinderpolicyserverdirectly.
AuthenticationType>FormPOSTEnterthetargetURL.
SpecifiesthetargetURL.
NOTE:Theformposttarget,formpostprotocol,formpostWebagent,formpostport,formpostpath,andformpostparametersfieldaredisplayedonlywhenyouselectFormPOSToptionfromtheAuthenticationtypedropdownlist.
FormPOSTTarget4ConfiguringaSecureAccesseTrustSiteMinderServerInstance(NSMProcedure)Table1:SecureAccesseTrustSiteMinderConfigurationDetails(continued)YourActionFunctionOptionSelecttheprotocolfromthedrop-downlist:HTTP—Fornonsecurecommunication.
HTTPS—Forsecurecommunication.
AllowsyoutospecifytheprotocolforcommunicationbetweenIVEandthespecifiedWebagent.
NOTE:ThisfieldisdisplayedonlywhenyouselecttheFormPOSToptionfromtheAuthenticationTypedrop-downlist.
FormPOSTProtocolEnterthenameofthewebagent.
SpecifiesthenameoftheWebagentfromwhichtheSecureAccessdeviceistoobtainSMSESSIONcookies.
NOTE:ThisfieldisdisplayedonlywhenyouselectFormPOSToptionfromtheAuthenticationTypedrop-downlist.
FormPOSTWebagentEnterport80forHTTPorport443forHTTPS.
Specifiestheportfortheprotocol.
NOTE:ThisfieldisdisplayedonlywhenyouselecttheFormPOSToptionfromtheAuthenticationTypedrop-downlist.
FormPOSTPortEnterthepathoftheWebagent'ssign-inpage.
NOTE:Thepathmuststartwithabackslash(/)character.
IntheWebagentsign-inpageURL,thepathappearsaftertheWebagent.
Specifiesthepathofthesign-inpage.
NOTE:ThisfieldisdisplayedonlywhenyouselecttheFormPOSToptionfromtheAuthenticationTypedrop-downlist.
FormPOSTPathEnterthepostparameters.
CommonSiteMindervariablesthatyoucanuseinclude__USER__,__PASS__,and__TARGET__.
ThesevariablesarereplacedbytheusernameandpasswordenteredbytheuserontheWebagent'ssign-inpageandbythevaluespecifiedintheTargetfield.
Thesearethedefaultparametersforlogin.
fcc—ifyouhavemadecustomizations,youmayneedtochangetheseparameters.
Specifiesthepostparameterstobesentwhenausersignsin.
NOTE:ThisfieldisdisplayedonlywhenyouselecttheFormPOSToptionfromtheAuthenticationTypedrop-downlist.
FormPOSTParametersConfiguringaSecureAccesseTrustSiteMinderServerInstance(NSMProcedure)5Table1:SecureAccesseTrustSiteMinderConfigurationDetails(continued)YourActionFunctionOptionSelectSiteminderSettings>Authentication>AuthenticationType>DelegatetoaStandardAgentoptionfromtheAuthenticationTypedrop-downlist.
Delegatesauthenticationtoastandardagent.
WhentheuseraccessestheSecureAccessdevicesign-inpage,theSecureAccessdevicedeterminestheFCCURLassociatedwiththeprotectedresource'sauthenticationscheme.
TheSecureAccessdeviceredirectstheusertothatURL,settingtheSecureAccessdevicesign-inURLasthetarget.
Aftersuccessfullyauthenticatingwiththestandardagent,anSMSESSIONcookieissetintheuser'sbrowserandtheuserisredirectedbacktotheSecureAccessdevice.
TheSecureAccessdevicethenautomaticallysignsintheuserandestablishesaSecureAccesssession.
AuthenticationType>DelegatetoaStandardAgentSiteminderSettings>AuthorizationtabSelectSiteminderSettings>Authorization>AuthorizerequestsagainstSiteMinderpolicyserver.
UsesSiteMinderpolicyserverrulestoauthorizeuserWebresourcerequests.
Ifyouselectthisoption,makesurethatyoucreatetheappropriaterulesinSiteMinderthatstartwiththeservernamefollowedbyaforwardslash,suchas:"www.
yahoo.
com/","www.
yahoo.
com/*",and"www.
yahoo.
com/r/f1".
AuthorizerequestsagainstSiteMinderpolicyserver6ConfiguringaSecureAccesseTrustSiteMinderServerInstance(NSMProcedure)Table1:SecureAccesseTrustSiteMinderConfigurationDetails(continued)YourActionFunctionOptionEnteraURL.
SpecifiesanalternativeURLthatusersareredirectedtoiftheSecureAccessdevicefailstoauthorizeandnoredirectresponseisreceivedfromtheSiteMinderpolicyserver.
Ifyouleavethisfieldempty,usersarepromptedtosignbackintotheSecureAccessdevice.
NOTE:Ifyouareusinganauthorization-onlyaccesspolicy,youmustenteranalternativeURLinthisfieldregardlessofwhethertheAuthorizerequestsagainstSiteMinderpolicyserveroptionisselected.
UsersareredirectedtothisURLwhenanaccessdeniederroroccurs.
See"Definingauthorization-onlyaccesspolicies.
"Ifauthorizationfails,redirecttoEnteraURL.
SpecifiesaresourceontheWebagenttowhichtheSecureAccessdeviceredirectsuserswhentheydonothavetheappropriatepermissions.
ResourceforinsufficientprotectionlevelEntertheextensionsofeachfiletypethatyouwanttoignore,separatingeachwithacomma.
Forexample,enter.
gif,.
jpeg,.
jpg,.
bmptoignorevariousimagetypes.
Youcannotusewildcardcharacters(suchas*,*.
*,or.
*)toignorearangeoffiletypes.
Specifiesfileextensionscorrespondingtofiletypesthatdonotrequireauthorization.
IgnoreauthorizationforfileswithextensionsServerCatalog>ExpressionstabEnteraname.
SpecifiesanamefortheuserexpressionintheSiteMinderuserdirectory.
NameEnteravalue.
SpecifiesavaluefortheuserexpressionintheSiteMinderuserdirectory.
ValueServerCatalog>AttributestabEnteraname.
SpecifiesthenameoftheuserattributecookieintheSiteMinderuserdirectory.
NameConfiguringaSecureAccesseTrustSiteMinderServerInstance(NSMProcedure)7Table2:SecureAccesseTrustSiteMinderAdvancedConfigurationDetailsYourActionFunctionOptionSiteminderSettings>AdvancedtabEnterthepollintervalinseconds.
SpecifiestheintervalatwhichSecureAccessdevicepollstheSiteMinderpolicyservertocheckforanewkey.
PollInterval(seconds)Enteranumber.
ControlsthemaximumnumberofsimultaneousconnectionsthattheSecureAccessdeviceisallowedtomaketothepolicyserver.
NOTE:Thedefaultsettingis20.
MaximumAgentsEnteranumber.
ControlsthemaximumnumberofrequeststhatthepolicyserverconnectionhandlesbeforetheSecureAccessdeviceendstheconnection.
Ifnecessary,tunetoincreaseperformance.
NOTE:Thedefaultsettingis1000.
MaximumRequests/AgentEntertheIdletimeoutinminutes.
Controlsthemaximumnumberofminutesaconnectiontothepolicyservermayremainidle(theconnectionisnothandlingrequests)beforetheSecureAccessdeviceendstheconnection.
Thedefaultsettingof"none"indicatesnotimelimit.
IdleTimeout(minutes)SelectSiteminderSettings>Advanced>AuthorizewhileAuthenticating.
SpecifiesthattheSecureAccessdeviceshouldlookupuserattributesonthepolicyserverimmediatelyafterauthenticationtodetermineiftheuseristrulyauthenticated.
AuthorizewhileAuthenticating8ConfiguringaSecureAccesseTrustSiteMinderServerInstance(NSMProcedure)Table2:SecureAccesseTrustSiteMinderAdvancedConfigurationDetails(continued)YourActionFunctionOptionSiteminderSettings>AdvancedtabSelectSiteminderSettings>Advanced>EnableSessionGracePeriodtoenablethisfeature.
Youcaneliminatetheoverheadofverifyingauser'sSMSESSIONcookieeachtimetheuserrequeststhesameresourcebyindicatingthattheSecureAccessdeviceshouldconsiderthecookievalidforacertainperiodoftime.
Duringthatperiod,theSecureAccessdeviceassumesthatitscachedcookieisvalidratherthanrevalidatingitagainstthepolicyserver.
Notethatthevalueenteredheredoesnotaffectsessionoridletimeoutchecking.
Eliminatestheoverheadofverifyingauser'sSMSESSIONcookieeachtimetheuserrequeststhesameresourcebyindicatingthattheSecureAccessdeviceshouldconsiderthecookievalidforacertainperiodoftime.
Ifyoudonotselectthisoption,theSecureAccessdevicecheckstheuser'sSMSESSIONcookieoneachrequest.
EnableSessionGracePeriodEnterthetimeperiodinseconds.
SpecifiesthetimeperiodfortheSecureAccessdevicetoeliminatetheoverheadofverifyingauser'sSMSESSIONcookieeachtimetheuserrequeststhesameresourcebyindicatingthattheSecureAccessdeviceshouldconsiderthecookievalidforacertainperiodoftime.
Validatecookieevery(seconds)SelecttheIgnoreQueryDataoptiontoenablethisfeature.
SpecifiesthattheSecureAccessdevicedoesnotcachethequeryparameterinitsURLs.
Therefore,ifauserrequeststhesameresourceasisspecifiedinthecachedURL,therequestshouldnotfail.
IgnoreQueryDataEnterthevalue.
SpecifiesthatthevalueenteredinthisfieldmustmatchtheaccountingportvalueenteredthroughthePolicyServerManagementConsoleinthewebUI.
Bydefault,thisfieldmatchesthepolicyserver'sdefaultsettingof44441.
AccountingPortConfiguringaSecureAccesseTrustSiteMinderServerInstance(NSMProcedure)9Table2:SecureAccesseTrustSiteMinderAdvancedConfigurationDetails(continued)YourActionFunctionOptionSiteminderSettings>AdvancedtabEnteravalue.
ThevalueenteredinthisfieldmustmatchtheauthenticationportvalueenteredthroughthePolicyServerManagementConsole.
Bydefault,thisfieldmatchesthepolicyserver'sdefaultsettingof44442.
AuthenticationPortEnteravalue.
ThevalueenteredinthisfieldmustmatchtheauthorizationportvalueenteredthroughthePolicyServerManagementConsole.
Bydefault,thisfieldmatchesthepolicyserver'sdefaultsettingof44443.
AuthorizationPortRelatedTopicsConfiguringaSecureAccessCertificateServerInstance(NSMProcedure)ConfiguringaSecureAccessSAMLServerInstance(NSMProcedure)ConfiguringaSecureAccessAnonymousServerInstance(NSMProcedure)Published:2009-08-2010ConfiguringaSecureAccesseTrustSiteMinderServerInstance(NSMProcedure)
ToconfiguretheSiteMinderserverinstance:1.
IntheNSMnavigationtree,selectDeviceManager>Devices.
2.
ClicktheDeviceTreetab,andthendouble-clicktheSecureAccessdeviceforwhichyouwanttoconfigureeTrustSiteMinderserverinstance.
3.
ClicktheConfigurationtabandselectAuthentication>AuthServers.
Thecorrespondingworkspaceappears.
NOTE:Ifyouwanttoupdateanexistingserverinstance,clicktheappropriatelinkintheAuthServerNamebox,andperformtheSteps5through10.
4.
ClicktheNewbutton.
TheNewdialogboxappears.
5.
IntheAuthServerNamelist,specifyanametoidentifytheserverinstance.
6.
SelectSiteMinderServerfromtheAuthServerTypelist.
7.
ConfiguretheserverusingthesettingsdescribedinTable1.
8.
Clickone:OK—Savesthechanges.
Cancel—Cancelsthemodifications.
9.
SetadvancedSiteMinderconfigurationoptions(optional)usingthesettingsdescribedinTable2.
Table1:SecureAccesseTrustSiteMinderConfigurationDetailsYourActionFunctionOptionSiteminderSettings>BasicSettingstabEnteranameorIPaddress.
SpecifiesthenameorIPaddressoftheSiteMinderpolicyserver.
PolicyServerEnteracomma-delimitedlistofbackuppolicyservers(optional).
Specifiesalistofbackuppolicyservers(optional).
BackupServer(s)ConfiguringaSecureAccesseTrustSiteMinderServerInstance(NSMProcedure)1Table1:SecureAccesseTrustSiteMinderConfigurationDetails(continued)YourActionFunctionOptionSelectYes—SecureAccessdeviceusesthemainpolicyserverunlessitfails.
SelectNo—SecureAccessdeviceloadbalancesamongallthespecifiedpolicyservers.
AllowstheSecureAccessdevicetousethemainpolicyserverunlessitfails.
FailoverModeEnteranagentname.
NOTE:Sharedsecretandagentnamearecase-sensitive.
SpecifiestheSiteMinderagentname.
AgentNameEnterasharedsecretname.
NOTE:Sharedsecretandagentnamearecase-sensitive.
Specifiesthesharedsecret.
SecretSelecttheserverversionfromthedrop-downlist.
SpecifiesaSiteMinderserverversion.
Version5.
5supports5.
5and6.
0.
Version6.
0supportsonly6.
0oftheSiteMinderserverAPI.
Thedefaultvalueis5.
5policyservers.
CompatiblewithEnteraURL.
SpecifiesaURLtowhichusersareredirectedwhentheysignoutoftheSecureAccessdevice(optional).
Ifyouleavethisfieldempty,usersseethedefaultSecureAccessdevicesign-inpage.
Onlogout,redirecttoEnteraURL.
NOTE:Youmustenteraforwardslash(/)atthebeginningoftheresource(forexample,enter"/ive-authentication").
Specifiesadefaultprotectedresource.
Ifyoudonotcreatesign-inpoliciesforSiteMinder,theSecureAccessdeviceusesthisdefaultURLtosettheuser'sprotectionlevelforthesession.
TheSecureAccessdevicealsousesthisdefaultURLifyouselecttheAutomaticSign-Inoption.
ProtectedResourceSiteminderSettings>SMSESSIONcookiesettingstab2ConfiguringaSecureAccesseTrustSiteMinderServerInstance(NSMProcedure)Table1:SecureAccesseTrustSiteMinderConfigurationDetails(continued)YourActionFunctionOptionEnteraURLforthecookiedomain.
NOTE:Multipledomainsshouldusealeadingperiodandbecommaseparated.
Forexample:.
sales.
myorg.
com,.
marketing.
myorg.
com.
Domainnamesarecase-sensitive.
Youcannotusewildcardcharacters.
Forexample,ifyoudefine".
juniper.
net",theusermustaccesstheSecureAccessdeviceas"http://secureaccessdevice.
juniper.
net"toensurethathisSMSESSIONcookieissentbacktotheSecureAccessdevice.
SpecifiesthecookiedomainoftheSecureAccessdevice.
CookieDomainEnteraURL.
Specifiestheinternetdomain(s)towhichtheSecureAccessdevicesendstheSMSESSIONcookieusingthesameguidelinesoutlinedfortheCookieDomainfield.
IVECookieDomainSelecttheprotocolfromthedrop-downlist:HTTPS—SendscookiessecurelyifotherWebagentsaresetuptoacceptsecurecookies.
HTTP—Sendscookiesnonsecurely.
Sendscookiessecurelyandnonsecurely.
ProtocolSiteminderSettings>AuthenticationtabSelecttheAutomaticSign-Inoptiontoenablethisfeature.
AllowsuserswithavalidSMSESSIONtoautomaticallysignintotheSecureAccessdevice.
AutomaticSign-InSelectanauthenticationrealmfromthedrop-downlist.
Specifiesanauthenticationrealmforautomaticallysigned-inusers.
TheSecureAccessdevicemapstheusertoarolebasedontherolemappingrulesdefinedintheselectedrealm.
AutomaticSignInrealmtouseConfiguringaSecureAccesseTrustSiteMinderServerInstance(NSMProcedure)3Table1:SecureAccesseTrustSiteMinderConfigurationDetails(continued)YourActionFunctionOptionEnteraURL.
SpecifiesanalternateURLforuserswhosignintotheSecureAccessdevicethroughtheAutomaticSign-Inmechanism.
TheSecureAccessdeviceredirectsuserstothespecifiedURLiftheSecureAccessdevicefailstoauthenticateandnoredirectresponseisreceivedfromtheSiteMinderpolicyserver.
Ifyouleavethisfieldempty,usersarepromptedtosignbackintotheSecureAccessdevice.
NOTE:Userswhosigninthroughthesign-inpagearealwaysredirectedbacktotheSecureAccessdevicesign-inpageifauthenticationfails.
IfAutomaticSignInfails,redirecttoSelectSiteminderSettings>Authentication>AuthenticationType>CustomAgentoptionfromtheAuthenticationTypedrop-downlist.
AuthenticatesusingtheSecureAccessdevicecustomWebagent.
AuthenticationType>CustomAgentSelectSiteminderSettings>Authentication>AuthenticationType>FormPOSToptionfromtheAuthenticationTypedrop-downlisttoallowtheWebagenttocontactthepolicyservertodeterminetheappropriatesign-inpagetodisplaytotheuser.
PostsusercredentialstoastandardWebagentthatyouhavealreadyconfiguredratherthancontactingtheSiteMinderpolicyserverdirectly.
AuthenticationType>FormPOSTEnterthetargetURL.
SpecifiesthetargetURL.
NOTE:Theformposttarget,formpostprotocol,formpostWebagent,formpostport,formpostpath,andformpostparametersfieldaredisplayedonlywhenyouselectFormPOSToptionfromtheAuthenticationtypedropdownlist.
FormPOSTTarget4ConfiguringaSecureAccesseTrustSiteMinderServerInstance(NSMProcedure)Table1:SecureAccesseTrustSiteMinderConfigurationDetails(continued)YourActionFunctionOptionSelecttheprotocolfromthedrop-downlist:HTTP—Fornonsecurecommunication.
HTTPS—Forsecurecommunication.
AllowsyoutospecifytheprotocolforcommunicationbetweenIVEandthespecifiedWebagent.
NOTE:ThisfieldisdisplayedonlywhenyouselecttheFormPOSToptionfromtheAuthenticationTypedrop-downlist.
FormPOSTProtocolEnterthenameofthewebagent.
SpecifiesthenameoftheWebagentfromwhichtheSecureAccessdeviceistoobtainSMSESSIONcookies.
NOTE:ThisfieldisdisplayedonlywhenyouselectFormPOSToptionfromtheAuthenticationTypedrop-downlist.
FormPOSTWebagentEnterport80forHTTPorport443forHTTPS.
Specifiestheportfortheprotocol.
NOTE:ThisfieldisdisplayedonlywhenyouselecttheFormPOSToptionfromtheAuthenticationTypedrop-downlist.
FormPOSTPortEnterthepathoftheWebagent'ssign-inpage.
NOTE:Thepathmuststartwithabackslash(/)character.
IntheWebagentsign-inpageURL,thepathappearsaftertheWebagent.
Specifiesthepathofthesign-inpage.
NOTE:ThisfieldisdisplayedonlywhenyouselecttheFormPOSToptionfromtheAuthenticationTypedrop-downlist.
FormPOSTPathEnterthepostparameters.
CommonSiteMindervariablesthatyoucanuseinclude__USER__,__PASS__,and__TARGET__.
ThesevariablesarereplacedbytheusernameandpasswordenteredbytheuserontheWebagent'ssign-inpageandbythevaluespecifiedintheTargetfield.
Thesearethedefaultparametersforlogin.
fcc—ifyouhavemadecustomizations,youmayneedtochangetheseparameters.
Specifiesthepostparameterstobesentwhenausersignsin.
NOTE:ThisfieldisdisplayedonlywhenyouselecttheFormPOSToptionfromtheAuthenticationTypedrop-downlist.
FormPOSTParametersConfiguringaSecureAccesseTrustSiteMinderServerInstance(NSMProcedure)5Table1:SecureAccesseTrustSiteMinderConfigurationDetails(continued)YourActionFunctionOptionSelectSiteminderSettings>Authentication>AuthenticationType>DelegatetoaStandardAgentoptionfromtheAuthenticationTypedrop-downlist.
Delegatesauthenticationtoastandardagent.
WhentheuseraccessestheSecureAccessdevicesign-inpage,theSecureAccessdevicedeterminestheFCCURLassociatedwiththeprotectedresource'sauthenticationscheme.
TheSecureAccessdeviceredirectstheusertothatURL,settingtheSecureAccessdevicesign-inURLasthetarget.
Aftersuccessfullyauthenticatingwiththestandardagent,anSMSESSIONcookieissetintheuser'sbrowserandtheuserisredirectedbacktotheSecureAccessdevice.
TheSecureAccessdevicethenautomaticallysignsintheuserandestablishesaSecureAccesssession.
AuthenticationType>DelegatetoaStandardAgentSiteminderSettings>AuthorizationtabSelectSiteminderSettings>Authorization>AuthorizerequestsagainstSiteMinderpolicyserver.
UsesSiteMinderpolicyserverrulestoauthorizeuserWebresourcerequests.
Ifyouselectthisoption,makesurethatyoucreatetheappropriaterulesinSiteMinderthatstartwiththeservernamefollowedbyaforwardslash,suchas:"www.
yahoo.
com/","www.
yahoo.
com/*",and"www.
yahoo.
com/r/f1".
AuthorizerequestsagainstSiteMinderpolicyserver6ConfiguringaSecureAccesseTrustSiteMinderServerInstance(NSMProcedure)Table1:SecureAccesseTrustSiteMinderConfigurationDetails(continued)YourActionFunctionOptionEnteraURL.
SpecifiesanalternativeURLthatusersareredirectedtoiftheSecureAccessdevicefailstoauthorizeandnoredirectresponseisreceivedfromtheSiteMinderpolicyserver.
Ifyouleavethisfieldempty,usersarepromptedtosignbackintotheSecureAccessdevice.
NOTE:Ifyouareusinganauthorization-onlyaccesspolicy,youmustenteranalternativeURLinthisfieldregardlessofwhethertheAuthorizerequestsagainstSiteMinderpolicyserveroptionisselected.
UsersareredirectedtothisURLwhenanaccessdeniederroroccurs.
See"Definingauthorization-onlyaccesspolicies.
"Ifauthorizationfails,redirecttoEnteraURL.
SpecifiesaresourceontheWebagenttowhichtheSecureAccessdeviceredirectsuserswhentheydonothavetheappropriatepermissions.
ResourceforinsufficientprotectionlevelEntertheextensionsofeachfiletypethatyouwanttoignore,separatingeachwithacomma.
Forexample,enter.
gif,.
jpeg,.
jpg,.
bmptoignorevariousimagetypes.
Youcannotusewildcardcharacters(suchas*,*.
*,or.
*)toignorearangeoffiletypes.
Specifiesfileextensionscorrespondingtofiletypesthatdonotrequireauthorization.
IgnoreauthorizationforfileswithextensionsServerCatalog>ExpressionstabEnteraname.
SpecifiesanamefortheuserexpressionintheSiteMinderuserdirectory.
NameEnteravalue.
SpecifiesavaluefortheuserexpressionintheSiteMinderuserdirectory.
ValueServerCatalog>AttributestabEnteraname.
SpecifiesthenameoftheuserattributecookieintheSiteMinderuserdirectory.
NameConfiguringaSecureAccesseTrustSiteMinderServerInstance(NSMProcedure)7Table2:SecureAccesseTrustSiteMinderAdvancedConfigurationDetailsYourActionFunctionOptionSiteminderSettings>AdvancedtabEnterthepollintervalinseconds.
SpecifiestheintervalatwhichSecureAccessdevicepollstheSiteMinderpolicyservertocheckforanewkey.
PollInterval(seconds)Enteranumber.
ControlsthemaximumnumberofsimultaneousconnectionsthattheSecureAccessdeviceisallowedtomaketothepolicyserver.
NOTE:Thedefaultsettingis20.
MaximumAgentsEnteranumber.
ControlsthemaximumnumberofrequeststhatthepolicyserverconnectionhandlesbeforetheSecureAccessdeviceendstheconnection.
Ifnecessary,tunetoincreaseperformance.
NOTE:Thedefaultsettingis1000.
MaximumRequests/AgentEntertheIdletimeoutinminutes.
Controlsthemaximumnumberofminutesaconnectiontothepolicyservermayremainidle(theconnectionisnothandlingrequests)beforetheSecureAccessdeviceendstheconnection.
Thedefaultsettingof"none"indicatesnotimelimit.
IdleTimeout(minutes)SelectSiteminderSettings>Advanced>AuthorizewhileAuthenticating.
SpecifiesthattheSecureAccessdeviceshouldlookupuserattributesonthepolicyserverimmediatelyafterauthenticationtodetermineiftheuseristrulyauthenticated.
AuthorizewhileAuthenticating8ConfiguringaSecureAccesseTrustSiteMinderServerInstance(NSMProcedure)Table2:SecureAccesseTrustSiteMinderAdvancedConfigurationDetails(continued)YourActionFunctionOptionSiteminderSettings>AdvancedtabSelectSiteminderSettings>Advanced>EnableSessionGracePeriodtoenablethisfeature.
Youcaneliminatetheoverheadofverifyingauser'sSMSESSIONcookieeachtimetheuserrequeststhesameresourcebyindicatingthattheSecureAccessdeviceshouldconsiderthecookievalidforacertainperiodoftime.
Duringthatperiod,theSecureAccessdeviceassumesthatitscachedcookieisvalidratherthanrevalidatingitagainstthepolicyserver.
Notethatthevalueenteredheredoesnotaffectsessionoridletimeoutchecking.
Eliminatestheoverheadofverifyingauser'sSMSESSIONcookieeachtimetheuserrequeststhesameresourcebyindicatingthattheSecureAccessdeviceshouldconsiderthecookievalidforacertainperiodoftime.
Ifyoudonotselectthisoption,theSecureAccessdevicecheckstheuser'sSMSESSIONcookieoneachrequest.
EnableSessionGracePeriodEnterthetimeperiodinseconds.
SpecifiesthetimeperiodfortheSecureAccessdevicetoeliminatetheoverheadofverifyingauser'sSMSESSIONcookieeachtimetheuserrequeststhesameresourcebyindicatingthattheSecureAccessdeviceshouldconsiderthecookievalidforacertainperiodoftime.
Validatecookieevery(seconds)SelecttheIgnoreQueryDataoptiontoenablethisfeature.
SpecifiesthattheSecureAccessdevicedoesnotcachethequeryparameterinitsURLs.
Therefore,ifauserrequeststhesameresourceasisspecifiedinthecachedURL,therequestshouldnotfail.
IgnoreQueryDataEnterthevalue.
SpecifiesthatthevalueenteredinthisfieldmustmatchtheaccountingportvalueenteredthroughthePolicyServerManagementConsoleinthewebUI.
Bydefault,thisfieldmatchesthepolicyserver'sdefaultsettingof44441.
AccountingPortConfiguringaSecureAccesseTrustSiteMinderServerInstance(NSMProcedure)9Table2:SecureAccesseTrustSiteMinderAdvancedConfigurationDetails(continued)YourActionFunctionOptionSiteminderSettings>AdvancedtabEnteravalue.
ThevalueenteredinthisfieldmustmatchtheauthenticationportvalueenteredthroughthePolicyServerManagementConsole.
Bydefault,thisfieldmatchesthepolicyserver'sdefaultsettingof44442.
AuthenticationPortEnteravalue.
ThevalueenteredinthisfieldmustmatchtheauthorizationportvalueenteredthroughthePolicyServerManagementConsole.
Bydefault,thisfieldmatchesthepolicyserver'sdefaultsettingof44443.
AuthorizationPortRelatedTopicsConfiguringaSecureAccessCertificateServerInstance(NSMProcedure)ConfiguringaSecureAccessSAMLServerInstance(NSMProcedure)ConfiguringaSecureAccessAnonymousServerInstance(NSMProcedure)Published:2009-08-2010ConfiguringaSecureAccesseTrustSiteMinderServerInstance(NSMProcedure)
- resourceaccessdenied相关文档
- Repositoriesaccessdenied
- 网关accessdenied
- mainaccessdenied
- networksaccessdenied
- 口罩accessdenied
- Remoteaccessdenied
Webhosting24:€15/年-AMD Ryzen/512MB/10GB/2TB/纽约&日本&新加坡等机房
Webhosting24是一家始于2001年的意大利商家,提供的产品包括虚拟主机、VPS、独立服务器等,可选数机房包括美国洛杉矶、迈阿密、纽约、德国慕尼黑、日本、新加坡、澳大利亚悉尼等。商家VPS主机采用AMD Ryzen 9 5950X CPU,NVMe磁盘,基于KVM架构,德国机房不限制流量,网站采用欧元计费,最低年付15欧元起。这里以美国机房为例,分享几款套餐配置信息。CPU:1core内存...
Megalayer(月599元)限时8月香港和美国大带宽服务器
第一、香港服务器机房这里我们可以看到有提供四个大带宽方案,是全向带宽和国际带宽,前者适合除了中国大陆地区的全网地区用户可以用,后者国际带宽适合欧美地区业务。如果我们是需要大陆地区速度CN2优化的,那就需要选择常规的优化带宽方案,参考这里。CPU内存硬盘带宽流量价格选择E3-12308GB240GB SSD50M全向带宽不限999元/月方案选择E3-12308GB240GB SSD100M国际带宽不...
BlueHost主机商年中618活动全场低至五折
BlueHost 主机商在以前做外贸网站的时候还是经常会用到的,想必那时候有做外贸网站或者是选择海外主机的时候还是较多会用BlueHost主机商的。只不过这些年云服务器流行且性价比较高,于是大家可选择商家变多,但是BlueHost在外贸主机用户群中可选的还是比较多的。这次年中618活动大促来袭,毕竟BLUEHOST商家目前中文公司设立在上海,等后面有机会也过去看看。他们也会根据我们的国内年中促销发...
accessdenied为你推荐
-
org_1http新iphone也将禁售现在2017年iPhone6s还有多久会被淘汰支付宝调整还款日蚂蚁借呗还款日能改吗科创板首批名单首批公布的24个历史文化明城是那些billboardchina中国有进美国BillBoard榜的人吗如何发帖子怎么发表贴子?无忧登陆无忧登录好吗?网上支付功能什么是网银支付邮件管理系统邮件管理软件哪种最好?localsettings我电脑里面没有这个Local Settings怎么办?