resourceaccessdenied
accessdenied 时间:2021-04-13 阅读:()
ConfiguringaSecureAccesseTrustSiteMinderServerInstance(NSMProcedure)WithintheSecureAccessdevice,aSiteMinderinstanceisasetofconfigurationsettingsthatdefineshowtheSecureAccessdeviceinteractswiththeSiteMinderpolicyserver.
ToconfiguretheSiteMinderserverinstance:1.
IntheNSMnavigationtree,selectDeviceManager>Devices.
2.
ClicktheDeviceTreetab,andthendouble-clicktheSecureAccessdeviceforwhichyouwanttoconfigureeTrustSiteMinderserverinstance.
3.
ClicktheConfigurationtabandselectAuthentication>AuthServers.
Thecorrespondingworkspaceappears.
NOTE:Ifyouwanttoupdateanexistingserverinstance,clicktheappropriatelinkintheAuthServerNamebox,andperformtheSteps5through10.
4.
ClicktheNewbutton.
TheNewdialogboxappears.
5.
IntheAuthServerNamelist,specifyanametoidentifytheserverinstance.
6.
SelectSiteMinderServerfromtheAuthServerTypelist.
7.
ConfiguretheserverusingthesettingsdescribedinTable1.
8.
Clickone:OK—Savesthechanges.
Cancel—Cancelsthemodifications.
9.
SetadvancedSiteMinderconfigurationoptions(optional)usingthesettingsdescribedinTable2.
Table1:SecureAccesseTrustSiteMinderConfigurationDetailsYourActionFunctionOptionSiteminderSettings>BasicSettingstabEnteranameorIPaddress.
SpecifiesthenameorIPaddressoftheSiteMinderpolicyserver.
PolicyServerEnteracomma-delimitedlistofbackuppolicyservers(optional).
Specifiesalistofbackuppolicyservers(optional).
BackupServer(s)ConfiguringaSecureAccesseTrustSiteMinderServerInstance(NSMProcedure)1Table1:SecureAccesseTrustSiteMinderConfigurationDetails(continued)YourActionFunctionOptionSelectYes—SecureAccessdeviceusesthemainpolicyserverunlessitfails.
SelectNo—SecureAccessdeviceloadbalancesamongallthespecifiedpolicyservers.
AllowstheSecureAccessdevicetousethemainpolicyserverunlessitfails.
FailoverModeEnteranagentname.
NOTE:Sharedsecretandagentnamearecase-sensitive.
SpecifiestheSiteMinderagentname.
AgentNameEnterasharedsecretname.
NOTE:Sharedsecretandagentnamearecase-sensitive.
Specifiesthesharedsecret.
SecretSelecttheserverversionfromthedrop-downlist.
SpecifiesaSiteMinderserverversion.
Version5.
5supports5.
5and6.
0.
Version6.
0supportsonly6.
0oftheSiteMinderserverAPI.
Thedefaultvalueis5.
5policyservers.
CompatiblewithEnteraURL.
SpecifiesaURLtowhichusersareredirectedwhentheysignoutoftheSecureAccessdevice(optional).
Ifyouleavethisfieldempty,usersseethedefaultSecureAccessdevicesign-inpage.
Onlogout,redirecttoEnteraURL.
NOTE:Youmustenteraforwardslash(/)atthebeginningoftheresource(forexample,enter"/ive-authentication").
Specifiesadefaultprotectedresource.
Ifyoudonotcreatesign-inpoliciesforSiteMinder,theSecureAccessdeviceusesthisdefaultURLtosettheuser'sprotectionlevelforthesession.
TheSecureAccessdevicealsousesthisdefaultURLifyouselecttheAutomaticSign-Inoption.
ProtectedResourceSiteminderSettings>SMSESSIONcookiesettingstab2ConfiguringaSecureAccesseTrustSiteMinderServerInstance(NSMProcedure)Table1:SecureAccesseTrustSiteMinderConfigurationDetails(continued)YourActionFunctionOptionEnteraURLforthecookiedomain.
NOTE:Multipledomainsshouldusealeadingperiodandbecommaseparated.
Forexample:.
sales.
myorg.
com,.
marketing.
myorg.
com.
Domainnamesarecase-sensitive.
Youcannotusewildcardcharacters.
Forexample,ifyoudefine".
juniper.
net",theusermustaccesstheSecureAccessdeviceas"http://secureaccessdevice.
juniper.
net"toensurethathisSMSESSIONcookieissentbacktotheSecureAccessdevice.
SpecifiesthecookiedomainoftheSecureAccessdevice.
CookieDomainEnteraURL.
Specifiestheinternetdomain(s)towhichtheSecureAccessdevicesendstheSMSESSIONcookieusingthesameguidelinesoutlinedfortheCookieDomainfield.
IVECookieDomainSelecttheprotocolfromthedrop-downlist:HTTPS—SendscookiessecurelyifotherWebagentsaresetuptoacceptsecurecookies.
HTTP—Sendscookiesnonsecurely.
Sendscookiessecurelyandnonsecurely.
ProtocolSiteminderSettings>AuthenticationtabSelecttheAutomaticSign-Inoptiontoenablethisfeature.
AllowsuserswithavalidSMSESSIONtoautomaticallysignintotheSecureAccessdevice.
AutomaticSign-InSelectanauthenticationrealmfromthedrop-downlist.
Specifiesanauthenticationrealmforautomaticallysigned-inusers.
TheSecureAccessdevicemapstheusertoarolebasedontherolemappingrulesdefinedintheselectedrealm.
AutomaticSignInrealmtouseConfiguringaSecureAccesseTrustSiteMinderServerInstance(NSMProcedure)3Table1:SecureAccesseTrustSiteMinderConfigurationDetails(continued)YourActionFunctionOptionEnteraURL.
SpecifiesanalternateURLforuserswhosignintotheSecureAccessdevicethroughtheAutomaticSign-Inmechanism.
TheSecureAccessdeviceredirectsuserstothespecifiedURLiftheSecureAccessdevicefailstoauthenticateandnoredirectresponseisreceivedfromtheSiteMinderpolicyserver.
Ifyouleavethisfieldempty,usersarepromptedtosignbackintotheSecureAccessdevice.
NOTE:Userswhosigninthroughthesign-inpagearealwaysredirectedbacktotheSecureAccessdevicesign-inpageifauthenticationfails.
IfAutomaticSignInfails,redirecttoSelectSiteminderSettings>Authentication>AuthenticationType>CustomAgentoptionfromtheAuthenticationTypedrop-downlist.
AuthenticatesusingtheSecureAccessdevicecustomWebagent.
AuthenticationType>CustomAgentSelectSiteminderSettings>Authentication>AuthenticationType>FormPOSToptionfromtheAuthenticationTypedrop-downlisttoallowtheWebagenttocontactthepolicyservertodeterminetheappropriatesign-inpagetodisplaytotheuser.
PostsusercredentialstoastandardWebagentthatyouhavealreadyconfiguredratherthancontactingtheSiteMinderpolicyserverdirectly.
AuthenticationType>FormPOSTEnterthetargetURL.
SpecifiesthetargetURL.
NOTE:Theformposttarget,formpostprotocol,formpostWebagent,formpostport,formpostpath,andformpostparametersfieldaredisplayedonlywhenyouselectFormPOSToptionfromtheAuthenticationtypedropdownlist.
FormPOSTTarget4ConfiguringaSecureAccesseTrustSiteMinderServerInstance(NSMProcedure)Table1:SecureAccesseTrustSiteMinderConfigurationDetails(continued)YourActionFunctionOptionSelecttheprotocolfromthedrop-downlist:HTTP—Fornonsecurecommunication.
HTTPS—Forsecurecommunication.
AllowsyoutospecifytheprotocolforcommunicationbetweenIVEandthespecifiedWebagent.
NOTE:ThisfieldisdisplayedonlywhenyouselecttheFormPOSToptionfromtheAuthenticationTypedrop-downlist.
FormPOSTProtocolEnterthenameofthewebagent.
SpecifiesthenameoftheWebagentfromwhichtheSecureAccessdeviceistoobtainSMSESSIONcookies.
NOTE:ThisfieldisdisplayedonlywhenyouselectFormPOSToptionfromtheAuthenticationTypedrop-downlist.
FormPOSTWebagentEnterport80forHTTPorport443forHTTPS.
Specifiestheportfortheprotocol.
NOTE:ThisfieldisdisplayedonlywhenyouselecttheFormPOSToptionfromtheAuthenticationTypedrop-downlist.
FormPOSTPortEnterthepathoftheWebagent'ssign-inpage.
NOTE:Thepathmuststartwithabackslash(/)character.
IntheWebagentsign-inpageURL,thepathappearsaftertheWebagent.
Specifiesthepathofthesign-inpage.
NOTE:ThisfieldisdisplayedonlywhenyouselecttheFormPOSToptionfromtheAuthenticationTypedrop-downlist.
FormPOSTPathEnterthepostparameters.
CommonSiteMindervariablesthatyoucanuseinclude__USER__,__PASS__,and__TARGET__.
ThesevariablesarereplacedbytheusernameandpasswordenteredbytheuserontheWebagent'ssign-inpageandbythevaluespecifiedintheTargetfield.
Thesearethedefaultparametersforlogin.
fcc—ifyouhavemadecustomizations,youmayneedtochangetheseparameters.
Specifiesthepostparameterstobesentwhenausersignsin.
NOTE:ThisfieldisdisplayedonlywhenyouselecttheFormPOSToptionfromtheAuthenticationTypedrop-downlist.
FormPOSTParametersConfiguringaSecureAccesseTrustSiteMinderServerInstance(NSMProcedure)5Table1:SecureAccesseTrustSiteMinderConfigurationDetails(continued)YourActionFunctionOptionSelectSiteminderSettings>Authentication>AuthenticationType>DelegatetoaStandardAgentoptionfromtheAuthenticationTypedrop-downlist.
Delegatesauthenticationtoastandardagent.
WhentheuseraccessestheSecureAccessdevicesign-inpage,theSecureAccessdevicedeterminestheFCCURLassociatedwiththeprotectedresource'sauthenticationscheme.
TheSecureAccessdeviceredirectstheusertothatURL,settingtheSecureAccessdevicesign-inURLasthetarget.
Aftersuccessfullyauthenticatingwiththestandardagent,anSMSESSIONcookieissetintheuser'sbrowserandtheuserisredirectedbacktotheSecureAccessdevice.
TheSecureAccessdevicethenautomaticallysignsintheuserandestablishesaSecureAccesssession.
AuthenticationType>DelegatetoaStandardAgentSiteminderSettings>AuthorizationtabSelectSiteminderSettings>Authorization>AuthorizerequestsagainstSiteMinderpolicyserver.
UsesSiteMinderpolicyserverrulestoauthorizeuserWebresourcerequests.
Ifyouselectthisoption,makesurethatyoucreatetheappropriaterulesinSiteMinderthatstartwiththeservernamefollowedbyaforwardslash,suchas:"www.
yahoo.
com/","www.
yahoo.
com/*",and"www.
yahoo.
com/r/f1".
AuthorizerequestsagainstSiteMinderpolicyserver6ConfiguringaSecureAccesseTrustSiteMinderServerInstance(NSMProcedure)Table1:SecureAccesseTrustSiteMinderConfigurationDetails(continued)YourActionFunctionOptionEnteraURL.
SpecifiesanalternativeURLthatusersareredirectedtoiftheSecureAccessdevicefailstoauthorizeandnoredirectresponseisreceivedfromtheSiteMinderpolicyserver.
Ifyouleavethisfieldempty,usersarepromptedtosignbackintotheSecureAccessdevice.
NOTE:Ifyouareusinganauthorization-onlyaccesspolicy,youmustenteranalternativeURLinthisfieldregardlessofwhethertheAuthorizerequestsagainstSiteMinderpolicyserveroptionisselected.
UsersareredirectedtothisURLwhenanaccessdeniederroroccurs.
See"Definingauthorization-onlyaccesspolicies.
"Ifauthorizationfails,redirecttoEnteraURL.
SpecifiesaresourceontheWebagenttowhichtheSecureAccessdeviceredirectsuserswhentheydonothavetheappropriatepermissions.
ResourceforinsufficientprotectionlevelEntertheextensionsofeachfiletypethatyouwanttoignore,separatingeachwithacomma.
Forexample,enter.
gif,.
jpeg,.
jpg,.
bmptoignorevariousimagetypes.
Youcannotusewildcardcharacters(suchas*,*.
*,or.
*)toignorearangeoffiletypes.
Specifiesfileextensionscorrespondingtofiletypesthatdonotrequireauthorization.
IgnoreauthorizationforfileswithextensionsServerCatalog>ExpressionstabEnteraname.
SpecifiesanamefortheuserexpressionintheSiteMinderuserdirectory.
NameEnteravalue.
SpecifiesavaluefortheuserexpressionintheSiteMinderuserdirectory.
ValueServerCatalog>AttributestabEnteraname.
SpecifiesthenameoftheuserattributecookieintheSiteMinderuserdirectory.
NameConfiguringaSecureAccesseTrustSiteMinderServerInstance(NSMProcedure)7Table2:SecureAccesseTrustSiteMinderAdvancedConfigurationDetailsYourActionFunctionOptionSiteminderSettings>AdvancedtabEnterthepollintervalinseconds.
SpecifiestheintervalatwhichSecureAccessdevicepollstheSiteMinderpolicyservertocheckforanewkey.
PollInterval(seconds)Enteranumber.
ControlsthemaximumnumberofsimultaneousconnectionsthattheSecureAccessdeviceisallowedtomaketothepolicyserver.
NOTE:Thedefaultsettingis20.
MaximumAgentsEnteranumber.
ControlsthemaximumnumberofrequeststhatthepolicyserverconnectionhandlesbeforetheSecureAccessdeviceendstheconnection.
Ifnecessary,tunetoincreaseperformance.
NOTE:Thedefaultsettingis1000.
MaximumRequests/AgentEntertheIdletimeoutinminutes.
Controlsthemaximumnumberofminutesaconnectiontothepolicyservermayremainidle(theconnectionisnothandlingrequests)beforetheSecureAccessdeviceendstheconnection.
Thedefaultsettingof"none"indicatesnotimelimit.
IdleTimeout(minutes)SelectSiteminderSettings>Advanced>AuthorizewhileAuthenticating.
SpecifiesthattheSecureAccessdeviceshouldlookupuserattributesonthepolicyserverimmediatelyafterauthenticationtodetermineiftheuseristrulyauthenticated.
AuthorizewhileAuthenticating8ConfiguringaSecureAccesseTrustSiteMinderServerInstance(NSMProcedure)Table2:SecureAccesseTrustSiteMinderAdvancedConfigurationDetails(continued)YourActionFunctionOptionSiteminderSettings>AdvancedtabSelectSiteminderSettings>Advanced>EnableSessionGracePeriodtoenablethisfeature.
Youcaneliminatetheoverheadofverifyingauser'sSMSESSIONcookieeachtimetheuserrequeststhesameresourcebyindicatingthattheSecureAccessdeviceshouldconsiderthecookievalidforacertainperiodoftime.
Duringthatperiod,theSecureAccessdeviceassumesthatitscachedcookieisvalidratherthanrevalidatingitagainstthepolicyserver.
Notethatthevalueenteredheredoesnotaffectsessionoridletimeoutchecking.
Eliminatestheoverheadofverifyingauser'sSMSESSIONcookieeachtimetheuserrequeststhesameresourcebyindicatingthattheSecureAccessdeviceshouldconsiderthecookievalidforacertainperiodoftime.
Ifyoudonotselectthisoption,theSecureAccessdevicecheckstheuser'sSMSESSIONcookieoneachrequest.
EnableSessionGracePeriodEnterthetimeperiodinseconds.
SpecifiesthetimeperiodfortheSecureAccessdevicetoeliminatetheoverheadofverifyingauser'sSMSESSIONcookieeachtimetheuserrequeststhesameresourcebyindicatingthattheSecureAccessdeviceshouldconsiderthecookievalidforacertainperiodoftime.
Validatecookieevery(seconds)SelecttheIgnoreQueryDataoptiontoenablethisfeature.
SpecifiesthattheSecureAccessdevicedoesnotcachethequeryparameterinitsURLs.
Therefore,ifauserrequeststhesameresourceasisspecifiedinthecachedURL,therequestshouldnotfail.
IgnoreQueryDataEnterthevalue.
SpecifiesthatthevalueenteredinthisfieldmustmatchtheaccountingportvalueenteredthroughthePolicyServerManagementConsoleinthewebUI.
Bydefault,thisfieldmatchesthepolicyserver'sdefaultsettingof44441.
AccountingPortConfiguringaSecureAccesseTrustSiteMinderServerInstance(NSMProcedure)9Table2:SecureAccesseTrustSiteMinderAdvancedConfigurationDetails(continued)YourActionFunctionOptionSiteminderSettings>AdvancedtabEnteravalue.
ThevalueenteredinthisfieldmustmatchtheauthenticationportvalueenteredthroughthePolicyServerManagementConsole.
Bydefault,thisfieldmatchesthepolicyserver'sdefaultsettingof44442.
AuthenticationPortEnteravalue.
ThevalueenteredinthisfieldmustmatchtheauthorizationportvalueenteredthroughthePolicyServerManagementConsole.
Bydefault,thisfieldmatchesthepolicyserver'sdefaultsettingof44443.
AuthorizationPortRelatedTopicsConfiguringaSecureAccessCertificateServerInstance(NSMProcedure)ConfiguringaSecureAccessSAMLServerInstance(NSMProcedure)ConfiguringaSecureAccessAnonymousServerInstance(NSMProcedure)Published:2009-08-2010ConfiguringaSecureAccesseTrustSiteMinderServerInstance(NSMProcedure)
ToconfiguretheSiteMinderserverinstance:1.
IntheNSMnavigationtree,selectDeviceManager>Devices.
2.
ClicktheDeviceTreetab,andthendouble-clicktheSecureAccessdeviceforwhichyouwanttoconfigureeTrustSiteMinderserverinstance.
3.
ClicktheConfigurationtabandselectAuthentication>AuthServers.
Thecorrespondingworkspaceappears.
NOTE:Ifyouwanttoupdateanexistingserverinstance,clicktheappropriatelinkintheAuthServerNamebox,andperformtheSteps5through10.
4.
ClicktheNewbutton.
TheNewdialogboxappears.
5.
IntheAuthServerNamelist,specifyanametoidentifytheserverinstance.
6.
SelectSiteMinderServerfromtheAuthServerTypelist.
7.
ConfiguretheserverusingthesettingsdescribedinTable1.
8.
Clickone:OK—Savesthechanges.
Cancel—Cancelsthemodifications.
9.
SetadvancedSiteMinderconfigurationoptions(optional)usingthesettingsdescribedinTable2.
Table1:SecureAccesseTrustSiteMinderConfigurationDetailsYourActionFunctionOptionSiteminderSettings>BasicSettingstabEnteranameorIPaddress.
SpecifiesthenameorIPaddressoftheSiteMinderpolicyserver.
PolicyServerEnteracomma-delimitedlistofbackuppolicyservers(optional).
Specifiesalistofbackuppolicyservers(optional).
BackupServer(s)ConfiguringaSecureAccesseTrustSiteMinderServerInstance(NSMProcedure)1Table1:SecureAccesseTrustSiteMinderConfigurationDetails(continued)YourActionFunctionOptionSelectYes—SecureAccessdeviceusesthemainpolicyserverunlessitfails.
SelectNo—SecureAccessdeviceloadbalancesamongallthespecifiedpolicyservers.
AllowstheSecureAccessdevicetousethemainpolicyserverunlessitfails.
FailoverModeEnteranagentname.
NOTE:Sharedsecretandagentnamearecase-sensitive.
SpecifiestheSiteMinderagentname.
AgentNameEnterasharedsecretname.
NOTE:Sharedsecretandagentnamearecase-sensitive.
Specifiesthesharedsecret.
SecretSelecttheserverversionfromthedrop-downlist.
SpecifiesaSiteMinderserverversion.
Version5.
5supports5.
5and6.
0.
Version6.
0supportsonly6.
0oftheSiteMinderserverAPI.
Thedefaultvalueis5.
5policyservers.
CompatiblewithEnteraURL.
SpecifiesaURLtowhichusersareredirectedwhentheysignoutoftheSecureAccessdevice(optional).
Ifyouleavethisfieldempty,usersseethedefaultSecureAccessdevicesign-inpage.
Onlogout,redirecttoEnteraURL.
NOTE:Youmustenteraforwardslash(/)atthebeginningoftheresource(forexample,enter"/ive-authentication").
Specifiesadefaultprotectedresource.
Ifyoudonotcreatesign-inpoliciesforSiteMinder,theSecureAccessdeviceusesthisdefaultURLtosettheuser'sprotectionlevelforthesession.
TheSecureAccessdevicealsousesthisdefaultURLifyouselecttheAutomaticSign-Inoption.
ProtectedResourceSiteminderSettings>SMSESSIONcookiesettingstab2ConfiguringaSecureAccesseTrustSiteMinderServerInstance(NSMProcedure)Table1:SecureAccesseTrustSiteMinderConfigurationDetails(continued)YourActionFunctionOptionEnteraURLforthecookiedomain.
NOTE:Multipledomainsshouldusealeadingperiodandbecommaseparated.
Forexample:.
sales.
myorg.
com,.
marketing.
myorg.
com.
Domainnamesarecase-sensitive.
Youcannotusewildcardcharacters.
Forexample,ifyoudefine".
juniper.
net",theusermustaccesstheSecureAccessdeviceas"http://secureaccessdevice.
juniper.
net"toensurethathisSMSESSIONcookieissentbacktotheSecureAccessdevice.
SpecifiesthecookiedomainoftheSecureAccessdevice.
CookieDomainEnteraURL.
Specifiestheinternetdomain(s)towhichtheSecureAccessdevicesendstheSMSESSIONcookieusingthesameguidelinesoutlinedfortheCookieDomainfield.
IVECookieDomainSelecttheprotocolfromthedrop-downlist:HTTPS—SendscookiessecurelyifotherWebagentsaresetuptoacceptsecurecookies.
HTTP—Sendscookiesnonsecurely.
Sendscookiessecurelyandnonsecurely.
ProtocolSiteminderSettings>AuthenticationtabSelecttheAutomaticSign-Inoptiontoenablethisfeature.
AllowsuserswithavalidSMSESSIONtoautomaticallysignintotheSecureAccessdevice.
AutomaticSign-InSelectanauthenticationrealmfromthedrop-downlist.
Specifiesanauthenticationrealmforautomaticallysigned-inusers.
TheSecureAccessdevicemapstheusertoarolebasedontherolemappingrulesdefinedintheselectedrealm.
AutomaticSignInrealmtouseConfiguringaSecureAccesseTrustSiteMinderServerInstance(NSMProcedure)3Table1:SecureAccesseTrustSiteMinderConfigurationDetails(continued)YourActionFunctionOptionEnteraURL.
SpecifiesanalternateURLforuserswhosignintotheSecureAccessdevicethroughtheAutomaticSign-Inmechanism.
TheSecureAccessdeviceredirectsuserstothespecifiedURLiftheSecureAccessdevicefailstoauthenticateandnoredirectresponseisreceivedfromtheSiteMinderpolicyserver.
Ifyouleavethisfieldempty,usersarepromptedtosignbackintotheSecureAccessdevice.
NOTE:Userswhosigninthroughthesign-inpagearealwaysredirectedbacktotheSecureAccessdevicesign-inpageifauthenticationfails.
IfAutomaticSignInfails,redirecttoSelectSiteminderSettings>Authentication>AuthenticationType>CustomAgentoptionfromtheAuthenticationTypedrop-downlist.
AuthenticatesusingtheSecureAccessdevicecustomWebagent.
AuthenticationType>CustomAgentSelectSiteminderSettings>Authentication>AuthenticationType>FormPOSToptionfromtheAuthenticationTypedrop-downlisttoallowtheWebagenttocontactthepolicyservertodeterminetheappropriatesign-inpagetodisplaytotheuser.
PostsusercredentialstoastandardWebagentthatyouhavealreadyconfiguredratherthancontactingtheSiteMinderpolicyserverdirectly.
AuthenticationType>FormPOSTEnterthetargetURL.
SpecifiesthetargetURL.
NOTE:Theformposttarget,formpostprotocol,formpostWebagent,formpostport,formpostpath,andformpostparametersfieldaredisplayedonlywhenyouselectFormPOSToptionfromtheAuthenticationtypedropdownlist.
FormPOSTTarget4ConfiguringaSecureAccesseTrustSiteMinderServerInstance(NSMProcedure)Table1:SecureAccesseTrustSiteMinderConfigurationDetails(continued)YourActionFunctionOptionSelecttheprotocolfromthedrop-downlist:HTTP—Fornonsecurecommunication.
HTTPS—Forsecurecommunication.
AllowsyoutospecifytheprotocolforcommunicationbetweenIVEandthespecifiedWebagent.
NOTE:ThisfieldisdisplayedonlywhenyouselecttheFormPOSToptionfromtheAuthenticationTypedrop-downlist.
FormPOSTProtocolEnterthenameofthewebagent.
SpecifiesthenameoftheWebagentfromwhichtheSecureAccessdeviceistoobtainSMSESSIONcookies.
NOTE:ThisfieldisdisplayedonlywhenyouselectFormPOSToptionfromtheAuthenticationTypedrop-downlist.
FormPOSTWebagentEnterport80forHTTPorport443forHTTPS.
Specifiestheportfortheprotocol.
NOTE:ThisfieldisdisplayedonlywhenyouselecttheFormPOSToptionfromtheAuthenticationTypedrop-downlist.
FormPOSTPortEnterthepathoftheWebagent'ssign-inpage.
NOTE:Thepathmuststartwithabackslash(/)character.
IntheWebagentsign-inpageURL,thepathappearsaftertheWebagent.
Specifiesthepathofthesign-inpage.
NOTE:ThisfieldisdisplayedonlywhenyouselecttheFormPOSToptionfromtheAuthenticationTypedrop-downlist.
FormPOSTPathEnterthepostparameters.
CommonSiteMindervariablesthatyoucanuseinclude__USER__,__PASS__,and__TARGET__.
ThesevariablesarereplacedbytheusernameandpasswordenteredbytheuserontheWebagent'ssign-inpageandbythevaluespecifiedintheTargetfield.
Thesearethedefaultparametersforlogin.
fcc—ifyouhavemadecustomizations,youmayneedtochangetheseparameters.
Specifiesthepostparameterstobesentwhenausersignsin.
NOTE:ThisfieldisdisplayedonlywhenyouselecttheFormPOSToptionfromtheAuthenticationTypedrop-downlist.
FormPOSTParametersConfiguringaSecureAccesseTrustSiteMinderServerInstance(NSMProcedure)5Table1:SecureAccesseTrustSiteMinderConfigurationDetails(continued)YourActionFunctionOptionSelectSiteminderSettings>Authentication>AuthenticationType>DelegatetoaStandardAgentoptionfromtheAuthenticationTypedrop-downlist.
Delegatesauthenticationtoastandardagent.
WhentheuseraccessestheSecureAccessdevicesign-inpage,theSecureAccessdevicedeterminestheFCCURLassociatedwiththeprotectedresource'sauthenticationscheme.
TheSecureAccessdeviceredirectstheusertothatURL,settingtheSecureAccessdevicesign-inURLasthetarget.
Aftersuccessfullyauthenticatingwiththestandardagent,anSMSESSIONcookieissetintheuser'sbrowserandtheuserisredirectedbacktotheSecureAccessdevice.
TheSecureAccessdevicethenautomaticallysignsintheuserandestablishesaSecureAccesssession.
AuthenticationType>DelegatetoaStandardAgentSiteminderSettings>AuthorizationtabSelectSiteminderSettings>Authorization>AuthorizerequestsagainstSiteMinderpolicyserver.
UsesSiteMinderpolicyserverrulestoauthorizeuserWebresourcerequests.
Ifyouselectthisoption,makesurethatyoucreatetheappropriaterulesinSiteMinderthatstartwiththeservernamefollowedbyaforwardslash,suchas:"www.
yahoo.
com/","www.
yahoo.
com/*",and"www.
yahoo.
com/r/f1".
AuthorizerequestsagainstSiteMinderpolicyserver6ConfiguringaSecureAccesseTrustSiteMinderServerInstance(NSMProcedure)Table1:SecureAccesseTrustSiteMinderConfigurationDetails(continued)YourActionFunctionOptionEnteraURL.
SpecifiesanalternativeURLthatusersareredirectedtoiftheSecureAccessdevicefailstoauthorizeandnoredirectresponseisreceivedfromtheSiteMinderpolicyserver.
Ifyouleavethisfieldempty,usersarepromptedtosignbackintotheSecureAccessdevice.
NOTE:Ifyouareusinganauthorization-onlyaccesspolicy,youmustenteranalternativeURLinthisfieldregardlessofwhethertheAuthorizerequestsagainstSiteMinderpolicyserveroptionisselected.
UsersareredirectedtothisURLwhenanaccessdeniederroroccurs.
See"Definingauthorization-onlyaccesspolicies.
"Ifauthorizationfails,redirecttoEnteraURL.
SpecifiesaresourceontheWebagenttowhichtheSecureAccessdeviceredirectsuserswhentheydonothavetheappropriatepermissions.
ResourceforinsufficientprotectionlevelEntertheextensionsofeachfiletypethatyouwanttoignore,separatingeachwithacomma.
Forexample,enter.
gif,.
jpeg,.
jpg,.
bmptoignorevariousimagetypes.
Youcannotusewildcardcharacters(suchas*,*.
*,or.
*)toignorearangeoffiletypes.
Specifiesfileextensionscorrespondingtofiletypesthatdonotrequireauthorization.
IgnoreauthorizationforfileswithextensionsServerCatalog>ExpressionstabEnteraname.
SpecifiesanamefortheuserexpressionintheSiteMinderuserdirectory.
NameEnteravalue.
SpecifiesavaluefortheuserexpressionintheSiteMinderuserdirectory.
ValueServerCatalog>AttributestabEnteraname.
SpecifiesthenameoftheuserattributecookieintheSiteMinderuserdirectory.
NameConfiguringaSecureAccesseTrustSiteMinderServerInstance(NSMProcedure)7Table2:SecureAccesseTrustSiteMinderAdvancedConfigurationDetailsYourActionFunctionOptionSiteminderSettings>AdvancedtabEnterthepollintervalinseconds.
SpecifiestheintervalatwhichSecureAccessdevicepollstheSiteMinderpolicyservertocheckforanewkey.
PollInterval(seconds)Enteranumber.
ControlsthemaximumnumberofsimultaneousconnectionsthattheSecureAccessdeviceisallowedtomaketothepolicyserver.
NOTE:Thedefaultsettingis20.
MaximumAgentsEnteranumber.
ControlsthemaximumnumberofrequeststhatthepolicyserverconnectionhandlesbeforetheSecureAccessdeviceendstheconnection.
Ifnecessary,tunetoincreaseperformance.
NOTE:Thedefaultsettingis1000.
MaximumRequests/AgentEntertheIdletimeoutinminutes.
Controlsthemaximumnumberofminutesaconnectiontothepolicyservermayremainidle(theconnectionisnothandlingrequests)beforetheSecureAccessdeviceendstheconnection.
Thedefaultsettingof"none"indicatesnotimelimit.
IdleTimeout(minutes)SelectSiteminderSettings>Advanced>AuthorizewhileAuthenticating.
SpecifiesthattheSecureAccessdeviceshouldlookupuserattributesonthepolicyserverimmediatelyafterauthenticationtodetermineiftheuseristrulyauthenticated.
AuthorizewhileAuthenticating8ConfiguringaSecureAccesseTrustSiteMinderServerInstance(NSMProcedure)Table2:SecureAccesseTrustSiteMinderAdvancedConfigurationDetails(continued)YourActionFunctionOptionSiteminderSettings>AdvancedtabSelectSiteminderSettings>Advanced>EnableSessionGracePeriodtoenablethisfeature.
Youcaneliminatetheoverheadofverifyingauser'sSMSESSIONcookieeachtimetheuserrequeststhesameresourcebyindicatingthattheSecureAccessdeviceshouldconsiderthecookievalidforacertainperiodoftime.
Duringthatperiod,theSecureAccessdeviceassumesthatitscachedcookieisvalidratherthanrevalidatingitagainstthepolicyserver.
Notethatthevalueenteredheredoesnotaffectsessionoridletimeoutchecking.
Eliminatestheoverheadofverifyingauser'sSMSESSIONcookieeachtimetheuserrequeststhesameresourcebyindicatingthattheSecureAccessdeviceshouldconsiderthecookievalidforacertainperiodoftime.
Ifyoudonotselectthisoption,theSecureAccessdevicecheckstheuser'sSMSESSIONcookieoneachrequest.
EnableSessionGracePeriodEnterthetimeperiodinseconds.
SpecifiesthetimeperiodfortheSecureAccessdevicetoeliminatetheoverheadofverifyingauser'sSMSESSIONcookieeachtimetheuserrequeststhesameresourcebyindicatingthattheSecureAccessdeviceshouldconsiderthecookievalidforacertainperiodoftime.
Validatecookieevery(seconds)SelecttheIgnoreQueryDataoptiontoenablethisfeature.
SpecifiesthattheSecureAccessdevicedoesnotcachethequeryparameterinitsURLs.
Therefore,ifauserrequeststhesameresourceasisspecifiedinthecachedURL,therequestshouldnotfail.
IgnoreQueryDataEnterthevalue.
SpecifiesthatthevalueenteredinthisfieldmustmatchtheaccountingportvalueenteredthroughthePolicyServerManagementConsoleinthewebUI.
Bydefault,thisfieldmatchesthepolicyserver'sdefaultsettingof44441.
AccountingPortConfiguringaSecureAccesseTrustSiteMinderServerInstance(NSMProcedure)9Table2:SecureAccesseTrustSiteMinderAdvancedConfigurationDetails(continued)YourActionFunctionOptionSiteminderSettings>AdvancedtabEnteravalue.
ThevalueenteredinthisfieldmustmatchtheauthenticationportvalueenteredthroughthePolicyServerManagementConsole.
Bydefault,thisfieldmatchesthepolicyserver'sdefaultsettingof44442.
AuthenticationPortEnteravalue.
ThevalueenteredinthisfieldmustmatchtheauthorizationportvalueenteredthroughthePolicyServerManagementConsole.
Bydefault,thisfieldmatchesthepolicyserver'sdefaultsettingof44443.
AuthorizationPortRelatedTopicsConfiguringaSecureAccessCertificateServerInstance(NSMProcedure)ConfiguringaSecureAccessSAMLServerInstance(NSMProcedure)ConfiguringaSecureAccessAnonymousServerInstance(NSMProcedure)Published:2009-08-2010ConfiguringaSecureAccesseTrustSiteMinderServerInstance(NSMProcedure)
- resourceaccessdenied相关文档
- Repositoriesaccessdenied
- 网关accessdenied
- mainaccessdenied
- networksaccessdenied
- 口罩accessdenied
- Remoteaccessdenied
天上云月付572元,起香港三网CN2直连,独立服务器88折优惠,香港沙田机房
天上云怎么样?天上云隶属于成都天上云网络科技有限公司,是一家提供云服务器及物理服务器的国人商家,目前商家针对香港物理机在做优惠促销,香港沙田机房采用三网直连,其中电信走CN2,带宽为50Mbps,不限制流量,商家提供IPMI,可以自行管理,随意安装系统,目前E3-1225/16G的套餐低至572元每月,有做大规模业务的朋友可以看看。点击进入:天上云官方网站天上云香港物理机服务器套餐:香港沙田数据中...
DMIT:美国cn2 gia线路vps,高性能 AMD EPYC/不限流量(Premium Unmetered),$179.99/月起
DMIT怎么样?DMIT最近动作频繁,前几天刚刚上架了日本lite版VPS,正在酝酿上线日本高级网络VPS,又差不多在同一时间推出了美国cn2 gia线路不限流量的美国云服务器,不过价格太过昂贵。丐版只有30M带宽,月付179.99美元 !!目前,美国云服务器已经有个4个套餐,分别是,Premium(cn2 gia线路)、Lite(普通直连)、Premium Secure(带高防的cn2 gia线...
限时新网有提供5+个免费域名
有在六月份的时候也有分享过新网域名注册商发布的域名促销活动(这里)。这不在九月份发布秋季域名促销活动,有提供年付16元的.COM域名,同时还有5个+的特殊后缀的域名是免费的。对于新网服务商是曾经非常老牌的域名注册商,早年也是有在他们家注册域名的。我们可以看到,如果有针对新用户的可以领到16元的.COM域名。包括还有首年免费的.XYZ、.SHOP、Space等等后缀的域名。除了.COM域名之外的其他...
accessdenied为你推荐
-
操作http企业cmscms是什么centos6.5centos 6.5服务器基本配置有哪些重庆网络公司一九互联重庆畅融科技有限公司怎么样?德国iphone禁售令苹果在中国禁售了?说说看德国iphone禁售令苹果手机禁售了 我想问问 这两天刚买的8p现在禁售了 我是赔手里了还是没啥事 是幸运的还是倒霉的德国iphone禁售令有人说苹果手机从2017年开始,中国禁售了重庆网站制作请问一下重庆网站建设哪家公司做得好,价格又便宜哦?本公司www资费标准电信4G套餐?