|   | |
| Sun Java System Portal Server Secure Remote Access 6 2005Q1 Administration Guide | |
Chapter 8
Configuring URL Access ControlThis chapter describes how to allow or deny access to the end user from the Sun Java System Access Manager administration console.
To Configure URL Access Control
From here you can perform the following tasks:
Set up a Denied URLs ListYou can specify the list of URLs that end users cannot access through the Gateway using this field.
The Gateway checks the Denied URLs list before checking the Allowed URLs list.
To Set up the Denied URL List
- Log in to the Access Manager administration console as administrator.
- Select the Service Configuration tab.
- Click the arrow next to Access List under SRA Configuration.
The Access List page is displayed.
- Specify the URL for which you want to deny access through the Gateway in the Denied URL field. The format for entering the URL is:
http://abc.siroe.com
- Click Add.
The URL is added to the Denied URL List.
You can also use regular expressions such as http://*.siroe.com. In this case, users are denied access to all hosts in the siroe.com domain.
- Click Save to record the changes.
Set up a Allowed URLs ListYou can specify all the URLs that can be accessed by the end user through the Gateway. By default, this list has a wild card entry (*), which means that all URLs can be accessed. If you want to allow access to all URLs, and restrict access only to specific URLs, add the restricted URLs to the Denied URL list. In the same way, if you want to allow access only to specific URLs, leave the Denied URLs field blank, and specify the required URLs in the Allowed URLs field.
The Gateway checks the Denied URLs before checking the Allowed URLs.
To Set up the Allowed URLs List
- Log in to the Access Manager administration console as administrator.
- Select the Service Configuration tab.
- Click the arrow next to Access List under SRA Configuration.
The Access List page is displayed.
- Specify the URL for which you want to allow access through the Gateway in the Allowed URLs field. The format for entering the URL is:
http://abc.siroe.com
- Click Add.
The URL is added to the Allow URLs.
Note
The Allowed URLs field has a * by default which means that all URLs can be accessed through the Gateway.
- Click Save to record the changes.
Manage Single Sign-OnThe Access List service in SRA software allows you to control the single sign-on feature for various hosts. For the single sign-on feature to be available, the Enable HTTP Basic Authentication option in the Gateway service must be enabled. See Enable HTTP and HTTPS Connections.
With the Access List service, you can disable single sign-on for certain hosts. This means that an end user needs to authenticate each time to connect to the hosts that require HTTP basic authentication, unless you enable single sign-on per session.
If you have disabled single sign-on for a certain host, the user can reconnect to that host within a single Portal Server session. For example, assume that you have disabled single sign-on to abc.sesta.com. The first time the user connects to this site, authentication is required. The user may browse other pages and return to this page later, and if the page is in the same Portal Server session, authentication is not required.
A user can also configure these attributes using the limited administration console.
To Disable Single Sign On for Hosts
- Log in to the Access Manager administration console as administrator.
- Select the Service Configuration tab.
- Click the arrow next to Access List under SRA Configuration.
The Access List page is displayed.
- Specify the hosts for which you want to disable SSO in the SSO Disabled Hosts field.
Specify the host name in the format abc.siroe.com.
- Click Add.
The hostname is added to the list.
- Click Save to record the changes.
To Enable Single Sign On per Session
- Log in to the Access Manager administration console as administrator.
- Select the Service Configuration tab.
- Click the arrow next to Access List under SRA Configuration.
The Access List page is displayed.
- Select the Enable Single Sign On per Session checkbox to enable a single-sign on session.
- Click Save to record the changes.
To Specify Authentication Levels
- Log in to the Access Manager administration console as administrator.
- Select the Service Configuration tab.
- Click the arrow next to Access List under SRA Configuration.
The Access List page is displayed.
- Scroll to the Allowed Authentication Levels field.
- Enter the allowed authentications. Use an asterisk to allow all levels.
- Click Save to record the changes.