Sun Java System Portal Server Secure Remote Access 7.2 Administration Guide

Configuring Access Control

You can specify the list of URLs that end users cannot access through the Gateway using this field. The Gateway checks the Denied URLs list before checking the Allowed URLs list.

You can specify all the URLs that can be accessed by the end user through the Gateway. By default, this list has a wild card entry (*), which means that all URLs can be accessed. If you want to allow access to all URLs, and restrict access only to specific URLs, add the restricted URLs to the Denied URL list. In the same way, if you want to allow access only to specific URLs, leave the Denied URLs field blank, and specify the required URLs in the Allowed URLs field.

The Access Control service in SRA software allows you to control the single sign-on feature for various hosts. For the single sign-on feature to be available, the Enable HTTP Basic Authentication option in the Gateway service must be enabled..

With the Access Control service, you can disable single sign-on for certain hosts. This means that an end user needs to authenticate each time to connect to the hosts that require HTTP basic authentication, unless you enable single sign-on per session.

If you have disabled single sign-on for a certain host, the user can reconnect to that host within a single Portal Server session. For example, assume that you have disabled single sign-on to abc.sesta.com. The first time the user connects to this site, authentication is required. The user may browse other pages and return to this page later, and if the page is in the same Portal Server session, authentication is not required.

To Configure the Access Control

Log onto the Portal Server administration console as administrator.

Select the Secure Remote Access tab.

Select the Access Control tab.

Modify the following attributes:

Attribute Name	Description
COS Priority	Specifies the value used to determine the inheritance of the attribute value. For more information on this attribute, see the Sun Java System Directory Server Administration Guide.
Single Sign On per Session	Select the Enable checkbox to enable a single-sign on session.
Single Sign On Disabled Hosts	Enter the host name in the format `abc.siroe.com`.
Allowed Authentication Levels	Enter the allowed authentication levels. Use an asterisk to allow all levels. The default value is asterisk.
Allow/Deny access to URL's	Enter the URL to allow or deny access through the Gateway in the in the URL field. The format for entering the URL is: `http://abc.siroe.com`. Under Action drop down list, click the appropriate Allow or Deny option. You can also use regular expressions such as `http://.siroe.com`. In this case, users are denied access to all hosts in the `siroe.com` domain. The Gateway first checks the URLs that have been denied access before checking the allowed URLs list. Note –* The Allowed URLs field has a * by default which means that all URLs can be accessed through the Gateway.

Note –

When you install SRA, the Access Control l service is not available to all users by default. This service is enabled only to the amadmin user that is created by default during installation. Other users cannot access the desktop through the Gateway without this service. Log in as amadmin, and assign this service to all the users.

Click Save to complete.