Configure the following fields:
Name:
Enter an appropriate name for the filter.
Agent Name:
Select a previously configured agent to connect to SiteMinder in the
Agent Name field. This name must
correspond with the name of an agent previously configured in the
SiteMinder Policy Server.
At runtime, the Enterprise Gateway connects as this agent to a running instance of
SiteMinder. For details on how to configure a SiteMinder connection, see the
SiteMinder/SOA Security Manager
Connection topic.
Resource:
Enter the name of the protected resource for which the end-user must be
authenticated. You can enter a property representing a message attribute,
which is expanded to a value at runtime. Properties have the following format:
For example, to specify the original path on which the request was
received by the Enterprise Gateway as the resource, enter the following
property:
Action:
The end-user must be authenticated for a specific action on the protected
resource. By default, this action is taken from the HTTP verb used in the
incoming request. You can use the following property to get the HTTP verb:
Alternatively, any user-specified value can be entered.
Single Sign-On Token:
When a client has been authenticated for a given resource, SiteMinder can
generate a single sign-on token and return it to the
client. The client can then pass this token with future requests to the
Enterprise Gateway. When the Enterprise Gateway receives such a request, it can validate
the token using the SiteMinder Session Validation filter to
authenticate the client. In other words, the client is authenticated for the
entire lifetime of the token. As long as the token is still valid, the
Enterprise Gateway does not need to authenticate the client against SiteMinder for
every request, which increases throughput considerably.
In this section, you can instruct SiteMinder to generate a single sign-on token.
The Enterprise Gateway can then store this token in a user-specified message attribute.
By default, the token is stored in the siteminder.session
message attribute.
Typically, the token is copied to the attribute.lookup.list
message attribute using the Copy / Modify Attributes filter,
before being inserted into a SAML attribute statement using the Insert
SAML Attribute Assertion filter. The attribute statement is then returned
to the client for use in subsequent requests.
Select the Create single sign-on token checkbox to
instruct SiteMinder to generate the single sign-on token. Enter the
name of the message attribute where the token is stored in the field
provided.
|