A protected resource configuration specifies the directory (or directories) on the web server that you want to protect. The protected resource configuration specifies the authorization procedures and the policies that must be used to enforce protection. The authentication procedures and the policies (Authorization, Identity Injection, and Form Fill) enable the single sign-on environment for the user. The type of protection a resource requires depends upon the resource, the web server, and the conditions you define for the resource.
You can select from the following types of protection:
Authentication Procedures: Specifies the type of credentials the user must use to log in (such as name and password or secure name and password). You can select None for the procedure, which allows the resource to be a public resource, with no login required.
In addition to selecting the contract, you can also configure how the authentication procedure handles subsequent authentication requests from an application.
Authorization Policy: Specifies the conditions a user must meet to be allowed access to a protected resource. You define the conditions, and Access Gateway enforces the Authorization policies. For example, you can assign roles to your users, and use these roles to grant and deny access to resources.
Identity Injection Policy: Specifies the information that must be injected into the HTTP header. If the web application has been configured to look for certain fields in the header and the information cannot be found, the web application determines whether the user is denied access or redirected. The web application defines the requirements for Identity Injection. The Identity Injection policies allow you to inject the required information into the header.
Form Fill Policy: Allows you to manage forms that web servers return in response to client requests. Form fill allows you to prepopulate fields in a form on first login and then securely save the information in the completed form to a secret store for subsequent logins. The user is prompted to reenter the information only when something changes, such as a password.
These policies allow you to design a custom access policy for each protected resource:
Resources that share the same protection requirements can be configured as a group. You set up the policies, and then add the URLs of each resource that requires these policies.
A resource that has specialized protection requirements can be set up as a single protected resource. For example, a page that uses Form Fill is usually set up as a single protected resource.
After configuring a protected resource, you can bookmark it. You cannot bookmark a login page that is used in a federation setup.
To configure a protected resource:
Click Devices > Access Gateways > Edit > [Name of Reverse Proxy] > [Name of Domain-Based Proxy Service or Primary Proxy Service] > Protected Resources.
The Resource View of the Protected Resource List is used to create new protected resources or manage existing protected resources. The Policy View is used to see which policies are being used by multiple protected resources. For more information about the Policy View, see Assigning a Policy to Multiple Protected Resources.
Select one of the following actions:
New: To create a new protected resource, click this option and specify a display name for the resource. For configuration information, see Setting Up a Protected Resource.
Delete: To delete a protected resource, select a protected resource, then click Delete.
Enable: To enable a resource so that Access Gateway protects it, select a protected resource, then click Enable.
Disable: To disable protection for a resource, select a protected resource, then click Disable. After a resource is disabled, its path no longer has special protection. For example, you can set up a resource that allows access to all pages (for example /*) and another resource with special protection for a subpath. If you disable the subpath, make sure the security requirements of the /* resource are sufficient for the subpath.
Also, when a protected resource is disabled, the resource no longer shows up in the Path List for a path-based multi-homing proxy.
Select the name of a protected resource to perform the following tasks: