Click Access Gateways > Edit > [Name of Reverse Proxy] > [Name of Proxy Service] > Protected Resources.
Click the name of an existing resource or click New and specify a display name for the resource.
(Optional) Specify a description for the protected resource. You can use it to briefly describe the purpose for protecting this resource.
Select the type of contract to use for the authentication procedure. The contract determines the information a user must supply for authentication. By default, Administration Console allows you to select from the following contracts and options when specifying whether a resource requires an authentication contract:
None: If you want to allow public access to the resource and not require an authentication contract, select None.
Any Contract: If the user has authenticated, this option allows any contract defined for Identity Server to be valid, or if the user has not authenticated, it prompts the user to authenticate, using the default contract assigned to Identity Server configuration.
Name/Password - Basic: Specifies basic authentication over HTTP, using a standard login pop-up provided by the web browser.
Name/Password - Form: Specifies a form-based authentication over HTTP or HTTPS, using the Access Manager login form.
Secure Name/Password - Basic: Specifies basic authentication over HTTPS, using a standard login pop-up provided by the web browser.
Secure Name/Password - Form: Specifies a form-based authentication over HTTPS, using the Access Manager login form.
The contract also determines the session timeout for inactive connections. If you have some resources that need to time out quickly to protect sensitive data and other resources that don’t need this kind of protection, you need to configure contracts for these resources. For more information about this feature, see Assigning a Timeout Per Protected Resource.
If no contracts are available, you have not configured a relationship between Access Gateway and Identity Server. See Managing Reverse Proxies and Authentication.
(Conditional) To modify how the authentication procedures are handled for a specific resource and contract, click the Edit Authentication Procedures icon.
For more information, see Configuring an Authentication Procedure for Non-Redirected Login.
Configure the URL Path.
The default path is /*, which indicates everything on the web server. Modify this if you need to restrict access to a specific directory on your web server.
If you have multiple directories on your web server that require the same authentication contract and access control, add each directory as a URL path.
New: To add a path, click New, specify the path, then click OK. For example, to allow access to all the pages in the public directory on the web server, specify the following path:
/public/*
To allow access to all the files in a directory, but not to the subdirectories and their files, specify the following:
/?
/public/?
The /? allows access to the root directory, but not the subdirectories. The /public/? allows access to the files in the public directory, but not the subdirectories.
To allow access to files of a specific type, specify the following:
/public/*.pdf
This allows access to all the files in the public directory that have a PDF extension. Access to other file types and subdirectories is denied.
To use this protected resource to protect a single page, specify the path and the filename. For example, to protect the login.html page in the /login directory, specify the following:
/login/login.html
This is the type of URL path you want to specify when you create a Form Fill policy for a protected resource. The URL Path List normally contains only this one entry. If you have multiple pages that the Form Fill policy applies to, list each one separately in the list. For optimum speed, you want Access Gateway to be able to quickly identify the page and not search other pages to see if the policy applies to them.
For more information about how a user’s request is matched to a protected resource, see Understanding URL Path Matching.
For information about using a query string, see Using a Query String in the URL Path.
Modify: To modify a path, click the path link, then modify the URL Path.
Delete: To delete a path, select the path, then click Delete.
Click OK.
In the Protected Resource List, ensure that the protected resource you created is enabled.
(Optional) To add policies for protecting this resource, continue with one of the following:
To apply your changes, click the Access Gateways link, then click Update > OK.