CA API Gateway 9.1

9.4 9.1

Check Protected Resource Against CA Single Sign-On Assertion

The Check Protected Against CA Single Sign-On assertion is used to determine whether the specified resource (URL) is protected via a CA Single Sign-On Policy Server, and then it establishes the authentication method for the later in the policy.
gateway93
The
Check Protected Against CA Single Sign-On
 assertion is used to determine whether the specified resource (URL) is protected via a CA Single Sign-On Policy Server, and then it establishes the authentication method for the Authenticate Against CA Single Sign-On Assertion later in the policy.
For a description of the context variables that this assertion can set or use, see CA Single Sign-On Context Variables.
To learn about selecting the target message for this assertion, see Select a Target Message.
Using the Assertion
  1. Do one of the following:
    • To add the assertion to the Policy Development window, see Adding an Assertion.
    • To change the configuration of an existing assertion, proceed to step 2 below.
  2. When adding the assertion, the
    CA Single Sign-On Check Protected Resource Properties
    automatically appears; when modifying the assertion, right-click
    Check Protected Resource Against CA Single Sign-On <prefix>, agent <SM configuration name>
    in the policy window and choose
    CA Single Sign-On Check Protected Resource Properties
     or double-click the assertion in the policy window. The properties dialog appears.
  3. Configure the properties as follows. All fields are required.
    Setting
    Description
    Configuration Name
    Choose the configuration to use from the drop-down list. These configurations are defined using the Manage CA Single Sign-On Configurations task.
    Agent
    Enter the name of the CA Single Sign-On agent associated with the resource. The CA Single Sign-On administrator can provide you with the name. You may reference context variables.
    Protected Resource
    Enter the name of the resource being protected by the CA Single Sign-On Policy Server. You may reference context variables.
    Action
    Choose an action for the Web Agent from the drop-down list:
    GET
    POST
    PUT
    Other actions may be available, depending on the CA Single Sign-On Policy Server Rule associated with the domain of the protected resource. You may specify a context variable in lieu of choosing from the drop-down list. This field is blank by default.
    Source IP Address
    Optionally, specify the source IP address that is used in the authentication/authorization procedure. You may reference context variables.
    (1) If a source IP is not specified, then the client's remote address from the target message is used. If this remote address is null, then the value of the Address field from the CA Single Sign-On Configuration Properties is used instead. (2) The source IP address is ignored if the IP Check check box in the the CA Single Sign-On Configuration Properties is not selected.
    Agent Configuration Object
    Optionally, specify a name to fetch the agent configuration object (ACO) details from the CA SSO policy server and make it available at Gateway's policy.
    CA Single Sign-On Variable Prefix
    Enter a prefix that will be added to the context variables created by this assertion. This prefix will ensure uniqueness and will prevent the variables from overwriting each other when multiple instances of this assertion appear in a policy.
    For a list of the variables set by this assertion, see CA Single Sign-On Context Variables.
  4. Click [
    OK
    ] when done.

Content feedback and comments