Configuring Protected Resources - Novell ACCESS MANAGER 3.1 SP2 - ACCESS GATEWAY GUIDE 2010 Manual

9 To delete a Web server, select the Web server, then click Delete.
This deletes the Web server from the list so that the Access Gateway no longer sends requests
to the deleted Web server. At least one Web server must remain in the list. You must delete the
proxy service to remove the last server in the list.
10 To save your changes to browser cache, click OK.
11 To apply your changes, click the Access Gateways link, then click Update > OK.

1.3 Configuring Protected Resources

A protected resource configuration specifies the directory (or directories) on the Web server that you
want to protect. The protected resource configuration specifies the authorization procedures and the
policies that should be used to enforce protection. The authentication procedures and the policies
(Authorization, Identity Injection, and Form Fill) enable the single sign-on environment for the user.
The type of protection a resource requires depends upon the resource, the Web server, and the
conditions you define for the resource.
You can select from the following types of protection:
Authentication Procedures: Specifies the type of credentials the user must use to log in (such as
name and password or secure name and password). You can select None for the procedure, which
allows the resource to be a public resource, with no login required.
In addition to selecting the contract, you can also configure how the authentication procedure
handles subsequent authentication requests from an application.
Authorization Policy: Specifies the conditions a user must meet to be allowed access to a protected
resource. You define the conditions, and the Access Gateway enforces the Authorization policies.
For example, you can assign roles to your users, and use these roles to grant and deny access to
resources.
Identity Injection Policy: Specifies the information that must be injected into the HTTP header. If
the Web application has been configured to look for certain fields in the header and the information
cannot be found, the Web application determines whether the user is denied access or redirected.
The Web application defines the requirements for Identity Injection. The Identity Injection policies
allow you to inject the required information into the header.
Form Fill Policy: Allows you to manage forms that Web servers return in response to client
requests. Form fill allows you to prepopulate fields in a form on first login and then securely save
the information in the completed form to a secret store for subsequent logins. The user is prompted
to reenter the information only when something changes, such as a password.
These policies allow you to design a custom access policy for each protected resource:
Resources that share the same protection requirements can be configured as a group. You set up
the policies, and then add the URLs of each resource that requires these policies.
A resource that has specialized protection requirements can be set up as a single protected
resource. For example, a page that uses Form Fill is usually set up as a single protected
resource.
24 Novell Access Manager 3.1 SP2 Access Gateway Guide