Creating a protected object policy

Edit online

About this task

Complete the following steps:

Procedure

  1. Create a POP. For example, use pdadmin to create a new POP named test:
    pdadmin> pop create test
  2. Display the contents of the new POP:
    pdadmin> pop show test

    The new POP contains new settings similar to the following:

    pdadmin> pop show test
       Protected object policy:  test
       Description:
       Warning:  no 
       Audit level: none
       Quality of protection:  none
       Time of day access: sun, mon, tue, wed, thu, fri, sat:
          anytime:local 
       IP Endpoint Authentication Method Policy
          Any Other Network 0
  3. Note the default values in the POP for the attribute IP Endpoint Authentication Method Policy. 
    ... 
... 
IP Endpoint Authentication Method Policy
           Any Other Network 0 
...
    The IP Endpoint Authentication Method Policy attribute is used to specify two different attributes:
    • Authentication strength level.

      The default value is 0.

    • Network-based access policy.

      The default value is Any Other Network.

  4. Use pdadmin pop modify to modify the IP Endpoint Authentication Method Policy attribute to specify the authentication strength level that you want to apply to the resources identified in Establishing an authentication strength policy.
    The syntax is: 
    pdadmin> pop modify pop-name set ipauth anyothernw level-index
    The value level-index is an integer. The default value is 0. The default value maps to the authentication strength level unauthenticated.

    Specify the index that corresponds to the necessary authentication strength level. To determine the correct level-index, examine the [authentication-level] stanza in the WebSEAL configuration file. 

    For example:[authentication-levels]
level = unauthenticated
level = password
level = ssl
    For the above entry, the index values are described in the following table:
    Table 1. Example integer values for authentication strength levels
    Authentication method Index value
    unauthenticated 0
    password 1
    ssl 2
    For example, to add the password authentication strength level (index value 1) to the test POP, enter:pdadmin> pop modify test set ipauth anyothernw 1
    To verify the modification, display the POP: 
    pdadmin> pop show test
       Protected object policy:  test
       Description:  Test POP
       Warning:  no
       Audit level: none
       Quality of protection: none
       Time of day access: sun, mon, tue, wed, thu, fri, sat:
          anytime:local
       IP Endpoint Authentication Method Policy
          Any Other Network 1
    Note: In this example, the only valid index values are: 0,1,2. If any other index value is configured, WebSEAL presents an error page whenever a client requests any object with that has the POP attached.