Create a protected object policy

Complete the following steps:

Steps

1. Create a POP. For example, use pdadmin to create a new POP named test:

   pdadmin> pop create test

2. Display the contents of the new POP:

   pdadmin> pop show test  

   The new POP contains new settings similar to the following:

   pdadmin> pop show test
          Protected object policy:  test
          Description:
          Warning:  no 
          Audit level: none
          Quality of protection:  none
          Time of day access: sun, mon, tue, wed, thu, fri, sat:
             anytime:local 
          IP Endpoint Authentication Method Policy
             Any Other Network 0

3. Note the default values in the POP for the attribute IP Endpoint Authentication Method Policy.

   ... 
   ... 
   IP Endpoint Authentication Method Policy
              Any Other Network 0 
   ...

   The IP Endpoint Authentication Method Policy attribute is used to specify two different attributes:
   • Authentication strength level.

     Default is 0.

   • Network-based access policy.

     Default is Any Other Network.

4. Use pdadmin pop modify to modify the IP Endpoint Authentication Method Policy attribute to specify the authentication strength level to apply to the resources identified in Establishing an authentication strength policy. The syntax is:

   pdadmin> pop modify pop-name set ipauth anyothernw level-index

   The value level-index is an integer. Default is 0. The default value maps to the authentication strength level unauthenticated.

   Specify the index corresponding to the necessary authentication strength level. To determine the correct level-index, examine the [authentication-level] stanza in the WebSEAL configuration file.

   For example:[authentication-levels]
   level = unauthenticated
   level = password
   level = ssl

   For the above entry, the index values are described in the following table:

   Authentication method	Index value
   unauthenticated	0
   password	1
   ssl	2

   For example, to add the password authentication strength level (index value 1) to the test POP, enter:pdadmin> pop modify test set ipauth anyothernw 1To verify the modification, display the POP:

   pdadmin> pop show test
          Protected object policy:  test
          Description:  Test POP
          Warning:  no
          Audit level: none
          Quality of protection: none
          Time of day access: sun, mon, tue, wed, thu, fri, sat:
             anytime:local
          IP Endpoint Authentication Method Policy
             Any Other Network 1

   In this example, the only valid index values are: 0,1,2. If any other index value is configured, WebSEAL presents an error page whenever a client requests any object with that has the POP attached.

Parent topic: Authentication strength policy (step-up)