Siteminder Webservices Security

Discussion created by SatyaV on Sep 17, 2013
Latest reply on Sep 20, 2013 by Chris_Hackett
Hi Team,

We have a web service which is deployed on JBOSS server. We want access to this web service made available only from an internal server without any authentication (anonymous authentication locked down to an IP address only). We are proxying to this web service via apache webserver where I have installed & configured Siteminder Webservices Security Agent.

To achieve the above use case i made following configurations on siteminder side
1. Create a realm which is protected by an anonymous authentication
2. Created a rule with Get,Post,ProcessSoap,ProcessXML webagent actions
3. Created a policy and defined the internal server IP address in the General->Restrictions-> IP Address.
4. Added the above rule (created in step2) to the policy.

When tested i found that the webservice is available to be accessed from all the servers and not restricted to IP address of the server defined in the policy.

Please suggest if I am missing something here.