|
|
|
For the Policy Server to connect to your WinNT domain, it must meet the following requirements:
Note: These requirements may be met by default if you use the default configuration for your WinNT domain. Your WinNT domain administrator should verify that the domain meets the above requirements.
Note: For Windows deployments, SOA Security Manager establishes the Windows user context by passing the user's fully qualified Windows ID and password to IIS. SOA Security Manager obtains the fully qualified Windows ID from the user's DN entry by concatenating the first cn and dc values found in the DN. For example, if the user DN is:
cn=<username>,cn=<usergroup>,dc=<server>,dc=<domain>,
dc=<extension>
The resulting Windows ID is <server>\<username>. IIS requires that <username> be the same as the Windows user ID, and that <server> be the logon domain name.
The Policy Server authenticates against WinNT and can authorize users based on their individual identities and group membership.
When authenticating against a WinNT namespace, the Policy Server passes user credentials to WinNT for authentication. The credentials are the user's WinNT user name and password. In a SOA Security Manager environment, where multiple WinNT namespaces are defined, user authentication is faster if the user name supplied to SOA Security Manager includes the domain name (i.e. domain\username). In that case, SOA Security Manager skips all WinNT namespaces that do not match the specified domain name.
WinNT user names and passwords can be used as credentials.
Note: To authenticate users against a WinNT domain, the Policy Server must run on WinNT.
| Copyright © 2011 CA. All rights reserved. | Email CA Technologies about this topic |