Symptom:
Specifying an LDAP search filter in a SAML 2.0 authentication scheme at the Service Provider had a limitation. The Policy Server could not process an LDAP filter string with multiple %s characters.The Policy Server was not replacing all %s variable with the login ID.
This problem occurred for legacy federation.
Solution:
You can now specify an LDAP search filter containing multiple %s variables. The following are example strings now supported:
|(uid=%s)(uid=%s) |(abcAliasName=%s)(cn=%s)
If user1 is the LoginID, the Policy Server resolves these strings as follows
|(uid=user1) (uid=user1) |(abcAliasName-user1) (cn-user1)
Specify LDAP searches in the User Lookup field of the SAML 2.0 authentication scheme in the Administrative UI. The dialog can be found at the location Infrastructure, Authentication Schemes, General.
|
Copyright © 2012 CA Technologies.
All rights reserved.
|
|