Legacy directory mapping methods map the authentication directory to an authorization or a validation directory using an Identical DN or a Universal ID.
The following are the two types of legacy directory mapping methods:
If an Auth/Az or AuthValidate mapping is configured, CA SiteMinder® first attempts to use the session user directory to locate a user; uses the specified mapping mechanism only if the user is not found in the session user directory.
Configuring an Auth/Az directory mapping is a two-step process:
You can configure a directory mapping to authenticate users against one directory and authorize users against another directory.
To configure a directory mapping
The Auth/Az Mapping page appears.
The Create Directory Mapping page appears.
Note: Click Help for descriptions of settings and controls, including their respective requirements and limits.
Important! The directory mapping is successful only if the Universal ID points to a single entry in the authorization directory.
The Create Directory Mapping task is submitted for processing.
You assign a directory mapping to a realm so the Policy Server may authenticate a user in one directory and authorize a user in another directory. The Policy Server uses the authorization directory specified in the realm to authorize users.
To assign a directory mapping to a realm
The Default value indicates that there is no directory mapping; the authentication directory will be used as the authorization directory when a user attempts to access a resource in the realm. The list only contains user directories that have been configured as authorization directories in an existing directory mapping.
Important! You can map only one authorization directory per realm.
The Policy Server saves the directory mapping. Users that access the realm authenticate normally and authorize against the directory specified in the realm.
AuthValidate Directory Mapping is an extension of Authentication and Authorization Directory Mapping. Both types of directory mapping allow users to authenticate against one user directory and authorize against another user directory. In both cases, the directory mapping type can be further specified as Identical DN or Universal ID.
AuthValidate directory mapping extends Authentication and Authorization directory mapping in three ways:
You can configure an AuthValidate directory mapping to authenticate users against one directory and validate users against another directory.
Note: AuthValidate mappings are global.
To configure an AuthValidate Directory Mapping
The AuthValidate Directory Mappings page appears.
The Create AuthValidate Directory Mapping page appears.
Note: Click Help for descriptions of settings and controls, including their respective requirements and limits.
The AuthValidate Directory Mapping task is created.
Copyright © 2013 CA.
All rights reserved.
|
|