|
|
|
The SiteMinder Adjudication Provider resolves any authorization conflicts that may occur when more than one authorization provider is configured in a security realm by weighing the result of each authorization provider's access decision. The Adjudication Provider does this by tallying different results returned by multiple Authorization providers' access decisions and providing a final decision on whether access should be granted to a WebLogic resource.
Note: The SiteMinder Adjudication Provider is required if the SiteMinder Authorization Provider is configured.
The SiteMinder Adjudication Provider can be configured to operate in two different modes:
Note: Do not set EnableWebAgent="NO" for the SiteMinder Adjudication Provider—doing so will prevent the WebLogic Server from starting.
The following table indicates the behavior of these modes. In the table, "N/A" denotes either a YES or NO answer that does not affect the final outcome of the authorization decision.
|
SiteMinder Adjudication Mode |
Result from SiteMinder Authorization Provider |
Result from other Az Providers configured in the WebLogic Security realm |
Authorization Decision |
|---|---|---|---|
|
SiteMinder |
ABSTAIN |
PERMIT (all) |
PERMIT |
|
|
ABSTAIN |
DENY (one or more) |
DENY |
|
|
PERMIT |
N/A |
PERMIT |
|
|
DENY |
N/A |
DENY |
|
Equal |
ABSTAIN |
PERMIT (all) |
PERMIT |
|
|
ABSTAIN |
DENY (one or more) |
DENY |
|
|
DENY |
PERMIT (one or more) |
DENY |
|
|
PERMIT |
DENY (one or more) |
DENY |
|
|
PERMIT |
PERMIT (all) |
PERMIT |
| Copyright © 2010 CA. All rights reserved. | Email CA about this topic |