When SiteMinder authenticates a user, it establishes a user context. Subsequently, access control policy decisions are based on the user context matching one of the criteria shown in the table below.
User Namespace |
Description |
---|---|
User |
The user's Distinguished Name (DN) must match the DN specified in the policy. |
User Attribute |
The search expression specifying conditions related to user attributes must be true. |
User Group |
The user's DN must be a member of the user group specified in the policy. |
Group Attribute |
The search expression specifying conditions related to the group attribute must be true. |
Organizational Role |
The user must occupy the organizational role specified in the policy. |
Organization Unit |
The user must be a member of the organizational unit specified in the policy. The Organizational Unit must be a part of a user's DN, group, or role (group and role are not used by default). |
Organization |
The user must be a member of the organization specified in the policy. The Organization must be a part of a user's DN, group, or role (group and role are not used by default). |
Organization Attribute |
The search expression specifying conditions related to the organization attribute must be true. |
Custom Object Classes |
SiteMinder can be configured to associate Policies with custom directory objects. |
Generally, you bind users or user attributes to policies on the SiteMinder Policy pane by selecting an entry from the list of available directory entries. Individual users are not visible in the list of available directory entries. However, you can search for specific users within a directory and add the users directly to the policy.
Copyright © 2010 CA. All rights reserved. | Email CA about this topic |