|
|
|
Policy domains are configured with a directory search order. When the Policy Server attempts to authenticate a user, it searches each user directory in the search order until it finds the user and verifies the supplied credentials. If the Policy Server locates a user in a directory, but the credentials supplied by the user do not match, the Policy Server looks at the next directory in the search order. If the Policy Server does not find a match for the user in any directory, the user's authentication attempt fails in the context of the realm that contains the requested resource.
For example, if a user attempts to access
/home/employees/managers/manager.html, and the user is located in a user directory, but fails to provide valid credentials for any directory in the search order, the authentication event fails in the /managers realm. The Policy Server then processes any events for a rejected authentication attempt in that realm (OnAuthReject).
| Copyright © 2010 CA. All rights reserved. | Email CA about this topic |