Symptom:
Specifying an LDAP search filter in a SAML 2.0 authentication scheme at the Service Provider had a limitation. The Policy Server could not process an LDAP filter string with multiple %s characters.The Policy Server was not replacing all %s variable with the login ID.
This problem occurred for Federation Security Services.
Solution:
You can now specify an LDAP search filter containing multiple %s variables. The following are example strings now supported:
|(uid=%s)(uid=%s) |(abcAliasName=%s)(cn=%s)
If user1 is the LoginID, the Policy Server resolves these strings as follows
|(uid=user1) (uid=user1) |(abcAliasName-user1) (cn-user1)
Specify LDAP searches in the User Lookup field of the SAML 2.0 authentication scheme in the Administrative UI. The dialog can be found at the location Infrastructure, Authentication Schemes, General.
STAR Issue: 20375682
|
Copyright © 2012 CA.
All rights reserved.
|
|