This section contains the following topics:
An affiliate domain is a logical grouping of federated entities that are associated with one or more user directories.
The affiliate domain not only contains federated entities but it also defines which user directories are associated with the domain. To generate an assertion, SiteMinder as an Identity Provider must have access to the user directory where a user record is defined. The Policy Server locates a user record by querying the user directories specified in the search order of the affiliate domain.
The search order is defined when you add user directory connections to an affiliate domain. You have the option of shifting the order of directories.
Affiliate domains require one or more administrator accounts that can modify the objects in the domain. System-level administrators can manage all objects in any domain; they have the permission Manage Affiliates. A system administrator that can grant control over a policy domain to other administrators has the permission Manage System and Domain Objects.
|
Copyright © 2012 CA.
All rights reserved.
|
|