SiteMinder May Not Enforce the Requirement that a Given Resource Filter Be Unique for an Agent that is a Member of Different Agent Groups (10911)

Release Notes › SDK Release Notes › Known Issues › SiteMinder May Not Enforce the Requirement that a Given Resource Filter Be Unique for an Agent that is a Member of Different Agent Groups (10911)

SiteMinder May Not Enforce the Requirement that a Given Resource Filter Be Unique for an Agent that is a Member of Different Agent Groups (10911)

If a given resource is defined in different realms of the same domain, and the resource is protected by the same agent, unpredictable behavior can result.

SiteMinder does not prevent you from setting up a situation such as the following:

Agent1 is contained in agentgroup1 and agentgroup2.
Realm1 is created under a domain with the resource filter \sales\. The realm is associated with agentgroup1.
Realm2 is created under the same domain with the same resource filter. The realm is associated with agentgroup2.
Because Agent1 is defined for both agentgroup1 and agentgroup2, the resource filter \sales\ resource appears in different realms, but is protected by the same agent.

This situation can occur when adding or modifying a realm.

Workaround: The sample application PolicyApiSample.java contains a method named checkRealmResourceFilter() that checks for this situation. You can copy the method and use it in your Java applications, or use it as a model for your C applications.

Email CA Technologies about this topic