Realms are often organized hierarchically. A realm shares a key with its parent and different key with each child. In a hierarchical organization, an authentication path can be easily established if an inter‑realm key is not shared by two realms. If a hierarchical organization is not in place, referring to a database in order to build an authentication path between realms may be required.
Although realms are often hierarchical, intermediate realms may be overridden, resulting in cross‑realm authentication through alternate authentication paths. The end‑service must know which realms were transited when determining how much confidence to have in the authentication process. To aid this process, a field in each ticket includes the realm names that helped authenticate the client.
|
Copyright © 2014 CA Technologies.
All rights reserved.
|
|