in our Siteminder environment we have both an Active Directory that an Oracle DB userstore defined.
Our domain's realm and policy are configured to allow access to all users in both userstores.
The application works correctly only if it recieves an HTTP header called LOGINID. This attribute is populated only in DB userstore.
We would like to configure a response which sets onAccessAccept an HTTP-variable LOGINID, getting "LOGINID" attribute from Oracle DB userstore also if user is authenticated from AD.
Is it possible to achieve the goal without using an "Active Response"?
Any ideas would be appreciated!
Are all user objects stored in both AD and ODBC? You could configure a AuthAz Mapping (AD -> ODBC) in order to Az the user against ODBC and set an HTTP Response Header to pull the
value from the ODBC attribute.
You might want to discuss this with Global Delivery to see if SMWalker can achieve this goal.
There may not be enough detail to adequately answer this question at this point.
yes this is the correct answer. We already tried to implement this but without success because in our version 12.52 sp1 there was a bug and there wasn't possible to do this mapping between AD and ODBC.
After we have opened a case, CA released a .jar which solves the issue and now we're able to do this.