Would it be possible in CA SSO to have an authorization repository rather than the authentication repository ?
I mean, can I set CA SSO for an web application so that I can define user credentials at one ldap repository, and use a second repository ( db, ldap, or even a file ) which can define which rights the user has ? Or necessarily I have to set the rights for domains and realms manually at the software.
Yes, you can do this. Check the docs for Auth/Az directory mapping. You can't use a file, only a supported repository.
Directory Mapping--Auth/Az Mapping Dialog - CA Single Sign-On - 12.52 SP2 - CA Technologies Documentation
Thanks a lot David. That´s great.