Message Image

Skip main navigation (Press Enter).

Symantec Access Management

View Only

Back to discussions

Expand all | Collapse all

Ignore user lookup on SP

srrajeshSep 10, 2018 04:01 AM

SiteMinder R12.52 SP1 CR09 is the SP and I want to know if one of the following is possible: 1. Allow ...

kenpe02Sep 11, 2018 04:23 AM

A variant of option 2 would be to use a user store with a single user in it. Then you could configure ...

1. Ignore user lookup on SP

0 Recommend
srrajesh
Posted Sep 10, 2018 04:01 AM

Reply Reply Privately
SiteMinder R12.52 SP1 CR09 is the SP and I want to know if one of the following is possible:
1. Allow all users who has the email domain @dxc.com even though they don't exist in the user store.
2. Disable user lookup on SP and allow all the users already authenticated by IDP to access the application.
2. Re: Ignore user lookup on SP

1 Recommend
Broadcom Employee

kenpe02
Posted Sep 11, 2018 04:23 AM

Reply Reply Privately
A variant of option 2 would be to use a user store with a single user in it. Then you could configure your user lookup with a hard-coded filter to always return that single user. The result is that any valid SAML assertions will be accepted.

You could configure the federation partnership to use the "Persist Attributes" redirect mode. In this way, the attributes in the assertion are written to the session store. You could then include them in HTTP header responses if required.

Pearse

Copyright 2019. All rights reserved.

Powered by Higher Logic