Symantec Access Management

Expand all | Collapse all

Ignore user lookup on SP

  • 1.  Ignore user lookup on SP

    Posted 09-10-2018 04:01 AM

    SiteMinder R12.52 SP1 CR09 is the SP and I want to know if one of the following is possible:

    1. Allow all users who has the email domain @dxc.com even though they don't exist in the user store.

    2. Disable user lookup on SP and allow all the users already authenticated by IDP to access the application.



  • 2.  Re: Ignore user lookup on SP

    Broadcom Employee
    Posted 09-11-2018 04:23 AM

    A variant of option 2 would be to use a user store with a single user in it. Then you could configure your user lookup with a hard-coded filter to always return that single user. The result is that any valid SAML assertions will be accepted.

     

    You could configure the federation partnership to use the "Persist Attributes" redirect mode. In this way, the attributes in the assertion are written to the session store. You could then include them in HTTP header responses if required.

     

    Pearse