I have a question.
Suppose that there are 2 separate applications in the same cookie domain which authenticates against 2 different directory i.e. LDAP and ODBC. A user who is present in both the directories (i.e. same username and password) access the 1st application which authenticates against LDAP , would that user be able to SSO to the other application with authenticates against ODBC? If Yes, then how? and if NO, then why?
In this use case let's consider the below:
1) Application 1 has default directory/Identity Mapping and is authenticating and authorizing against LDAP.
2) Application 2 has default directory/Identity Mapping and is authenticating and authorizing against ODBC.
3) User accessing the application has exact same username/unique identifier(i.e. UserID from login) and password in both directories.
4) Application Protected is of same protection level and in same cookie domain and there is SSOTrust as well.
5) Now if the user access Application 1 and is authenticated/Authorized and SMSESSION in generated, then would the same SMSESSION can be used to access Application 2 or would user get the login page again? If No then why? and If Yes, then how?
We might have to check the session what attributes it contains,
It might not be possible because user directory oid has to be same
We can use Directory Mapping or Identity Mapping (Authentication - Authorization) to SSO from Authenicated UD (LDAP i.e. App1) to Authorization UD (ODBC i.e. App2).
So we would need to list all your use case beyond just SSO i.e. what if users (ODBC) access App2 directly. That should work as well. Directory Mapping or Identity Mapping should not interfere this use case.
May be two different entry points e.g SSO entry point via a different WebServer / Webagent instance which is tied to Directory Mapping or Identity Mapping Realm and Direct entry point via a different WebServer / Webagent which is tied to a standard Realm.
Thank you for the response.