Symantec Access Management

  • Private Community
 View Only

  • 1.  Access for user LDAP and ODBC

    Posted Jun 30, 2018 03:11 AM

    Hello All,

     

    I have a question.

     

    Suppose that there are 2 separate applications in the same cookie domain which authenticates against 2 different directory i.e. LDAP and ODBC. A user who is present in both the directories (i.e. same username and password) access the 1st application which authenticates against LDAP , would that user be able to SSO to the other application with authenticates against ODBC? If Yes, then how? and if NO, then why?

     

    In this use case let's consider the below:

     

    1) Application 1 has default directory/Identity Mapping and is authenticating and authorizing against LDAP.

    2) Application 2 has default directory/Identity Mapping and is authenticating and authorizing against ODBC.

    3) User accessing the application has exact same username/unique identifier(i.e. UserID from login) and password in both directories. 

    4) Application Protected is of same protection level and in same cookie domain and there is SSOTrust as well. 

    5) Now if the user access Application 1 and is authenticated/Authorized and SMSESSION in generated, then would the same SMSESSION can be used to access Application 2 or would user get the login page again? If No then why? and If Yes, then how?

     

    Thank You

    Ankur Taneja



  • 2.  Re: Access for user LDAP and ODBC

    Posted Jun 30, 2018 05:49 AM

    We might have to check the session what attributes it contains,

    It might not be possible because user directory oid has to be same

     

    Regards,

    Ram,



  • 3.  Re: Access for user LDAP and ODBC
    Best Answer

    Posted Jul 01, 2018 05:12 PM

    Ankur

     

    We can use Directory Mapping or Identity Mapping (Authentication - Authorization) to SSO from Authenicated UD (LDAP i.e. App1) to Authorization UD (ODBC i.e. App2).

     

    So we would need to list all your use case beyond just SSO i.e. what if users (ODBC) access App2 directly. That should work as well. Directory Mapping or Identity Mapping should not interfere this use case.

     

    May be two different entry points e.g SSO entry point via a different WebServer / Webagent instance which is tied to Directory Mapping or Identity Mapping Realm and Direct entry point via a different  WebServer / Webagent which is tied to a standard Realm.



  • 4.  Re: Access for user LDAP and ODBC

    Posted Jul 02, 2018 12:55 AM

    Hello Hubert,

     

    Thank you for the response.

     

    In this use case let's consider the below:

     

    1) Application 1 has default directory/Identity Mapping and is authenticating and authorizing against LDAP.

    2) Application 2 has default directory/Identity Mapping and is authenticating and authorizing against ODBC.

    3) User accessing the application has exact same username/unique identifier(i.e. UserID from login) and password in both directories. 

    4) Application Protected is of same protection level and in same cookie domain and there is SSOTrust as well. 

    5) Now if the user access Application 1 and is authenticated/Authorized and SMSESSION in generated, then would the same SMSESSION can be used to access Application 2 or would user get the login page again? If No then why? and If Yes, then how?

     

    Thank You

    Ankur Taneja