Symantec Access Management

Tech Tip : CA Single Sign-On : Apply Filter to LDAP in Partnership Federation

  • 1.  Tech Tip : CA Single Sign-On : Apply Filter to LDAP in Partnership Federation

    Posted 06-01-2018 05:11 AM

    Question:


    We are trying to implement the following LDAP filter to an existing
    partnership: (&(uid=*)(userRoles=MYROLE;MYROLE_USER))

    But it seems this one doesn't work. How should we configure this ?

     

    Answer:

     

    The semicolon is used to separate multiple DNs in a search query, but
    it does not apply in a LDAP filter. This should be done differently.

    Please, check the "Filter Any" example 2 on the following document:

     

    User Identification for a Partnership
    https://docops.ca.com/ca-single-sign-on/12-6-01/en/configuring/partnership-federation/user-identification-for-a-partnership

     

    For this and more information on the LDAP filters, you can check:

     

    https://www.ldap.com/ldap-filters
    https://docs.ldap.com/specs/rfc4515.txt

     

    Apply extensible match filters to identify that the user has both
    roles


    KB : KB000099441