Symantec Access Management

 View Only

Tech Tip : CA Single Sign-On : RFI-What order the policy server executes the Authorisation LDAP calls?

  • 1.  Tech Tip : CA Single Sign-On : RFI-What order the policy server executes the Authorisation LDAP calls?

    Broadcom Employee
    Posted Nov 09, 2018 02:39 AM

    Question:

     

    I'd like to know how Policy Server searches the membership of a user
    to determine if a specific policy applies or not. You're interested to
    know the order of the group search done when multiple groups are bound
    to a policy ?

     

    Answer:

     

    Out of the box, at authorization phase the user is searched in all the
    group memberships which are added in policy, Policy Server won't
    follow any order while searching for user. User searching in groups is
    thus random. Once the user is found in one group then Policy Server
    stops search. The User search doesn't follow the as per the order
    given in the AdminUI.

     

    This behavior will be seen in both ldap and odbc stores.

     

    KB : KB000120651