Hello,
I have two user directories that have the same users (same username) but different password. Let call them
A and
B.
I wish I could authenticate user with A or B but use only directroy A as authorization (I'd like to have a response that takes information from directory A as cookie or header).
I thought about doing it this way:
Create two domains.
- DA domain where I have as user directory A
- DB domain where I have as user directory B.
I would an
unprotected resource that has two links
- "Login" that point /loginA
- "Legacy Login" that point /loginB
I thought of creating three realms
/loginA protected in domain A
/protected protected in domain A
/loginB protected in domain B
both /loginA and /loginB redirect to /protected
On the realm /protected I was thinking of hooking an Auth-Autz mapping based on UniversalId
I will therefore have two policies
* PA policy which contain /loginA and /protected realms that has "all users of the directory A" as authorized users
* PB policy witch contains /loginB that has "all the users of the directory B" as authorized users
What do you think? It might work? Is this the correct way to do it?