Symantec Access Management

 View Only
Expand all | Collapse all

Query on SMSESSION behavior - SSO between SAML and WebAgent Approach

  • 1.  Query on SMSESSION behavior - SSO between SAML and WebAgent Approach

    Posted Jul 05, 2019 07:24 AM
    Hi,

    Just trying to have SSO from SAML to WebAgent based Approach. 

    Journey would start with user logging in to IDP (Any SAML 2.0 compliant product) which then post SAML token to SP(which is CA Federation Manager), once the SAML token is validated @ DB level, then user to be re-directed to Webagent based CA single sign on integrated application.

    My query is SAML token would hold User id which is one of the attribute in DB against which the validation should happen and SMSESSION would be created, however, on Webagent approach based login, email id is used as the primary factor for authentication based on which then SMSESSION would be created or validated.

    Will the SSO work?  

    Regards,
    Ramya Vijayakumar. ​

    ------------------------------
    Regards,
    Ramya Vijayakumar.
    ------------------------------


  • 2.  RE: Query on SMSESSION behavior - SSO between SAML and WebAgent Approach
    Best Answer

    Broadcom Employee
    Posted Jul 08, 2019 01:44 PM
    Hi Ramya,

    You can use Authentication->Authorization Identity Mapping to achieve this.  The user's session will remain as it was created by SAML, however, for authorization for the other resources, that session can be mapped to the same user in a separate user store.

    However, if you are working with a single user store, you may not need to configure anything.  When a session cookie is created, it is not based on a single attribute, but the user's full DN plus the name of the user store.  Thus, regardless of which attribute was used during authentication, the user will be uniquely identified within that user store and therefore that user can be authorized for other resources based on the same session simply by adding that user's account (or group they are a member of) to the relevant policies.

    -Pete