Symantec IGA

Hi to all,

I am writing to you about SM_USER_APPLICATION_TASKS
If I specify it in a RESPONSE as is, without using application id ( SM_USER_APPLICATION_TASKS: applicationid  )
Will I get all access roles? Or an empty string?

It is not clear to me when this response is triggered.

I have an IM integrated with Siteminder. I have created a policy-domain linked with the Identity. In the user tab, in the IDM entry I have added all the roles that interest me. And I also added 2 directories (all users). The first directory is an Active Directory. The second directory is the IM environment user store. The UniversalIDs of the users are the same in both directory. 

I tried to enter in a realm that have a rule on the above policy. I can enter by the response is empty. Either my user have a Role.  

Can you help me ?

I was wrong! I meant SM_USER_APPLICATION_ROLES and not SM_USER_APPLICATION_TASK. Anyway: how does siteminder know what the user's roles are? From the user directory it is impossible! Is the information also written in the policy store?
Original Message:
Sent: 10-20-2021 08:04 AM
From: Marco Trucillo
Subject: About SM_USER_APPLICATION_TASKS

Hi to all,

I am writing to you about SM_USER_APPLICATION_TASKS
If I specify it in a RESPONSE as is, without using application id ( SM_USER_APPLICATION_TASKS: applicationid  )
Will I get all access roles? Or an empty string?

It is not clear to me when this response is triggered.

I have an IM integrated with Siteminder. I have created a policy-domain linked with the Identity. In the user tab, in the IDM entry I have added all the roles that interest me. And I also added 2 directories (all users). The first directory is an Active Directory. The second directory is the IM environment user store. The UniversalIDs of the users are the same in both directory.

I tried to enter in a realm that have a rule on the above policy. I can enter by the response is empty. Either my user have a Role.

Can you help me ?

ok i managed to get SM_USER_APPLICATION_ROLES with information.

Obviously it only fills up when I log in with an IM-linked user of the userstore. I would like it to work for me also by logging in with ADN. So I used an attribute mapping like this

IDENTITY_MAP ("ADN_2_IAM",SM_USER_APPLICATION_ROLES)

I've used this even with other attribute like this 

IDENTITY_MAP ("ADN_2_IAM",imOnlyAttribute)

But it work only for attribute on IM's user store. Not for SM_USER_APPLICATION_ROLES


Original Message:
Sent: 10-20-2021 08:04 AM
From: Marco Trucillo
Subject: About SM_USER_APPLICATION_TASKS

Hi to all,

I am writing to you about SM_USER_APPLICATION_TASKS
If I specify it in a RESPONSE as is, without using application id ( SM_USER_APPLICATION_TASKS: applicationid  )
Will I get all access roles? Or an empty string?

It is not clear to me when this response is triggered.

I have an IM integrated with Siteminder. I have created a policy-domain linked with the Identity. In the user tab, in the IDM entry I have added all the roles that interest me. And I also added 2 directories (all users). The first directory is an Active Directory. The second directory is the IM environment user store. The UniversalIDs of the users are the same in both directory.

I tried to enter in a realm that have a rule on the above policy. I can enter by the response is empty. Either my user have a Role.

Can you help me ?