Hi all, I have a strange question.
I have three federated domains, A, B and C.
The realms in domain A are authenticated through an IWA authentication schema
the other two are authenticated through a custom schema.
Because of the federation, If I authenticate to a resource in domain A, I can access to resources in domains B, C too, and this is fine BUT:
The applications in domains B and C need a user cookie that is normally generated by their authentication schema and is not present if I am authenticated on an application belonging to domain A.
Is there any way to test if a cookie exists at authorization level?
I mean: I authenticate on a resource in domain A, so I have a SM_SESSION cookie but I do not have the user cookie. I call a resource from domain B, I am already authenticated but I do not have the user cookie so I cannot access to the target resource, so when I pass from a resource in domain A to one in domain B or C I need to test the presence of the user cookie and in some way create it if not present.
The solution I think about are:
Thanks and have a nice day
Does the 3 apps are with the same ACO? Because if isn't you may need to configure the trust between each app ACO, as far I remember. Otherwise you may use response rules into each realm to trust each other (create the app coolie).
Hi daniel. thanks for the reply. Yes, the 3 apps are in the same ACO. I was wondering if there is the chance to write a response in which I test the present of the cookie and, if not, present create it. I went through some searches but I did not find a solution.
Testing for the presence of a user cookie at the authorization level can be complex. Consider discussing the client's concerns about generating the user cookie in Domain A or implementing a higher protection level for resources in Domains B and C. Testing via response expressions is possible, but the exact implementation depends on your access management system. Ultimately, the choice should align with security and user experience needs.