MyTechReference - Technical Notes


by IDAMGroup

CA Siteminder Identity Mapping

CA Siteminder Authentication – Authorization Mapping

In this post i am going to show you how to configure user  to Authenticate against userdiretory1  and authorize against userdirectory2.

In my scenario i have created 2 user directory

1. User Directory   (  Unfortunately named as User Directory… don’t get confused)
2. NAM eDirectory

Go to Infrastucture –> Directory — Identity Mapping

Click Create Identity Mapping

 

mytechref_361

 

Select Authentication-Authorization as Mapping type

 

mytechref_362

 

Create the Identity Mapping Entries as below

Select the Source Directory where you want to a Authentication

And Select the Target Directory where you want to get Authorized

Select the User Search Criteria ” I have selected as Identical DNs” and click OK to Save setting.

 

mytechref_364

 

Now we have created the Identity Mapping.   Before applying this Identity Mapping to a Domain Policy lets see how the  user directory entry looks like.  You see only one User Directory “US Dir”  is shown because we have assigned this user store while creating the Domain. The authentication will happen against this User Directory.

If you do not assign any users to this user directory in the Domain policy as below the authorization will fail.

 

mytechref_360

 

Now lets assign the Identity mapping for the realm 

Infrastructure –> Policies –> Realm  and select the realm you want to assign this Identity Mapping

In the Advanced section select Identity Mapping which you are created

 

mytechref_358

 

Click Ok  and submit the changes.

Now go back to the Domain policy of the Realm and click the User tab and you should see two User Directories as below.  In my case i selected all users for the NAM eDirectory, because i want authorization to happen against different User Store.

 

mytechref_356

 

 By selecting this user will get Authenticate against “US Directory” and Authorized against “NAM eDirectory”.

 

---------------------------------------------------------------------------------------------------------------------------------------------

Disclaimer: Content posted here worked for me and may not guarantee success, should be used as reference only and please use it cautiously.