MyTechReference - Technical Notes

by IDAMGroup

CA Siteminder Identity Mapping

CA Siteminder Authentication – Authorization Mapping

In this post i am going to show you how to configure user  to Authenticate against userdiretory1  and authorize against userdirectory2.

In my scenario i have created 2 user directory

1. User Directory   (  Unfortunately named as User Directory… don’t get confused)
2. NAM eDirectory

Go to Infrastucture –> Directory — Identity Mapping

Click Create Identity Mapping




Select Authentication-Authorization as Mapping type




Create the Identity Mapping Entries as below

Select the Source Directory where you want to a Authentication

And Select the Target Directory where you want to get Authorized

Select the User Search Criteria ” I have selected as Identical DNs” and click OK to Save setting.




Now we have created the Identity Mapping.   Before applying this Identity Mapping to a Domain Policy lets see how the  user directory entry looks like.  You see only one User Directory “US Dir”  is shown because we have assigned this user store while creating the Domain. The authentication will happen against this User Directory.

If you do not assign any users to this user directory in the Domain policy as below the authorization will fail.




Now lets assign the Identity mapping for the realm 

Infrastructure –> Policies –> Realm  and select the realm you want to assign this Identity Mapping

In the Advanced section select Identity Mapping which you are created




Click Ok  and submit the changes.

Now go back to the Domain policy of the Realm and click the User tab and you should see two User Directories as below.  In my case i selected all users for the NAM eDirectory, because i want authorization to happen against different User Store.




 By selecting this user will get Authenticate against “US Directory” and Authorized against “NAM eDirectory”.



Disclaimer: Content posted here worked for me and may not guarantee success, should be used as reference only and please use it cautiously.