Does BCAAA use more resources when the ProxySG policy refers to nested Active Directory group names on IWA realms?
search cancel

Does BCAAA use more resources when the ProxySG policy refers to nested Active Directory group names on IWA realms?

book

Article ID: 165656

calendar_today

Updated On:

Products

ProxySG Software - SGOS

Issue/Introduction

 

When the ProxySG appliance connects to BCAAA, it sends BCAAA a list of all the groups referenced in policy. These are called "Groups of Interest.” 

 BCAAA creates a mutex for each Group of Interest. An ACL is placed on the mutex such that it allows only the specified group access.
 
Following a successful authentication, BCAAA impersonates the user and attempts to access each mutex; this lets Windows handle the complexities of nested groups. Nested groups are therefore not an issue for IWA realms.
Powered by Wolken Software