CA Single Sign On Secure Proxy Server (SiteMinder)CA Single Sign On Agents (SiteMinder)CA Single Sign On Federation (SiteMinder)CA Single Sign On SOA Security Manager (SiteMinder)SITEMINDER
Issue/Introduction
We're running a Policy Server and we'd like to know how to get a response based on attributes from 2 User Stores ?
We've already configured an Identity mapping. Is it accurate to retrieve user's attributes ?
Environment
Policy Server all versions.
Resolution
As per documentation, Identity Mapping suits to locate a user and authorize it :
Identity Mapping by Complex User Search Criterion
"Identity Mapping locates a user by relying on the session ticket information [...] "
In order to set in a Response a specific user's attribute from a specific User Directory, we'd advise you to compose a custom Active Expression Response :
How do you compile and use the Siteminder Java SDK Active Response sample? https://knowledge.broadcom.com/external/article?articleId=53821
More, our Global Delievery team has produced a module which probably allow you to do so :
SmWalker for CA Single Sign-On User Guide Version R14.3
SmWalker for CA Single Sign-On (a/k/a SmWalker) is a tool provided by the CA Technologies Global Delivery Team that can be used to retrieve and process information and pass it as a response from CA Single Sign-On (f/k/a SiteMinder).
Originally, SmWalker was designed to access information stored in an LDAP directory, but there are many functions that can process information from other sources as well.
SmWalker is not specifically part of CA Single Sign-On, but is a useful adjunct to it. SmWalker is essentially a library of Active Expression functions that the CA Technologies Global Delivery Team (and our customers) have found useful over the years.