Authorization with Active Directory AD Groups in Policy Server
search cancel

Authorization with Active Directory AD Groups in Policy Server

book

Article ID: 261224

calendar_today

Updated On:

Products

CA Single Sign On Agents (SiteMinder) SITEMINDER

Issue/Introduction

 

Running Policy Server, when users are configured in the Policy as a group, users aren't authorized.

 

Cause

 

The browser goes on Domain "myDomain", realm "myRealm", for which the Auth/Az mapping "Auth/Az Mapping" gets applied.

Then the Policy Server searches the User in the User Store "TEST Active Directory" for authorization, as this is the target for the Auth/Az mapping.

The Policy doesn't have the "TEST Active Directory" User Store configured.

 

Resolution

 

Create membership for the users in the "TEST Active Directory" User Store.

Modify the Policy to add the group as a member on this "TEST Active Directory" User Store to solve this issue.