Can we configure SiteMinder to log in by using the email address rather than the username?

book

Article ID: 51443

calendar_today

Updated On:

Products

CA Single Sign On Secure Proxy Server (SiteMinder) CA Single Sign On SOA Security Manager (SiteMinder) CA Single Sign-On

Issue/Introduction

Description:

Most of the time, in a standard SiteMinder implementation, we are using the username or common name to login to an application.

In some implementations you may want to use the email address (or any other user attribute like givenname, uid, cn, mail etc) to authenticate into a user directory and use this email address as your identifier on a portal.

Solution:

In Order for SiteMinder to Authenticate/authorize a user using Email (or any user attribute like mail, givenname, uid, cn etc) and not by username then perform the following settings in SiteMinder Policy server Admin UI :

  1. Go to the SiteMinder Policy server User Directory Properties

  2. Change the setting of the user directory setup and give LDAP User DN Lookup as:
    (mail=))

Note:

In case of Active Directory used as User store, you can setup:
LDAP User DN Lookup: (&(objectclass=person) (mail=))

Similarly, you can give other user attributes (like cn, uid, givenName) to enable SiteMinder to authenticate/authorize against these attributes.

Environment

Release:
Component: SMPLC