RFI-What order the policy server executes the Authorisation LDAP calls?
Article ID: 120651
CA Single Sign On Secure Proxy Server (SiteMinder)AXIOMATICS POLICY SERVERCA Single Sign On SOA Security Manager (SiteMinder)CA Single Sign-On
I'd like to know how Policy Server searches the membership of a user to determine if a specific policy applies or not. You're interested to know the order of the group search done when multiple groups are bound to a policy ?
Release: MSPSSO99000-12.8-Single Sign-On-for Business Users-MSP Component:
Out of the box, at authorization phase the user is searched in all the group memberships which are added in policy, Policy Server won't follow any order while searching for user. User searching in groups is thus random. Once the user is found in one group then Policy Server stops search. The User search doesn't follow the as per the order given in the AdminUI.
This behavior will be seen in both ldap and odbc stores.