RFI-What order the policy server executes the Authorisation LDAP calls?

book

Article ID: 120651

calendar_today

Updated On:

Products

CA Single Sign On Secure Proxy Server (SiteMinder) AXIOMATICS POLICY SERVER CA Single Sign On SOA Security Manager (SiteMinder) CA Single Sign-On

Issue/Introduction



I'd like to know how Policy Server searches the membership of a user
to determine if a specific policy applies or not. You're interested to
know the order of the group search done when multiple groups are bound
to a policy ?
 

Environment

Release: MSPSSO99000-12.8-Single Sign-On-for Business Users-MSP
Component:

Resolution

Out of the box, at authorization phase the user is searched in all the
group memberships which are added in policy, Policy Server won't
follow any order while searching for user. User searching in groups is
thus random. Once the user is found in one group then Policy Server
stops search. The User search doesn't follow the as per the order
given in the AdminUI.

This behavior will be seen in both ldap and odbc stores.