UserID mapping hirearchy and inheritance: In the case of an ID grabbed by TCAM, you can specify if you want it to override the Epic ID, for instance.
Is it possible to set one User Name maping as the master session, which should override others in the event that multiple matches are observed? Is this done strictly by the order of rule processing as long as rules are defined globally and not at the SWS level?
How are others handling implementations of Oracle Identity Manager, or RSA Single Sign On, etc.
Thanks,
Neal
Neal,
I'm not sure if I'm getting your question. Would you please excuse me and rephrase your question?
Hi Adam,
Gavin from support shed some light on this for me today in case 652. It is possible to define a hierarchy for applying a userID based on the name of the UserID Policy. He advised that exact match Policy names can apparently map a session token to a different username on any software service, as long as there is continuity with the session token. I wasn't sure this was possible, apparently CAS can do it and I'm trying it out now.
Thanks,
Neal
OK, thank you. Let me get more info about this and get back to you.
Neal,
That's exactly as Gavin said in SUPDCRUM-652.
We support SSO scenario as long as:
- one of SSes can extract valid username and match it with session identifier for this SS,
- other SSes are able to extract session identifiers (can be different than for the SS that extracts the username),
- all engaged SSes have the very same username recognition policy name.
