Symantec Access Management

  • Private Community

  • 1.  multiple rule for same realm

    Posted Jul 26, 2016 05:46 PM

    Hello there,

     

    I want to redirect a user who has manager=yes to different page as response when accessing realm /salary

    I want to redirect a user who has manager=no to different page as response when accessing the same realm /salary

     

    In other words, i want to have two rules(same action onAccessAccept) for one realm but different response page based on user role.

     

    Can anyone help me?

     

    thank you



  • 2.  Re: multiple rule for same realm
    Best Answer

    Broadcom Employee
    Posted Jul 26, 2016 06:24 PM

    Hi Suthakar,

     

    Siteminder auth is realm based, if your have both users auth/az to same realm, they have no access rights separation.

    The access rights are separated once you create /salary/manager vs. /salary/others two realms.

     

    Even by adding response for each rule using "WebAgent-OnAccept-Redirect" response, but target you choose for each redirect, they will still face additional login access evaluation, due to its uri processing. If redirected target is not protected, then it defeats the purpose of authentication.

     

    Another possibility is creating nested realms. Everyone gets in  /salary/*, but only manager allow access to /salary/manager.

    This still is treated as two realms.

     

    With only one realm, you maybe able to generate customized page entirely on the fly based on manager=yes/no, using active response (content of the page) with custom pages though.

     

    Regards,

     

    Hongxu