Symantec Access Management

I’m IWA authentication and I need to define a response for SM_USER in the IWA policy: I get the sAMAccountName from AD and I need to return the UID from CA Directory in the response. The UID (random UUID) is different than the sAMAccountName. The lookup must be: Return UID (CA Directory) where employeeNumber (CA Directory) = sAMAccountName (AD). Do you know how to achieve that?

I've created an Custom Search in an Identity Mapping where AD is source directory and CA Directory is the target directory and the search is employeeNumber = sAMAccountName. AFAIK you can use then attributes from both AD and CA Directory in your response.

Until now it does not return a valid response e.q. SM_USER is empty

Any suggestion? (im using CA SSO r12.52 SP2 CR01)

Thanks,

Bert

If I understand your use case right.

You have :

• Authentication Directory = Active Directory
• Authorization Directory = CA Directory

You have configured AuthAZ Identity mapping with source as Active Directory and Target as CA Directory.

Now, you would like to return the UID from CA directory (AZ directory) as a response in HTTP_SM_USER header variable.

This is perfectly possible. However,note that , the Response are evaluated for only that directory which is specified in your Policy. As this is going to be OnAccessAccept Policy, you will be able to retrieve attribute from ONLY CA directory here..

Identity Mapping :

TESTING :

In CA Directory I have givenName for this user set to Kelly CADir

In AD, I have givenName fro this user set to Kelly AD

As you can see above, as per our configuration , the value was correctly picked from CA Directory.

Let me know if there is any questions.

Regards,

Ujwol

Thanks Ujwol, I got it working now.

Really appreciated!