If I understand your use case right.
You have :
- Authentication Directory = Active Directory
- Authorization Directory = CA Directory
You have configured AuthAZ Identity mapping with source as Active Directory and Target as CA Directory.
Now, you would like to return the UID from CA directory (AZ directory) as a response in HTTP_SM_USER header variable.
This is perfectly possible. However,note that , the Response are evaluated for only that directory which is specified in your Policy. As this is going to be OnAccessAccept Policy, you will be able to retrieve attribute from ONLY CA directory here..
Identity Mapping :
TESTING :
In CA Directory I have givenName for this user set to Kelly CADir
In AD, I have givenName fro this user set to Kelly AD
As you can see above, as per our configuration , the value was correctly picked from CA Directory.
Let me know if there is any questions.
Regards,
Ujwol