I am looking for a deeper understanding on how the authorization decisions are made in the CA SSO policy.
1. I have a policy in CA SSO that has been configured to provide access to a page (/test.html) when the user has Role X or Role Y.
2. The user has both Role X and Role Y.
Query 1: Which role will siteminder take into account to authorize the user? Is it based on order? How can I consistently maintain the order as if we modify any role, the order changes on its own.
Query 2: How can we figure out what role has been taken into account to authorized the user? (Any custom logic or java code to figure out this part)