Symantec Access Management

SSO between Applications with different user directories

  • 1.  SSO between Applications with different user directories

    Posted Nov 05, 2018 01:35 PM

    Hi,

    I am really looking for help with SSO between applications with different user directories with below scenarios:

     

    1) We have one application named as Portal which is using Oracle Database for User Authentication and Authorization.

    2) We have another set of applications which is using Active Directory for User Authentication and Authorization.

    3) We have SaaS applications like Concur / Salesforce which are also using Active Directory for Authentication and assertion generation and different attributes are configured like MAIL, USERID in NameID Format for different applications.

    4) There are some users which are common between Oracle Database and Active Directory but there are additional users which are not common in both User Directories.

     

    Now, situation is we have to achieve Single Sign on between applications mentioned in point # 1, 2 and then IDP Initiated SSO for federated application mentioned in Point # 3 from both Point #1 & 2. Also apart from SSO each set of users will be able to login successfully in their respective applications with respective user directory. 

     

    Please note, all applications are pointing to SAME policy servers with common Policy Store. 

     

    Please suggest a way how we can achieve this. We tried with :

     

    1) Global Auth Identity mapping between Oracle User directory and Active Directory but this is giving authorization failure for the users which are not common. 

    2) Since we did the ID mapping so it is failing for the federation application where we are sending email attribute. 

     

    Any pointers for this would certainly help me in resolving one of the major issue.

     

    Regards,

    Sachin