cancel
Showing results for 
Search instead for 
Did you mean: 

Can you identify which realm a user has come from

Highlighted
New Contributor

Can you identify which realm a user has come from

Hi,

We currently have two realms. Is it possible to to pass and extract the realm information (e.g. in a custom header) so that an application can see which realm the user has come from and display specific data based on that?

I'm not sure if this helps or will make any difference to but we are using kerberos as the authentication method.

Thanks in advance

Chris
5 REPLIES 5
Highlighted
Occasional Contributor

Re: Can you identify which realm a user has come from

Yes, the realm is available via variable .

You could for example pass it as a get parameter to a web application:

Start URL: http://server/?realm=
Highlighted
Occasional Contributor

Re: Can you identify which realm a user has come from

Unfortunately the forum removed the angle brackets. Replace the [ ] by angle brackets:

http://server/?realm=[realm]
Highlighted
New Contributor

Re: Can you identify which realm a user has come from

Hi,

Thanks for your response werner1.

This worked but is there an alternative way of passing the realm other than via a URL Parameter as this can be changed by the user.

Thanks in advance for your help

Chris
Highlighted
Occasional Contributor

Re: Can you identify which realm a user has come from

Does your application rely on any Directory Groups (Active Directory, LDAP, etc? )

It may be best to have the application use something like that instead to display the correct information based on what group the user is in.
Highlighted
Occasional Contributor

Re: Can you identify which realm a user has come from

Under Web => SSO tab you can do a form POST to transmit the variable content to the web server. Or set a cookie. You could also use different folders on the webserver:

Start URL: https://webserver/[realm]/index.html

And in the web resource policy configure that each realm gets only access to the appropriate folder. This way the user could change the folder name in the URL, but would get access denied.