Realm w/ secondary auth: Always fail primary auth ...

jeronimo · ‎11-29-2018

When a user does not have a role mapping (i.e. cannot sign in) and the realm is configured with a secondary authentication server, then primary authentication can be successful even though the user will never be able to finally log in.

Is it possible to check the role mapping after first authentication and make it artificially fail (if it was successful) since the user will never be able to log in anyway?

Thanks.

zanyterp · ‎02-11-2019

No

jeronimo · ‎02-11-2019

Why?

zanyterp · ‎02-13-2019

I do not think that is a use case or option that has been presented to the product team; I would definitely recommend asking your account team to talk to PLM about adding this as a feature to optionally do an attribute check between authentications.

At this time, the flow is designed to do the following:
- check if the user exists with proper credential on the primary authentication server
- check if the user exists with proper credential on the secondary authentication server
- check attributes (authorization) received from both authentication servers against the values defined for role mapping
- assign roles, or reject login, based on what was determined during the authorization stage

Realm w/ secondary auth: Always fail primary auth if user not defined in Role Mapping anyway?

Realm w/ secondary auth: Always fail primary auth if user not defined in Role Mapping anyway?

Re: Realm w/ secondary auth: Always fail primary auth if user not defined in Role Mapping anyway?

Re: Realm w/ secondary auth: Always fail primary auth if user not defined in Role Mapping anyway?

Re: Realm w/ secondary auth: Always fail primary auth if user not defined in Role Mapping anyway?