We use currently 2 type of authentification server in our compagny. First one is based on an LDAP and the second is an Active directory. On each authentifcation server, user have the same login but not always the same password (there is no sync between 2 systems).
We use SA 45000 to access our extranet web site (https://extranet.xxxx.zzzz.com). I would like to kwow, if for the same login page, we can use 2 differents authentification server (1st priority is to check in AD and 2eme is the LDAP). When user try to connect, he will enter his login (the same on both authentification) and the system check in AD if the password is correct and if not, the system check after on the LDAP directory ?
Is it possible ?
The current design allows for dual authentication servers (under realm you have to select the option 'Additional authentication server') however it does not allow for a fallback (try first auth sever and if it fails try secondary) the way your use case requires.
One workaround is to use custom sign-in pages and 2 realms (one with each auth server) Using custom sign-in pages framework you can customise the login page to trap error message for invalid login from first realm and then redirect browser to the second realm sign-in page.
When I add an additiinnal authentification server, I have on my sign-in page 2 section for loing et 2 section for password. Is-it normal ? And it's not poassible to have a sign-in page with only one login and one password section when we specify to use an additionnal authentification server ?
That is the default setting, however you can easily change. Below is from the helper text in the UI (admin guide should have more details):
"The additional credentials can be specified by the user on the sign-in page (the labels for these inputs are specified by the sign-in page), or they can be pre-defined below, in which case the user will not be prompted for the credential"