Showing results for 
Search instead for 
Did you mean: 

Weird role mapping behaviour

Not applicable

Weird role mapping behaviour

Hi I'm currently struggling with some weird behaviour regarding the role mapping. I'm running a cluster of two SA-4500 6.5 R6 and have the following role mapping configured in one of the realms: First rule matches for all users beginning with let's say abcxyz*, no stop flag set providing SharePoint access. Afterwards there are user-specific rules with stop flag. And at the bottom I have a rule which matches all users beginning with abc* providing Citrix access. So if a user, say abcxyz_1 connects he should get SharePoint and Citrix. This also gets confirmed by the troubleshooting simulation. However if a user that has no specific rule matching for him, he won't get the Citrix access if he already received SharePoint. If there's a rule configured for this account it will however match and the user will get both permissions. This seems strange to me as the simulation states otherwise. Any ideas? Thanks in advance.
Respected Contributor

Re: Weird role mapping behaviour

If you are not using system local for authentication, simulation does not give accurate measurement. What does the policy trace show for why Citrix didn't match?