This discussion is archived
0 Replies Latest reply: Nov 13, 2012 11:06 AM by 974030 RSS

External Authorization with OpenAM (SSO)

974030 Newbie
Currently Being Moderated
Hello.

I am learning OpenSSO/AM on the job, so please forgive my ignorance.

We have a product that uses OpenSSO for both authentication and authorization by connecting to a local LDAP (OpenLDAP) database. We are able to configure this product to use an external LDAP database for authentication instead if desired.

What we are trying to do is also perform authorization using an external LDAP database. When authorizing a user, we'd like to be able to check both the local LDAP database and the external LDAP database for the user's permissions. A user may be configured in either the local or external (or both) databases. We were thinking that in the case of a conflict (e.g. user exists in both databases with different groups), then the superset of groups would be used, but this isn't a necessity if it is not feasible.

Does OpenSSO/AM have such a capability? If so, is there any documentation on how to configure it?

Thanks so much!

Chris

Legend

  • Correct Answers - 10 points
  • Helpful Answers - 5 points