_service/sco/tta/thirdparty/ thirdparty-username. On the command line, the user identity is displayed as. In the SGD Administration Console, the user identity is displayed as third-party-username (3rd party). The user identity is always the third-party user name. This search method does not perform a search. If there is no match, the profile object System Objects/LDAP Profile is used for the user profile. A user profile in any parent organizational unit with the name cn=LDAP Profile.įor example, dc=com/dc=Indigo Insurance/cn=LDAP Profile.A user profile in the same organizational unit as the LDAP person object butįor example, dc=com/dc=Indigo Insurance/cn=Sales/cn=LDAP Profile.SGD searches the local repository for dc=com/dc=Indigo Insurance/cn=Sales/cn=Emma Rald. A user profile with the same name as the LDAP person object.įor example, if the LDAP person object is cn=Emma Rald,cn=Sales,dc=Indigo Insurance,dc=com,.SGD searches for the following until a match is found: Searching the local repository, allowing for differences between the LDAP and SGD naming systems. If Use Closest Matching LDAP Profile is selected, SGD establishes the user profile by If Use Default LDAP Profile is selected, the profile object System Objects/LDAP Profile is used for the user profile. You can specify Use Default LDAP Profile or Use Closest Matching LDAP Profile. In the SGD Administration Console, the user identity is displayed as LDAP-ID (LDAP). If a person object is found, that object is used for the user identity. If a person object is not found, the next search method is tried. Search is repeated on the uid (username) attribute, and finally on the mail (emailĪddress) attribute. This search method searches an LDAP directory for a person object with a cn (common name)Īttribute that matches the user name typed by the user. _ens/ user-profile Search LDAP Repository In the SGD Administration Console, the user identity is displayed as user-profile (Local). If a user profile is found, that object is used for the user identity and user profile. If no user profile is found, the next search method is tried. If there is no match, the search is repeated on the Login Name attribute, and finally on the Email Address attribute. This search method searches the local repository for a user profile with a Name attribute that matches the user's third-party user name. Third-party authentication does not support ambiguous users and so the first match found is used. If more than one search method is enabled, the methods are tried in the order they are listed above. SGD supports the following search methods for establishing the user identity and user profile: SGD displays the standard login page so that the user can log in using system authentication. If the searches do not produce a match, SGD cannot establish an identity for the user and the user cannot log in. Next SGD performs a search to establish the user identity and user profile (see the following section). SGD trusts that the third-party mechanism has authenticated the user correctly and so they are authenticated to SGD. Third-party authentication is based on trust. The user types in a user name and password directly to the external mechanism, typically using their web browser's authentication dialog. Third-party authentication is disabled by default. If you develop your own webtop applications using the SGD web services, you can use any third-party authentication mechanism. If you are using the SGD webtop, the only form of third-party authentication you can use is web server authentication. Third-party authentication allows users to log in to SGD if they have been authenticated by an external mechanism. > Third-Party Authentication Third-Party Authentication Overview Secure Global Desktop 4.40 Administration Guide
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |