SSO between 2 disparate environments.

Document ID : KB000051039
Last Modified Date : 14/02/2018
Show Technical Document Details

Description:

Requirement: Enable Sing Sign-On between 2 different environment (see below) in both direction, meaning an user authenticated on the first environment should be able to access an application protected by the second environment without being prompted for credentials again. The contrary must be also true.

Environment 1:

Policy Server R12 SP2

Environment 2:

IM 8.1 / Policy Server 6 SP5

User Stores: Active Directory (AD 2003)
Environment 2 is linked to an AD (External Users) and Environment 2 is linked to an AD with internal users and an AD with external users.

Web Agent version:

Both R12 and 6 SP5 CR35

Web Server:

OAS and ASF Apache 2.2.x

Solution:

You need to:

  • Share a KeyStore R6, which is readable by both SiteMinder R6 and R12 Policy Server.
  • Configure the Authentication and Validation Directory Mapping between the User Directory on SiteMinder r12 and User Directory on SiteMInder r6 (if they have different names).