How to use LDAP query as a source in Windows SSO
You are using a Windows SSO authentication realm but you want the ProxySG appliance to query an LDAP source for authorization.
After you create a Windows SSO realm, you can use the Windows SSO Authorization tab to configure authorization for the realm.
Note: Windows SSO realms do not require an authorization realm. If the policy does not make any decisions based on groups, you do not need to specify an authorization realm.
You must have defined at least one Windows SSO realm (using the Windows SSO Realms tab) before attempting to set Windows SSO realm properties. If the message Realms must be added in the Windows SSO Realms tab before editing this tab is displayed in red at the bottom of this page, you do not currently have any Windows SSO realms defined.
1. Select Configuration > Authentication > Windows SSO > Authorization.
(To construct usernames, remember that the authorization username attributes is a string that contains policy substitutions. When authorization is required for the transaction, the character string is processed by the policy substitution mechanism, using the current transaction as input. The resulting string becomes the user's authorization name for the current transaction.)
c. By default, the LDAP FQDN is selected as the Authorization user name. Change this value if the user's authorization information resides in a different root DN. To use a different authorization name, de-select Use FQDN and enter a different name, for example:
Common Substitutions Used in the Authorization username Field
Related CLI Syntax to Configure Authorization Settings
SGOS#(config windows-sso realm_name) authorization realm-name authorization-realm-name
Rate this Page
Please take a moment to complete this form to help us better serve you.