The following points apply for a multi-realm environment and where one of the realms is the ini realm: A) When the SOS Authenticator is used with the First Successful strategy: - If the authorization occurs through the ini realm then the user account will only be assigned the roles specified for the ini realm. The LDAP realm(s) will be ignored.
- If the authorization occurs through an LDAP realm then, regardless of whether or not the same password is used in each realm:
- The user account will be assigned the role(s) specified for the account in the (first) authorizing realm.
- The user account will also be assigned the role(s) specified for the account in the ini realm.
- This behavior ensures that a login is possible in the event of problems with the LDAP realm(s).
- The order in which the realms are specified in the
securityManager.realms parameter will not be is not significant here. - The ldap.roleAssignmentFromIni=false setting (default true) can be used to modify the behavior of the First Successful strategy so that roles from the ini realm are not assigned.
B) When using the At Least One SuccessfullSuccessful strategy: C) When using the All SuccessfullSuccessful strategy: |