SSO Help

An Online Community for Identity & Access Management Professionals

Ramon Garcia
Ramon Garcia
  • Cincinnati, OH
  • United States
Share on Facebook Share on Facebook Share Twitter

Ramon Garcia's Discussions

Siteminder and LDAP Groups
7 Replies

Hi, new member here. We use Siteminder for most of our applications and we are starting to run into some issue with group membership, nested groups and http headers. Some of our apps get group…Continue

Started this discussion. Last reply by Dhruv Jan 13.

 

Ramon Garcia's Page

Latest Activity

Profile Icon
Dhruv replied to Ramon Garcia's discussion 'Siteminder and LDAP Groups'
Agreed!!, in fact I had the same problem and took some time to figure it out.
Jan 13
Profile Icon
Trever M. Shick replied to Ramon Garcia's discussion 'Siteminder and LDAP Groups'
This was definitely the problem.  I was using an active expression and calling UserContext.getProp(String).  Apparently the default buffer size is 100. The API on this is really bad I have to say.  If SM is going to truncate data it…
Oct 26, 2011
Profile Icon
Darren Spach replied to Ramon Garcia's discussion 'Siteminder and LDAP Groups'
Dhruv, I'm sorry I missed your post, I just saw it now as I was reading Trever's.   Dhruv, the first thing I think of when it's an Active Expression is the buffer size.  Are you sure you set it large enough?  Increase…
Oct 26, 2011
Profile Icon
Trever M. Shick replied to Ramon Garcia's discussion 'Siteminder and LDAP Groups'
Did you get an answer to this. I think it's happening to me as well (the truncation of SM_USERGROUPS)
Oct 25, 2011
Profile Icon
Dhruv replied to Ramon Garcia's discussion 'Siteminder and LDAP Groups'
Hi Darren   I'm experiencing the same issue here, my plan was to create an active expression in siteminder get the SM_USERGROUPS values and then browse thru the groups and only select the groups which the application requires and set that…
Aug 25, 2011
Profile Icon
Ramon Garcia replied to Ramon Garcia's discussion 'Siteminder and LDAP Groups'
Darren, Thank you for the reply. I think option 1 is out of the question because of the large number of groups involved and the way the application itself authorizes the user for specific resources based on group membership. Having to create 50…
Sep 10, 2009
Profile Icon
Darren Spach replied to Ramon Garcia's discussion 'Siteminder and LDAP Groups'
Hi Ramon, The problem you are seeing is quite common. Quite often SM_USERGROUPS and SM_USERNESTEDGROUPS grow to a size where the header becomes too large, and even worse, the expense on your LDAP becomes unacceptable. But most customers do not like…
Sep 10, 2009
Profile Icon

Siteminder and LDAP Groups

Hi, new member here. We use Siteminder for most of our applications and we are starting to run into some issue with group membership, nested groups and http headers. Some of our apps get group membership for the authorized user in an http header and some of our users are members of a large number of groups. How do you deal with situations like that? Stop returning groups in a header and make direct calls to the user directory from the app? Any other options in Siteminder?Thanks,RamonSee More
Discussion posted by Ramon Garcia Sep 9, 2009
7 Comments
Profile Icon
Ramon Garcia is now a member of SSO Help Sep 9, 2009
Welcome Them!

Comment Wall

You need to be a member of SSO Help to add comments!

Join SSO Help

  • No comments yet!
 
 
 

CoreBlox Blog

Todd’s Travel Tips: The Credit Card

Configuring OpenLDAP as a SiteMinder Policy Store

Radiant Logic Blog

Matt Flynn's IDM Blog

Finding & Closing Open File Shares

Is the era of Identity Management behind us?

Access Governance Continuum

IdentityStuff

Don' Mess with Texas, unless you are the FBI...

Backstopp - The Morning After Pill for Identity Management?

Ash's IdM Rantings

Identropy Reviews Cutting Identity Management Operating Costs

Regarding a Potential Way Forward for SPML

IAM Failures...Product or Services?

Burton Group: Identity Mgt Blog

This Thing is OFF (in a good way). BONUS: Catalyst SPML SIG

Catalyst Europe is Coming Up Fast!

SPML: Life Support Redux

IdM Thoughtplace

Calling all Dispatchers

Tutorial Follow up

Cutting the Gordian Provisioning Knot

Identity Thought Stream

F*** it, I'm lighting 100 candles - Entitlement Management 2012

Book Review - Grouped

IBM Dropping Tivoli Brand from IAM Suite

Jackson's Identity Management & Active Directory Reality Tour Travelblog

Looking for a federation expert!

Multifactor Authentication for Dummies

SCIM, PEX and what the parrot saw

Discovering Identity

© 2012   Created by CoreBlox

Badges  |  Report an Issue  |  Terms of Service