Enable CA SSO User Assertion
The Enable CA Single Sign-On User assertion lets you enable a user account in CA SSO user directory.
gateway93
The
Enable CA Single Sign-On User
assertion lets you enable a user account in CA SSO user directory.Using the Assertion
- Do one of the following:
- To add the assertion to the Policy Development window, accessAssertionstab,Policy Assertions,Access Control Assertionsand drag and drop theEnable CA Single Sign-On Userassertion into the policy development window.
- To change the configuration of an existing assertion, proceed to step 2 below.
- When adding the assertion, theEnable CA Single Sign-On UserPropertiesautomatically appear; when modifying the assertion, right-clickEnable CA Single Sign-On Userin the policy window and selectEnable CA Single Sign-On UserPropertiesor double-click the assertion in the policy development window.The assertion properties are displayed.
- Configure the properties as follows:SettingDescriptionConfiguration NameSpecifies the CA Single Sign-On Configuration to use. This configuration is defined using the Manage CA Single Sign-On Configurations task.Domain Object IDSpecifies the object ID of the domain. This value can be set to${<prefix>.smcontext.realmdef.domoid}, which is set by the Check Protected Resource Against CA Single Sign-On Assertion.UsernameSpecifies the username.
- ClickOK.
Context Variable
If the assertion fails to enable the user's account, it sets the following context variable:
Context Variable | Type | Description |
reasonCode | integer | Specifies the enable user failure reason code that is returned from CA SSO. |
The
reasonCode
context variable is set only if SmDmsUser#setEnable()
method in DMS API fails. If the assertion fails for any other reason (that is, it cannot connect to CA Policy Server, it cannot find user in user directory, and so on), the reasonCode
context variable is not set.