Is it possible to set one User Name maping as the primary session, which should override others in the event that multiple matches are observed? Is this done strictly by the order of rule processing as long as rules are defined globally and not at the SWS level?
How are others handling implementations of Oracle Identity Manager, or RSA Single Sign On, etc.
Gavin from support shed some light on this for me today in case 652. It is possible to define a hierarchy for applying a userID based on the name of the UserID Policy. He advised that exact match Policy names can apparently map a session token to a different username on any software service, as long as there is continuity with the session token. I wasn't sure this was possible, apparently CAS can do it and I'm trying it out now.
That's exactly as Gavin said in.
We support SSO scenario as long as: