Hi,
I have a customer who has an authentication requirement.There are two domains in his environment: domain A and domain B. The two domains are in a trust state.
Each user has a corresponding account in domainA and domainB. When The user uses domainA\XXXXX authentication,After the authentication is successful, CPPM needs to return VLAN X to the controller. When the user uses domainB\XXXXX authentication, after the authentication is successful, CPPM needs to return VLAN Y to the controller.
I created an authentication service on CPPM, and both domains are used as authentication source and authorization source,The eforment policy configuration is as follows:
1、
Authorzaion source:domainB member of contain XXXX
AND -------> VLAN X
Authorzaion Source equal DomainA
2、
Authorzaion source:domainB member of contain YYYYY
AND -------> VLAN Y
Authorzaion Source equal DomainB
During the test, I found that when I used domanB\xxx for authentication for the first time, after the authentication was successful, CPPM could successfully return VLAN Y to the controller. When I used domanA\xxx for authentication again, the CPPM still remained Return VLAN Y ,Not the VLAN X.the cache time of the two authentication sources has not been set to 0.
My question is in an authentication service, can CPPM automatically select the authentication source and the authorization source based on the domain name in the authentication request?How can I set up to meet the customer's authentication requirement?
------------------------------
tan xiaofeng
------------------------------