One of the things that I rarely see implemented in ACS 5.x are Identity Groups. This is an incredibly powerful tool that can be implemented in almost every ACS installation. It's one of those things that is really useful when dealing with failover, multiple identity stores, etc.
I was reminded how powerful this is when I received a call from a customer who's entire wireless and VPN environment was down due to issues with their ACS box. The root cause? All of the domain controllers were having issues. Sadly, LDAP was still functioning, but they had never tested the LDAP integration and it didn't work.
For those that do implement multiple identity stores, what I usually see is a HUGE list of Authorization rules for each combination of Group and Store. This gets really nasty when trying to troubleshoot why you are getting a particular undesired result.
Here I will be showing how to authenticate against multiple identity stores in order to deal with the failure of AD, LDAP and finally roll to internal users.
Showing posts with label Identity Groups. Show all posts
Showing posts with label Identity Groups. Show all posts
Friday, September 13, 2013
Subscribe to:
Posts (Atom)