Map of user names from multi-domain Active Directory registries
By default, when WebSEAL is mapping user names to certain user registries, it truncates the user names that are provided by Kerberos authentication. Using truncated user names can cause name resolution conflicts if the same name is in multiple domains. However, we can control whether WebSEAL truncates the user name.
- User name formats from differing user registries
WebSEAL maps the user name the Kerberos authentication process provides to the ISAM user registry. This mapping process depends on the type of user registry.- Setup for user name truncation handling
We can use the Use Domain Qualified Name check box in the Authentication tab of the Reverse Proxy management page to control whether or not WebSEAL truncates the user name received from Kerberos authentication.
Parent topic: Windows desktop single sign-on concepts