|Applies To||RSA ClearTrust 4.6 agent for Domino 6.5.x |
RSA Access Manager 4.8 agent for Domino 7.0.2
|Issue||AxM - Domino agent querying "FEDERATED_IDENTITIES" table|
SQL logs show the following select queries for user mapping between ClearTrust and domino user ids. In this setup the RSA ClearTrust and Domino IDs are the same(matching). Is it possible to eliminate the unnecessary lookups?
|Cause||The native functionality of Domino Web Server enforces authentication against the Domino user ID to control access to all resources, even when the RSA ClearTrust Agent is installed.|
To prevent redundant user authentication by both Domino and RSA ClearTrust, you must either use matching Domino and RSA ClearTrust IDs, or map the RSA ClearTrust user name to the Domino user ID.
Matching/Mapping settings are controlled by the parameter cleartrust.agent.domino.retrieve_dominouserID in webagent.conf. The Agent retrieves a mapped Domino user ID only if the user authenticates successfully and this parameter is set to true.
|Resolution||If ClearTrust and Domino use matching IDs, the unnecessary mapping lookups can be eliminated by setting cleartrust.agent.domino.retrieve_dominouserID=False|
|Legacy Article ID||a46446|