Topic
  • 7 replies
  • Latest Post - ‏2013-01-02T16:48:40Z by PullMeOut
SystemAdmin
SystemAdmin
6772 Posts

Pinned topic AAA: Authorization for two users.. What is best option?

‏2012-12-19T07:40:24Z |
Hi
I need to perform Authorization for 2 users; my Question here is what will be the best approach?
1) Use AAA action twice
2) Use loop to pass IDs twice to a single AAA action
3) or is there any there convenient option/ action?

Please let me know what should be the approach.
Updated on 2013-01-02T16:48:40Z at 2013-01-02T16:48:40Z by PullMeOut
  • SystemAdmin
    SystemAdmin
    6772 Posts

    Re: AAA: Authorization for two users.. What is best option?

    ‏2012-12-19T13:53:54Z  
    You can perform authorization for any number of users with a single AAA action. Do you need 2 different authorization types? What's your usecase?
  • PullMeOut
    PullMeOut
    47 Posts

    Re: AAA: Authorization for two users.. What is best option?

    ‏2012-12-19T16:02:07Z  
    Why you need authorization for 2 users , I don’t think for one request you need to perform authorization for 2 users , I think you will get 2 different request where both the request contains different users , in this case it is just one authorization , you are not doing 2 user authorization , no need to implement loop

    If my assumption is correct this is what you should be going

    I need to perform Authorization for 2 users; my Question here is what will be the best approach?
    1) Use AAA action twice
    Just one AAA action
    2) Use loop to pass IDs twice to a single AAA action
    No need , you still doing validation for one user if my above assumption is correct .

    3) or is there any there convenient option/ action?
    Step 1 holds good
  • PullMeOut
    PullMeOut
    47 Posts

    Re: AAA: Authorization for two users.. What is best option?

    ‏2012-12-19T16:28:42Z  
    • PullMeOut
    • ‏2012-12-19T16:02:07Z
    Why you need authorization for 2 users , I don’t think for one request you need to perform authorization for 2 users , I think you will get 2 different request where both the request contains different users , in this case it is just one authorization , you are not doing 2 user authorization , no need to implement loop

    If my assumption is correct this is what you should be going

    I need to perform Authorization for 2 users; my Question here is what will be the best approach?
    1) Use AAA action twice
    Just one AAA action
    2) Use loop to pass IDs twice to a single AAA action
    No need , you still doing validation for one user if my above assumption is correct .

    3) or is there any there convenient option/ action?
    Step 1 holds good
    to make it simple

    give both the users in one AAA policy , since each request contains different users , AAA plociy will scan the request based on the user . When John send the message it looks for john in AAA policy , if Mary send the request it looks for mary in AAA policy you can give as many users you want in AAA policy , there will not be a situtation where you need to scan for 2 users in one request ,no need to play around looping in AAA
  • SystemAdmin
    SystemAdmin
    6772 Posts

    Re: AAA: Authorization for two users.. What is best option?

    ‏2012-12-20T01:58:26Z  
    Thank you very much for your response.

    As an example, consider case:
    Each time new person coming office premises with help of one security officer.
    so there are 2 user IDs in one request. If both gt authorized with AD/LDAP then only that request has to be passed fwd.

    So please suggest me how can I authorize 2 different users in a single request using one AAA?
  • PullMeOut
    PullMeOut
    47 Posts

    Re: AAA: Authorization for two users.. What is best option?

    ‏2012-12-20T03:37:35Z  
    Thank you very much for your response.

    As an example, consider case:
    Each time new person coming office premises with help of one security officer.
    so there are 2 user IDs in one request. If both gt authorized with AD/LDAP then only that request has to be passed fwd.

    So please suggest me how can I authorize 2 different users in a single request using one AAA?
    ok ,need some more info . what method you are trying to use , SFTP or HTTPS .
  • SystemAdmin
    SystemAdmin
    6772 Posts

    Re: AAA: Authorization for two users.. What is best option?

    ‏2012-12-23T07:06:27Z  
    Sorry for delayed response.
    I am using HTTP & Mutual auth HTTPs (Dev & PROD environment respectively).
  • PullMeOut
    PullMeOut
    47 Posts

    Re: AAA: Authorization for two users.. What is best option?

    ‏2013-01-02T16:48:40Z  
    Sorry for delayed response.
    I am using HTTP & Mutual auth HTTPs (Dev & PROD environment respectively).
    You can define a custom template , in the template do validation for both the users ( i,e. add a condition in xsl looking for both the users before allowing the message to parse).