Best Practice Guide for Datastore Split Profile Configuration

Follow
    Applies to:
  • Legacy SecureAuth IdP
Deployment model:
  • On Premises
  • SecureAuth IdP Version Affected:  All

    Description: When using Split Profile Providers, this configuration allows for our code to handle errors and bad data more appropriately. If you are unsure how to normally set up a Datastore, please take a look at https://docs.secureauth.com/display/91docs/Data+Tab+Configuration which covers the Data Tab overall.

    Cause: Data coming from more than one source can cause the profile attributes to trip over each other if set up incompatibly. The way that we want to configure it would be to allow for a more uniform profile provider attribute mapping.

    Resolution: You may use whichever Datastore Types for Membership Connection Settings and Profile Provider Settings that fits your use case. However, for this example, we will be using 'Active Directory' for Membership Connection Settings and 'SQL Server' for Profile Provider Settings.

    1. Go to the Data tab. Set up the Membership Connection Settings, in this case 'Active Directory', as you would normally and be sure to test that it works.

     

    2. Under Profile Provider Settings change Same As Above to 'False' and change Default Profile Provider to 'SQL Server' then save.

     

    3. Below Profile Connection Settings under Datastore Type, set Data Server to 'SQL Server'. Configure 'SQL Server' Datastore Type and then test to make sure that it works. Save your working configuration.

     

    4. Change the Data Server from 'SQL Server' back to 'Directory Server' and configure the 'Directory Server' Datastore Type to reflect your Membership Connection Settings, but it may already be configured properly by default. Test and save.

     

    Leave it like this.

    In the end, you want your Membership Connection Settings and Profile Connection Settings to be mapped to the same Directory Server. The Profile Provider Settings will still be able to use 'SQL Server' as the Default Profile Provider because the settings are still in place in the web config. We will have configured both the 'SQL Server' and 'Active Directory' setups for the Profile Connection Settings.

     

    SecureAuth Knowledge Base Articles provide information based on specific use cases and may not apply to all appliances or configurations. Be advised that these instructions could cause harm to the environment if not followed correctly or if they do not apply to the current use case.

    Customers are responsible for their own due diligence prior to utilizing this information and agree that SecureAuth is not liable for any issues caused by misconfiguration directly or indirectly related to SecureAuth products.

    0 out of 0 found this helpful

    Comments

    1 comment
    • the pics are not displayed.. 

      0
      Comment actions Permalink

    Please sign in to leave a comment.