Non-Windows: Permission check when System Login and SSO User are different

The described configuration procedure (non-Windows) yields the sso_permissions.xml file implementing a case-sensitive permission check; this is desired when all involved System Login / SSO User pairs consist of identical strings. However, if for one or more of the application users the SSO User differs from the System Login, the sso_permissions.xml file must be extended with a specific entry for each such user.

For example, if an application user with System Login ‘jdoe’ is associated to SSO user ‘JRDoe’, the sso_permissions.xml file must have these contents:

<?xml version="1.0"?>
<SingleSignOn>
  <impersonations sso_location="STS">
    <impersonation os_user="*">
      <sso_user name="+"/>
    </impersonation>
    <impersonation os_user="jdoe">
      <sso_user name="JRDoe"/>
    </impersonation>
  </impersonations>
</SingleSignOn>

Additional entries such as the one for ‘jdoe’ must be specified as needed.