- > login another Org with logut ! :<

I do not understand your question completely.

Do you want to login into both orgs at the same time? Or do you want a automatic logout from org A when you are logging in at org B?

Be logged in in both orgs using the same Access manager can cause a problem because your session is identified by one cookie called iPlanetDirecoryPro.

robert@javixa at 2007-7-10 3:47:15 >

I dont see how federation will help - even if you have mulitple IDPs, you are still authenticated to a single realm.

Can you explain what you are trying to achieve by authenticating to multiple realms? Perhaps there is another way of achieving your goal.

Regards,

-Jonathan

:-)

jonathan.scuddera at 2007-7-10 3:47:15 >

I don't think this is unreasonable behavior. Consider two sub organizations of Company, HR and IT. By simply authenticating into the IT org one should not automatically be a member of HR and be treated as such!

One solution would be to use SAML between the two organizations. This should work without issue if the two separate organizations have two separate AM/Portal instances running with two different cookie names so the sessions would be completely independent. If this needs to be done in the same AM/Portal instance, I don抰 think there is an easy way. To my knowledge, an AM session only has a single organization value and mapping an ID from one organization/Realm to another requires mapping logic which is non-trivial now that AM 7 supports multiple data stores.

Aaron_Andersona at 2007-7-10 3:47:15 >