Specifying Scheme Order
When using multiple security schemes based on the client’s IP address, the order the security realms are specified in must be the same for all IP addresses. The default ordering is specified by the mks.security.policy.scheme.default setting. For example, if the default ordering is the following:
mks.security.policy.scheme.default=windowsSSO_clear,windows_clear,
mksdomain_clear
then the following scheme orders are valid:
mks.security.policy.scheme.10.0.8.24=windowsSSO_private, windows_private,
mksdomain_private
mks.security.policy.scheme.10.0.8.25=windowsSSO_clear, mksdomain_clear
mks.security.policy.scheme.10.0.8.26=windows_private, mksdomain_private
but the following scheme orders are not valid:
mks.security.policy.scheme.10.0.8.14=mksdomain_private, windows_private,
windowsSSO_private
mks.security.policy.scheme.10.0.8.15=mksdomain_clear, windowsSSO_clear
mks.security.policy.scheme.10.0.8.16=windows_private, windowsSSO_private
If the default scheme does not contain the complete list of security realms, then you must use the mks.usersDomain property to specify the order. For example, the following is a valid combination of settings:
mks.usersDomain=ads,mksdomain
mks.security.policy.scheme.default=windowsSSO_clear, mksdomain_clear
mks.security.policy.scheme.10.0.8.24=windowsSSO_private,windows_private,
mksdomain_private
Specifying the security realm order also resolves potential issues if the same user is defined with an identical user name in more than one security realm. The user is authenticated from the security realm that appears first in the list.