Hello Brian, First, Thank you for your reply.
To be more specific, here are some details: I am implementing a REST API (security app) that manages authentication and authorization of multiple applications (mainly web applications) with a local database to persist managed applications, users, groups, roles and permissions (roles and permissions are associated with a particular application) - User and Group entities have a "isDirectory" field that tells us if the user/group is created in our security app or is imported from a directory. When the user/group should be imported from a directory, there are other fileds that are required in the record (like the url, ...etc) to be able to connect to this AD instance. - For authentication purpose, one application may have to talk to multiple AD instances (not federated) [when a user/group isDirectory=true). The user can as well be created in my [local] security app database - If a user is an AD, some of its information will be loaded to the local database (like username and first name) - All authorization information (permissions) are created in my local security app database. That means that the authorization can only be performed against my local database Please let me know if it is clear. Regards -- Sent from: http://shiro-user.582556.n2.nabble.com/
