Sun OpenSSO Enterprise 8.0 Administration Guide

Understanding Realms

A realm is the administrative unit for OpenSSO Enterprise. After OpenSSO Enterprise is deployed and configured, the default / (Top Level Realm) is created. The top-level realm is the root realm that, with the exception of bootstrapping information configured during installation, contains the configuration data for the OpenSSO Enterprise instance. The top-level realm can contain sub realms. Sub realms under the top-level realm can also contain sub realms. Information that can be defined in the top-level or a sub realm includes:

The hierarchy of a top-level and sub realms can be used to identify users and groups with different authentication and authorization requirements. For example, users in the Human Resources department have access to more sensitive data than other users in an organization. By creating a sub realm for Human Resources personnel, you can enforce an authentication chain that might include entering an LDAP user identifier and password followed by a token generated using a SafeWord card. On the other hand, users not defined in this sub realm might need only enter an LDAP user identifier and password to access their own personal profile. The use of sub realms should be restricted to either of the following scenarios: