Return user attributes from the Access Manager registry
Before performing an authorization decision, the Access Manager client retrieves user information or attributes from the Access Manager user registry.
A standard set of user attributes and other relevant information is compiled into an Access Manager credential. The following data are examples of the attributes in a credential.
- User group membership
- User distinguished name
- Access Manager UUID
- Access Manager client version
- IP address
When you configure the Access Manager client to return user attributes,
the attributes are returned to the AAA context as XML nodes in the postprocessing phase. The
<TAMAttributes>
node contains the attributes.<container>
…
<TAMAttributes>
<attributes>
<attribute>
<name>AZN_CRED_AUTHZN_ID</name>
<value>jdoe</value>
</attribute>
…
</attributes>
</TAMAttributes>