User mapping rules evaluator
The user mapping rules evaluator evaluates user mapping rules in the constraints that are required by the user mapping engine. A configuration file that you specify supplies the pre-configured rules to the authenticated user mapping module.
The user mapping rules evaluator sends the rule policy with the XML representation of the authentication request to the XSL processor for evaluation.
The input for the transformation is the XML version of the authentication request. XSL transformation rules decide how the Security Verify Access user name is mapped from the supplied user attributes information. Two inputs are used for decision making:
- The XML representation of the authentication request.
- The XSL rule, which determines how the XML is interpreted.
The output from the decision determines the Security Verify Access user identity and attributes.
| XML Element | Description | Example |
|---|---|---|
|
Contains the new user identity. The original user identity, as determined by the authentication module, is used if no identity container is provided. If an identity container is provided but the identity cannot be determined, it is an authentication error. An example of this situation is a failed LDAP search. |
|
|
Contains the name and value of an attribute that is added to the constructed
credential. You can supply multiple attributes in the response. Note: Use a unique
name for each attribute that you want to add to the user credential. If you add more than one
attribute with the same name in the XSLT rules, only one of the attributes with that name is added
to the user credential.
|
|
The value for the identity or attribute can either be a static string or an LDAP search query. The LDAP search query uses the following format:
<userreg base='%base%' attr='%name%'>%ldap-search-filter%</userreg>