Updating mapping rules when enabling OIDC

Edit online

You can update the default mapping rules for OIDC to enable and customize mapping actions.

About this task

Verify Identity Access provides mapping rules for use with OAuth 2.0 and OIDC deployments. You can access these files from the File Downloads section of the LMI. You can then update these files as appropriate for your deployment.

For Version 9.0.4, Verify Identity Access supports new OIDC request types, as described in the following table.

Table 1. New request types
Request type Associated endpoint Description
userinfo https://server.oauth.com/mga/sps/oauth/oauth20/userinfo See OAuth 2.0 endpoints and OIDC Claims customization
revoke https://server.oauth.com/mga/sps/oauth/oauth20/revoke See OAuth 2.0 endpoints and OAuth revocation endpoint
introspect https://server.oauth.com/mga/sps/oauth/oauth20/introspect Support for introspect was added in Version 9.0.3.See OAuth 2.0 endpoints and OAuth introspection

Procedure

  1. In the LMI, go to System > File Downloads
  2. Expand either federation > examples > mapping rules or access_control > examples > mapping rules
  3. Select one or more of the following files and click Export.
    • oauth_20_pre_mapping.js
    • oauth_20_post_mapping.js
  4. Edit the mapping rule as appropriate for your deployment.
  5. Import the revised mapping rule into your OIDC API Protection definition.
    1. Select either AAC > Policy > OpenID Connect and API Protection or Federation > Manage > OpenID Connect and API Protection.
    2. Select the Mapping Rules sub-menu.
    3. Click Import to add a new mapping rule. Or, to use an edited mapping rule to replace an existing mapping rule, highlight the existing mapping rule and click Replace.