attribute_pattern

Use the attribute_pattern stanza entry to control the attributes that WebSEAL accepts from the incoming CDSSO authentication token.

Syntax

attribute_pattern = {preserve|refresh}

Description

Attributes to accept from incoming CDSSO authentication tokens.

The attributes typically match those attributes declared in the [cdsso-token-attributes] stanza for the WebSEAL server in the source domain.

The attribute_pattern can be either a specific value or can be a pattern that uses standard Security Access Manager wildcard characters (*, [], ^, \,?).

The order of attribute_pattern entries is important. WebSEAL uses the first entry that matches the attribute. Other entries are ignored.

Options

preserve: Attributes matching a preserve entry, or matching none of the entries, are kept. If no entries are configured, then all attributes are kept.

refresh: Attributes in CDSSO authentication tokens that match a refresh entry are removed from the token. These attributes are removed before the CDMF library is called to map the remote user into the local domain.

Usage

This stanza entry is optional.

Default value

None.

Example

my_cred_attr1 = preserve