Sample user mapping rule

<?xml version="1.0" encoding='UTF-8'?> 

<xsl:stylesheet xmlns:xsl="http://www.w3.org/1999/XSL/Transform" 
xmlns:stsuuser="urn:ibm:names:ITFIM:1.0:stsuuser" version="1.0"> 

<!-- Required to constrain output of rule evaluation --> 
<xsl:output method="xml" omit-xml-declaration="yes" encoding='UTF=8' indent="no"/> 

<!-- Need this to ensure default text node printing is off --> 
<xsl:template match="text()"></xsl:template> 

<!-- Let's make it easier by matching the constant part of our XML name --> 
<xsl:template match="/XMLUMI/stsuuser:STSUniversalUser/stsuuser:AttributeList"> 
 <attribute name='method'><xsl:value-of select="stsuuser:Attribute
 [@name='method']/stsuuser:Value"/></attribute> 
 <attribute name='user_email'><userreg base='dc=iswga' attr='email'>
 (cn=<xsl:value-of select="stsuuser:Attribute[@name='username']/stsuuser:Value"/>)
 </userreg></attribute> 
 <identity><userreg base='dc=iswga' attr='dn'>
 (cn=<xsl:value-of select="stsuuser:Attribute[@name='username']/stsuuser:Value"/>)
 </userreg></identity> 
</xsl:template> 

</xsl:stylesheet> 

The first attribute method contains the method that was used for authentication. This information is extracted from the XML representation of the authentication data.

The second attribute that the rule adds to the user credential is user_email. This attribute is populated by a user registry search. A search is performed, where the CN in the user registry is matched against the supplied user name. The email attribute is then returned for the matched user.

An LDAP search is also performed, where the CN in the user registry is matched against the supplied user name. The dn attribute of the matched user is then used as the Security Verify Access user identity.