Plan the mapping of user identities appropriate to your deployment.
Task overview:
A primary function of the Tivoli Federated Identity Manager trust service is the transfer of user identity information (credentials) between partners in a single sign-on federation. This transfer requires changing user identity information formats several times to move between formats local to each partner and the agreed token format for exchanging credentials.
The identity information transfer includes an identity mapping step where the user information is mapped from the structure provided by one credential or token type, into the required structure by another token type.
To complete this mapping step, choose one of the succeeding options:
Use of this module requires an understanding of the Tivoli Directory Integrator features and configuration. See the product documentation for Tivoli Directory Integrator.
Tivoli Federated Identity Manager provides a user interface for setting some configuration properties. See Tivoli Directory Integrator identity mapping module.
Building your own module that is tailored to the needs of the applications in your deployment is a development task. See Creating a custom mapping module.
If you choose to write an identity mapping rule, use the eXtensible Stylesheet Language (XSL), and save it to disk as an XSL file. When you create a federation, the federation wizard prompts you to supply the name of your mapping rule file. The wizard imports this file into the configuration for the federation.
You must create and save a mapping rule file before you create a federation.
The Tivoli Federated Identity Manager management console provides a Federation wizard that guides you through the configuration of a single sign-on federation. The wizard contains an Identity Mapping panel, which prompts the administrator to supply the name of an identity mapping rule file. The wizard imports the file, and uses it when building the configuration for the trust module chain that is specific to the federation.
The administrator must create the identity mapping file before using the wizard to configure the federation. The wizard panel expects that the administrator has created an eXtensible Stylesheet Language (XSL) file that describes identity mapping rules. The identity mapping rules are used to convert information that must move across the federation between the partners (identity provider and service provider). Each identity mapping rule must provide:
To write an identity mapping rule, you must understand: