Managing mapping rules

The mapping rules are JavaScript code that run during the authentication flow. Use the rules to customize the authentication service and the one-time password generation, delivery, and verification.

Before you begin

Attention: Use extreme care when you replace mapping rules. Any change that you make to a mapping rule can affect the entire runtime environment. Always export a copy of the original rule you plan to replace so that you have a backup copy.

About this task

You can customize several components through JavaScript code. For example, you can customize the Authentication Service to modify the content of user credential by modifying the AuthSvcCredential mapping rule.

The JavaScript code is run by the Rhino JavaScript engine. Your JavaScript code must conform to JavaScript 1.7. Your JavaScript code is not run under a browser environment. Therefore, you cannot use objects and functions that are available only in a browser environment. You can, however, use standard JavaScript objects (such as Math) and functions (such as parseInt). In addition, your JavaScript code can use white-listed Java classes, which you might need so that you can use operations that are not supported by standard JavaScript functions. You can find the list of these Java classes at JavaScript whitelist. To find out more about using Java classes in JavaScript, see the Rhino documentation https://developer.mozilla.org/en/docs/Rhino.

Procedure

  1. Log in to the local management interface.
  2. Click Secure Access Control or Secure Federation.
  3. Under Policy, click Authentication.
  4. Click Advanced.
  5. Take one of the following actions:
    View a mapping rule:
    1. Select a mapping rule.
    2. Click View. The View Mapping Rule panel opens. The content of the mapping rule is displayed.
    3. Click OK to close the panel.
    Export a mapping rule:
    1. Select a mapping rule.
    2. Click Export.
    3. Choose a location and save the file.
    Replace a mapping rule:
    Use an existing mapping rule as the basis for the updated mapping rule.
    Attention: When you replace this file, an error in the JavaScript source might be found immediately after it is replaced or it might not be found until the file is run.
    1. Select a mapping rule that you want to replace.
    2. Click Import. The Replace Mapping Rule panel opens.
    3. Click the field or the Browse button and select a file.
      Attention: The name of the mapping rule cannot be replaced. The name of the uploaded file is ignored.
    4. Click OK to upload the mapping rule.

What to do next

When you replace a mapping rule, the appliance displays a message that there are undeployed changes. Deploy the changes when you are done. For more information, see Deploying pending changes.
Parent topic: Authentication
Parent topic: Mapping rules