Map a SAML 1.1 token to a local user identity
We can map a SAML 1.1 token to a local identity for a service provider.
A service provider consumes a SAML 1.1 token that is issued by an identity provider. It generates the local identity of the user based on a SAML 1.1 token. We can customize how a SAML 1.1 token is converted into the local identity of the user using a mapping rule.
Security Verify Access first converts a SAML 1.1 token to an STS Universal User. It then converts this STS Universal User into another STS Universal User using a mapping rule that you provide. After that, it converts the latter STS Universal User to a local identity of the user.
Your mapping rule does not operate directly on the local identity or SAML 1.1 token. Instead, it operates on the STS Universal User. Any modifications that you make on the STS Universal User impacts the output local identity of the user.
Parent topic: Customizing SAML identity mapping