Authentication Service Credential mapping rule (Federation)

The Authentication Service Credential mapping rule is JavaScript code used to customize the information that is contained in the user credential. During authentication, the Authentication Service gathers information about the authenticated user, including attributes associated with the user ID. After successful authentication, the Authentication Service provides this information to the Authentication Service Credential mapping rule. The main task of the mapping rule is to modify or add attributes to the user information before it is used to generate a credential.

Customizing the mapping rule is an advanced way to customize the credential. To specify basic credential attributes, use an authentication policy and the Credentials panel in the local management interface instead of creating a custom mapping rule. See Create an authentication policy.

If we write our own mapping rule and use it to replace the existing rule, be aware of the following considerations:

• Credential attributes are string values. For example, user names and lists of groups are string arrays.
• Do not use spaces, commas, or colons in credential attribute names. Use alphanumeric characters.

The sample mapping rule provides more descriptions about considerations for writing our own mapping rule. A default AuthSvcCredential mapping rule is provided. To review the rule:

1. Log in to the local management interface.

2. Click...
   AAC > Authentication > Advanced > AuthSvcCredential >

3. Choose a location and save the file.

To review an example of a customized credential mapping rule:

1. Log in to the local management interface.

2. Click...
   System > File Downloads > access_control > examples > > mapping_rules

3. Select authsvc_credential.js.

4. Click Export to download the file.

If we create our own rule, use it to replace the existing rule. See the replacement instructions in Manage mapping rules.

Parent topic: Manage JavaScript mapping rules