Updating mapping rules when enabling OIDC

You can update the default mapping rules for OIDC to enable and customize mapping actions.

About this task

Security Verify Access provides mapping rules for use with OAuth 2.0 and OIDC deployments. You can access these files from the File Downloads section of the LMI. You can then update these files as appropriate for your deployment.

For Version 9.0.4, Security Verify Access supports new OIDC request types, as described in the following table.

Request type	Associated endpoint	Description
userinfo	https://server.oauth.com/mga/sps/oauth/oauth20/userinfo	See OAuth 2.0 endpoints and OIDC Claims customization
revoke	https://server.oauth.com/mga/sps/oauth/oauth20/revoke	See OAuth 2.0 endpoints and OAuth revocation endpoint
introspect	https://server.oauth.com/mga/sps/oauth/oauth20/introspect	Support for introspect was added in Version 9.0.3.See OAuth 2.0 endpoints and OAuth introspection

Procedure

1. In the LMI, go to System > File Downloads
2. Expand either federation > examples > mapping rules or access_control > examples > mapping rules
3. Select one or more of the following files and click Export.
   • oauth_20_pre_mapping.js
   • oauth_20_post_mapping.js
4. Edit the mapping rule as appropriate for your deployment.
5. Import the revised mapping rule into your OIDC API Protection definition.
   1. Select either AAC > Policy > OpenID Connect and API Protection or Federation > Manage > OpenID Connect and API Protection.
   2. Select the Mapping Rules sub-menu.
   3. Click Import to add a new mapping rule. Or, to use an edited mapping rule to replace an existing mapping rule, highlight the existing mapping rule and click Replace.

Parent topic: OpenID Connect mapping rules