Manage mapping rules

The mapping rules are JavaScript code that run during the authentication flow. Use the rules to customize the authentication service and the one-time password generation, delivery, and verification. Attention: Use extreme care when you replace mapping rules. Any change that you make to a mapping rule can affect the entire runtime environment. Always export a copy of the original rule we plan to replace so that you have a backup copy.

We can customize several components through JavaScript code. For example, we can customize the Authentication Service to modify the content of user credential by modifying the AuthSvcCredential mapping rule. The JavaScript code is run by the Rhino JavaScript engine. Your JavaScript code must conform to JavaScript 1.7. Your JavaScript code is not run under a browser environment. Therefore, we cannot use objects and functions available only in a browser environment. We can, however, use standard JavaScript objects (such as Math) and functions (such as parseInt). In addition, your JavaScript code can use white-listed Java classes, which we might need so that we can use operations that are not supported by standard JavaScript functions. We can find the list of these Java classes at JavaScript whitelist. To find out more about using Java classes in JavaScript, see the Rhino documentation https://developer.mozilla.org/en/docs/Rhino.

Steps

1. Log in to the local management interface and click...
   AAC Policy > Authentication > Advanced

2. Take one of the following actions:

   View a mapping rule:

   1. Select a mapping rule.
   2. Click . The View Mapping Rule panel opens. The content of the mapping rule is displayed.
   3. Click OK to close the panel.

   Export a mapping rule:

   1. Select a mapping rule.
   2. Click .
   3. Choose a location and save the file.

   Replace a mapping rule:

   Use an existing mapping rule as the basis for the updated mapping rule. Attention: When you replace this file, an error in the JavaScript source might be found immediately after it is replaced or it might not be found until the file is run.

   1. Select a mapping rule that we want to replace.
   2. Click . The Replace Mapping Rule panel opens.
   3. Click the field or the Browse button and select a file.Attention: The name of the mapping rule cannot be replaced. The name of the uploaded file is ignored.
   4. Click OK to upload the mapping rule.

What to do next

When you replace a mapping rule, the appliance displays a message there are undeployed changes. Deploy the changes when you are done. For more information, see Deploying pending changes.

• Authentication Service Credential mapping rule
  
• OTPGetMethods mapping rule
  
• OTPGenerate mapping rule
  
• OTPDeliver mapping rule
  
• OTPVerify mapping rule
  
• Customizing one-time password mapping rules to use access control context data
  
• Authentication Service Credential mapping rule
  
• OTPGetMethods mapping rule
  
• OTPGenerate mapping rule
  
• OTPDeliver mapping rule
  
• OTPVerify mapping rule
  
• Customizing one-time password mapping rules to use access control context data
  

Parent topic: Authentication

Parent topic: Mapping rules