Extended user attributes and identity mapping
The CDSSO process is supported by the cross-domain mapping framework (sometimes referred to as CDMF) to allow the inclusion of extended attributes to further describe a user identity. CDMF is a programming interface that can handle extended user attributes during token creation and provide mapping services for the user identity during token consumption.
Built-in default CDMF operation during CDSSO returns:
- "SUCCESS" and no extended attributes to the CDSSO token creation module
- "SUCCESS" and no identity mapping to the CDSSO token consumption module.
We can use the cross-domain mapping framework C API to customize the handling of user attributes and the mapping of user identities. Complete information and API reference material for the cross-domain mapping framework can be found in the IBM Security Verify Access for Web: Web Security Developer Reference.
Alternatively, attributes can be specified in the WebSEAL configuration file for transfer from the source server to the destination server.
Parent topic: Cross-domain single signon concepts