User mapping rules evaluator

The user mapping rules evaluator evaluates user mapping rules in the constraints that are required by the user mapping engine. A configuration file that you specify supplies the pre-configured rules to the authenticated user mapping module.

The user mapping rules evaluator sends the rule policy with the XML representation of the authentication request to the XSL processor for evaluation.

The input for the transformation is the XML version of the authentication request. XSL transformation rules decide how the Security Verify Access user name is mapped from the supplied user attributes information. Two inputs are used for decision making:

The output from the decision determines the Security Verify Access user identity and attributes.

XML Element Description Example
<identity>

Contains the new user identity. The original user identity, as determined by the authentication module, is used if no identity container is provided. If an identity container is provided but the identity cannot be determined, it is an authentication error. An example of this situation is a failed LDAP search.
<identity>cn=testuser,o=ibm,c=us</identity>

<attribute>

Contains the name and value of an attribute that is added to the constructed credential. We can supply multiple attributes in the response. Use a unique name for each attribute to add to the user credential. If we add more than one attribute with the same name in the XSLT rules, only one of the attributes with that name is added to the user credential.
<attribute name=qop>test-qop</attribute>

The value for the identity or attribute can either be a static string or an LDAP search query. The LDAP search query uses the following format:

Parent topic: Authenticated User Mapping