Authenticated User Mapping
We can use the authenticated user mapping module to map an authenticated user name to a different Security Verify Access user identity.
During the authentication process, Security Verify Access takes an XML representation of the authentication data and then evaluates the data against an XSLT rule to produce the appropriate user identity. The result is either a static user identity or an LDAP search string that we can use to locate the user identity. In addition, one or more attributes might be added to the generated credential for the user. The authenticated user mapping module cannot be invoked if an EAI authentication takes place, where a privileged attribute certificate (PAC) is supplied as the authentication data.
- Authenticated user mapping rule language
Extensible Style Language (XSL) is the language that specifies rules. Extensible Markup Language (XML) is the language for the data that forms an input to the rules. The combination of XML and XSL provides a platform-independent way to express both the inputs to the rules evaluator and the rules themselves.- UMI XML document model
The Universal Management Infrastructure XML document model (UMI XML model) is a set of restrictions that are placed on the XSL or XML model by the user mapping rules implementation. This model enables the interface to be simple and yet functional for user mapping purposes.- Containers and XML UMI container names
When data is requested from a resource manager, the granularity of the returned XML data is at the level of a single container of information. The container is normally also the smallest data element. For example, elements that might be considered for billing purposes.- XML user mapping model
The following UMI XML document shows the data that is passed to the XSL processor from the rules evaluator during the evaluation of an authenticated user mapping rule.- User mapping rules evaluator
The user mapping rules evaluator evaluates user mapping rules in the constraints that are required by the user mapping engine. A configuration file that you specify supplies the pre-configured rules to the authenticated user mapping module.- Enabling authenticated user mapping
The authenticated user mapping module is disabled by default. We must enable it before we can map an authenticated user name to a different Security Verify Access user identity.- Valid user mapping attributes
A list of authenticated user mapping attributes can be used in the mapping rules.Parent topic: Advanced authentication methods
Related concepts