Enabling authenticated user mapping

The authenticated user mapping module is disabled by default. We must enable it before we can map an authenticated user name to a different Security Verify Access user identity.

1. Access the local management interface to configure an XSLT rules file to define the rules for the authenticated user mapping module. The following steps use auth-rules.xsl as an example.
2. Select Web > Global Settings > User Name Mapping from the top menu. The User Name Mapping management page displays.
3. Take one of the following actions:
   • If rules files exist, select the file to enable, such as auth-rules.xsl, from the available list of File Names.
   • If no rules files exist:
     1. Click New to create a new rules file.
     2. Enter a name for the new file such as auth-rules.xsl.
     3. Click Save. The system generates a new file that is based on the default template.
4. Click Edit.
5. Update the file to reflect the rules you want to set.
6. Click Save.
7. Access the WebSEAL configuration file for your instance.
8. Update the [user-map-authn] stanza in the WebSEAL configuration file as follows:

   [user-map-authn]
   rules-file = file 
   debug-level = level

   where:

   file

   Name of the rules file for the authenticated user mapping module. If you rename the rules file that WebSEAL is configured to use, you must manually update this rules-file configuration entry to match the new name of the rules file. Otherwise, WebSEAL cannot locate and use the rules file after the rename operation.

   level

   Controls the trace level for the module.

   [user-map-authn]  
   rules-file = auth-rules.xsl
   debug-level = 5

   Notes:

   • The level variable indicates the trace level; 1 designates a minimal amount of tracing, and 9 designates the maximum. The Security Verify Access pdadmin trace command also modifies the trace level by using the trace component name of pd.cas.usermap. This trace component is only available after the first HTTP request is processed.
   • If you do not specify a debug level, 0 is used by default.
   • If an invalid numerical value is configured, the module defaults to a level of 0.
   • If a non-numeric value is configured for the entry, the authentication mechanism module fails with an error in the WebSEAL log, which indicates the debug-level is invalid.

Parent topic: Authenticated User Mapping