IBM Security Verify Access for Web WebSEAL attribute

attribute_pattern

Use the attribute_pattern stanza entry to specify whether attributes are preserved or refreshed during an eCSSO authentication operation.

attribute_pattern = {preserve|refresh}

Description

Extended attributes to extract from incoming eCSSO authentication tokens.
The attributes typically match those attributes declared in the [cdsso-token-attributes] stanza for the WebSEAL server in the source domain.
The attribute_pattern can be either a specific value or can be a pattern that uses standard Security Verify Access wildcard characters (*, [], ^, \,?).
The order of attribute_pattern entries is important. The first entry matching the attribute is used. Other entries are ignored.
Options

preserve Attributes in eCSSO vouch-for tokens that match a "preserve" entry, or matching none of the entires, are kept. If no entries are configured, then all attributes are kept.
refresh Attributes in eCSSO vouch-for tokens that match a "refresh" entry are removed from the token. WebSEAL removes these attributes before the CDMF library is called to map the remote user into the local domain.

Usage: Optional
Default: None.
Example:
my_cred_attr1 = preserve

Parent topic: [ecsso-incoming-attributes] stanza

preserve	Attributes in eCSSO vouch-for tokens that match a "preserve" entry, or matching none of the entires, are kept. If no entries are configured, then all attributes are kept.
refresh	Attributes in eCSSO vouch-for tokens that match a "refresh" entry are removed from the token. WebSEAL removes these attributes before the CDMF library is called to map the remote user into the local domain.