attribute_pattern
Use the attribute_pattern stanza entry to control the attributes that WebSEAL accepts from the incoming CDSSO authentication token.
attribute_pattern = {preserve|refresh}Description
Attributes to accept from incoming CDSSO authentication tokens.
The attributes typically match those attributes declared in the [cdsso-token-attributes] stanza for the WebSEAL server in the source domain.
The attribute_pattern can be either a specific value or can be a pattern that uses standard Security Verify Access wildcard characters (*, [], ^, \,?).
The order of attribute_pattern entries is important. WebSEAL uses the first entry matching the attribute. Other entries are ignored.
Options
preserve Attributes matching a preserve entry, or matching none of the entries, are kept. If no entries are configured, then all attributes are kept.
refresh Attributes in CDSSO authentication tokens that match a refresh entry are removed from the token. These attributes are removed before the CDMF library is called to map the remote user into the local domain.
Usage: Optional
Default: None.
Example:
my_cred_attr1 = preserveParent topic: [cdsso-incoming-attributes] stanza