Follow this task to set or modify the mapping for user
or group attributes of a user registry to federated repository properties
in the current realm.
Procedure
- In the administrative console, click Security > Global
security.
- Under User account repository, select Federated repositories from
the Available realm definitions field and click Configure.
To configure for a specific domain in a multiple security domain environment,
click Security domains > domain_name. Under
Security Attributes, expand User Realm, and click Customize
for this domain. Select the Realm type as Federated repositories and
then click Configure.
- Under Additional properties, click the User repository
attribute mapping link.
- Select an attribute and click Edit to modify the
mapping.
- Property for Input
- Specifies the name of the federated repository property that maps to the specified user registry
attribute when it is an input parameter for the user registry interface.
For example, to set the
type of attribute that is used for the userSecurityName parameter in the
UserRegistry call, String getUniqueUserId(String userSecurityName)
, configure the
input mapping (Property for Input) on the userSecurityName attribute. The
default mapping value for userSecurityName is
principalName
.
- Property for Output
- Specifies the name of the federated repository property that maps to the specified user registry
attribute when it is an output parameter (return value) for the user registry interface. In most
cases, the propertyForInput and propertyForInput would be the same.
For example, to set the type
of attribute that is used for the return type (the unique user ID) in the UserRegistry call,
String getUniqueUserId(String userSecurityName)
, configure the output mapping on
the uniqueUserId call. The default mapping value is uniqueName
.
- Click OK and Save to the master configuration.
- Restart the application server.
Results
Note: The mappings do not correlate to the get method for each attribute type.
For example, setting the input and output property for uniqueUserId
, does not set
the input parameter and return type for the getUniqueUserId(String
userSecurityName) method.
After you complete these steps, user or group attributes
of the user registry are mapped to federated repository properties in the current realm.The
following default list of attribute mappings are available:
Table 1. Default attribute mappings
Attribute |
Property for Input |
Property for Output |
groupDisplayName |
cn |
cn |
groupSecurityName |
cn |
cn |
uniqueGroupId |
uniqueName |
uniqueName |
uniqueUserId |
uniqueName |
uniqueName |
userDisplayName |
principalName |
principalName |
userSecurityName |
principalName |
principalName |