You can configure an external service to add attributes to a user credential.
The WebSEAL authentication process accesses the Security Access Manager user registry and builds a credential for the user. The credential contains user information that is needed to make access decisions such as the user name and the list of groups to which the user belongs.
WebSEAL supports several different mechanisms (services) that allow administrators and application developers to extend the authentication process. When WebSEAL conducts the authentication process, it checks to see if any external services have been implemented and configured. When they have, WebSEAL calls those services. The services can do their own processing to build a list of extended attributes about the user identity. These extended attributes are added to the user credential.
The following service is supported:
This entitlement service is built-in to Security Access Manager by default. This service is an implementation of a class of Security Access Manager entitlement services known as credential attribute entitlement services. The registry attribute entitlement service obtains specified user information from a user registry (such as an LDAP user registry) and inserts the data into an attribute list in the user credential. This built-in registry attribute entitlement service is a generic entitlement service that can be used by many resource managers. This service takes the place of a previous method that required administrators to add "tag/value" entries to the [ldap-ext-creds-tag] stanza in the pd.conf configuration file. For configuration information, see Configure a registry attribute entitlement service.