Configuring Identity Transformers

After you define one or more authenticators, configure how user identities are managed using one or more identity transformers. You can configure both pre-authentication and post-authentication transformers.

For example, after a user selects his or her certificate when prompted, an x509 base authenticator validates the certificate and passes the certificate information to the Identity Store. The certificate contains a common name (CN) in the form:

CN=LASTNAME.FIRSTNAME.MIDDLE.10DIGITNUMBER

If the login ID in SBM does not match the common name, authentication fails. Most SBM login IDs do not contain the entire CN value; therefore, a server-side JavaScript pre-authentication identity transformer can convert the common name into the required login ID format. Once the CN value is transformed, the user identity is authenticated against the Identity Store.

To get started, click Add New, and then select one of the following:

Configuring Predefined Identity Transformers

Select Predefined identity transformer to use one of the predefined identity transformers that are provided by SBM. Use the provided tooltips for guidance.

The following predefined identity transformers are available:

Configuring Custom Identity Transformers

Select Custom identity transformer to enter XML that describes for your custom identity transformer. Click Reindent to fix any indentation problems in the XML and improve readability. Click Validate to check that the XML is valid.

Related Topics