General Settings → Authentication → Custom Authentication Settings → Configuring Identity Transformers
After you define one or more authenticators, configure how user identities are managed using one or more identity transformers. You can configure both pre-authentication and post-authentication transformers.
For example, after a user selects his or her certificate when prompted, an x509 base authenticator validates the certificate and passes the certificate information to the Identity Store. The certificate contains a common name (CN) in the form:
CN=LASTNAME.FIRSTNAME.MIDDLE.10DIGITNUMBER
If the login ID in SBM does not match the common name, authentication fails. Most SBM login IDs do not contain the entire CN value; therefore, a server-side JavaScript pre-authentication identity transformer can convert the common name into the required login ID format. Once the CN value is transformed, the user identity is authenticated against the Identity Store.
To get started, click Add New, and then select one of the following:
Select Predefined identity transformer to use one of the predefined identity transformers that are provided by SBM. Use the provided tooltips for guidance.
The following predefined identity transformers are available:
Provided for testing purposes only.
A simple transformer that enables you to prepend or append a string to a username. For example, you can specify a suffix like @acme.com to transform a username like jdoe into an e-mail address like jdoe@acme.com.
Transforms a username using server-side JavaScript transformation. This enables you to implement your own custom logic in the username transformation.
Transform user identities obtained from x509 certificates using sample JavaScript.
You can also override the identity transformer and establish your own ID mappings if converted identities are identical or you want to define specific key-value pairs. The Mapping keys file called cert2user_mapping_keys.xml that is provided by default contains a sample identity mapping override that you can modify as needed.
This transformer enables you to transform a user identity by using an LDAP attribute as the source of the transformed identity. Once an authenticated user is found in LDAP, the attribute value from the user's LDAP record is used as its login identity.
Select Custom identity transformer to enter XML that describes for your custom identity transformer. Click Reindent to fix any indentation problems in the XML and improve readability. Click Validate to check that the XML is valid.
Copyright © 2007–2019 Micro Focus or one of its affiliates. All rights reserved.