XML user mapping model

The following UMI XML document shows the data that is passed to the XSL processor from the rules evaluator during the evaluation of an authenticated user mapping rule.

The document contains one container that is named stsuuser. The attribute value of the container stsuuser:STSUniversalUser is defined in XML.

The evaluator automatically encompasses all of the data under the XML top-level node declaration XMLUMI when the UMI XML document is created, so this top-level element is added for clarity.

The XML document is automatically created by Security Verify Access with the attributes that are in the authentication request. The XML document that is passed to the evaluation routines by the user mapping rules evaluator is as follows:

<?xml version="1.0" encoding='UTF-8'?>

<XMLUMI>
  <stsuuser:STSUniversalUser xmlns:stsuuser="urn:ibm:names:ITFIM:1.0:stsuuser">
    <stsuuser:Principal>
      <stsuuser:Attribute name="name">    
        <stsuuser:Value>
          - authenticated user identity -
        </stsuuser:Value>
      </stsuuser:Attribute>
    </stsuuser:Principal>
    <stsuuser:AttributeList>
      <stsuuser:Attribute name="-attrname-">
        <stsuuser:Value>-attrvalue-</stsuuser:Value>
      </stsuuser:Attribute>
      ...
    </stsuuser:AttributeList>
  </stsuuser:STSUniversalUser>
</XMLUMI>

For a full list of available attributes, see Valid user mapping attributes.

When you reference a particular UMI item in the XMLUMI document available to a rule, the XPath path specifier can begin from the container name of the XML element (for example, stsuuser:STSUniversalUser). If the callers want to specify their own template match statement explicitly, they can do so.

For more information, see Format and constraints of rules.