XML user mapping model
The following UMI XML document shows the data that is passed to the XSL processor from the rules evaluator during the evaluation of an authenticated user mapping rule.
The document contains one container that is named stsuuser
. The attribute value
of the container stsuuser:STSUniversalUser
is defined in XML.
The evaluator automatically encompasses all of
the data under the XML top-level node declaration XMLUMI
when
the UMI XML document is created, so this top-level element is added
for clarity.
The XML document is automatically created by Security Verify Access with the attributes that are in the authentication request. The XML document that is passed to the evaluation routines by the user mapping rules evaluator is as follows:
<?xml version="1.0" encoding='UTF-8'?>
<XMLUMI>
<stsuuser:STSUniversalUser xmlns:stsuuser="urn:ibm:names:ITFIM:1.0:stsuuser">
<stsuuser:Principal>
<stsuuser:Attribute name="name">
<stsuuser:Value>
- authenticated user identity -
</stsuuser:Value>
</stsuuser:Attribute>
</stsuuser:Principal>
<stsuuser:AttributeList>
<stsuuser:Attribute name="-attrname-">
<stsuuser:Value>-attrvalue-</stsuuser:Value>
</stsuuser:Attribute>
...
</stsuuser:AttributeList>
</stsuuser:STSUniversalUser>
</XMLUMI>
For a full list of available attributes, see Valid user mapping attributes.
When you reference a particular UMI item in the XMLUMI document available to a rule, the XPath
path specifier can begin from the container name of the XML element (for example,
stsuuser:STSUniversalUser
). If the callers want to specify their own
template match statement explicitly, they can do so.
For more information, see Format and constraints of rules.