Authentication Service Credential mapping rule

The Authentication Service Credential mapping rule is JavaScript code that you can use to customize the information that is contained in the user credential.

During authentication, the Authentication Service gathers information about the authenticated user, including attributes associated with the user ID. After successful authentication, the Authentication Service provides this information to the Authentication Service Credential mapping rule. The main task of the mapping rule is to modify or add attributes to the user information before it is used to generate a credential.

Customizing the mapping rule is an advanced way to customize the credential. To specify basic credential attributes, use an authentication policy and the Credentials panel in the local management interface instead of creating a custom mapping rule. See Creating an authentication policy.

If you write your own mapping rule and use it to replace the existing rule, be aware of the following considerations:

Credential attributes are string values. For example, user names and lists of groups are string arrays.
Do not use spaces, commas, or colons in credential attribute names. Use alphanumeric characters.

The sample mapping rule provides more descriptions about considerations for writing your own mapping rule.

A default AuthSvcCredential mapping rule is provided. To review the rule:

Log in to the local management interface.
Click AAC
Under Policy, click Authentication.
Click Advanced.
Select AuthSvcCredential.
Click .
Choose a location and save the file.

To review an example of a customized credential mapping rule:

Log in to the local management interface.
Click System.
Click File Downloads.
Click access_control > examples > mapping_rules.
Select authsvc_credential.js.
Click Export to download the file.

If you create your own rule, use it to replace the existing rule. See the replacement instructions in Managing mapping rules.