To obtain user-specific information by fetching policy response attributes, assign a mode to the policy response attribute property and map the policy response attributes to be populated under specific names for the currently authenticated user. The following example first demonstrates how to assign the REQUEST_ATTRIBUTE mode for fetching policy response attributes and then demonstrates a way to map those attributes:
com.sun.identity.agents.config.response.attribute.fetch.mode = REQUEST_ATTRIBUTE |
The key is the policy response attribute name and the value is the name under which that attribute will be made available.
com.sun.identity.agents.config.response.attribute.mapping com.sun.identity.agents.config.response.attribute.fetch.mode = REQUEST_ATTRIBUTE com.sun.identity.agents.config.response.attribute.mapping[] = |
Using this property for mapping policy response attributes, you can specify any number of attributes that are required by the protected application. For example, if the application requires the attributes cn and mail, and it expects these attributes to be available under the names COMMON_NAME and EMAIL_ADDR, then your configuration setting would be as follows:
com.sun.identity.agents.config.response.attribute.mapping[cn] = COMMON_NAME
com.sun.identity.agents.config.response.attribute.mapping[mail] = EMAIL_ADDR