Retrieve Attribute from Database

Contents

Overview

The Enterprise Gateway can retrieve user attributes from a specified database, or write user attributes to a specified database. It can do this by running an SQL query on the specified database, or by invoking a stored procedure call.

General Configuration

Configure the following field:

Name:
Enter an appropriate name for this filter.

Database

Configure the following fields on the Database tab:

Database Location:
The Enterprise Gateway searches the selected database for the user's attributes. Click the button on the right to select the database to search. If you wish to use an existing database connection, (for example, Default Database Connection), you can select it in the tree. To add a database connection, right-click the Database Connections tree node, and select Add DB connection.

Alternatively, you can add database connections under the External Connections node in the Policy Studio tree view. For more information on configuring database connections, see the Database Connection topic.

Database Statements:
The Database Statements table lists the currently configured SQL queries or stored procedure calls. These queries and calls retrieve certain user attributes from the database selected in the Database Location field.

You can edit and delete existing queries by selecting them from the drop-down list and clicking the Edit and Delete buttons. For more information on how to configure a Database Query, see the Database Query Configuration topic.

Advanced

On the Advanced tab, configure the following fields in the User Attribute Extraction section:

Place query results into user attribute list:
Select whether to place the database query results in a user attribute list using this checkbox (selected by default). When selected, the query results are placed in the attribute.lookup.list message attribute.

Associate attributes with user ID
When the Place query results into message attribute list checkbox is selected, you can select or enter a user ID to associate with the user attributes. For example, if the user name is stored as admin in the database, you must select the message attribute containing the value admin. The Enterprise Gateway then looks up the database using this name. By default, the user ID is stored in the authentication.subject.id message attribute.

Configure the following fields on the Attribute Naming section:

Prefix for message attribute names:
You can specify an optional prefix for message attribute names. The default prefix is user.

Attribute name for stored procedure out parameters:
You can also specify an attribute name for stored procedure out parameters. The default prefix is out.param.value.

Case for attribute names:
You can specify whether attribute names are in lower case or upper case. The default is lower case.