Composed complex SCIM 2.0 attribute mappings
Composed complex System for Cross-domain Identity Management (SCIM) 2.0 attribute mappings can be used to create a single-valued complex attribute in which the sub-attributes are created from other SCIM 2.0 attribute mappings.
For example, the name
complex attribute described in RFC 7643 section 8.7.1 can have sub-attributes, such as formatted
, familyName
, and givenName
, that might correspond to the cn
, sn
, and givenName
Lightweight Directory Access Protocol (LDAP) attributes. If you had SCIM 2.0 attribute mappings defined for each of those attributes, then you could use a composed complex SCIM 2.0 attribute mapping that uses those mappings to construct an appropriate value for the name complex attribute.
Because the order in which values are presented in multivalued LDAP attributes is not considered significant, you can only use composed complex SCIM 2.0 attribute mappings to generate single-valued complex attributes. If you need a multivalued complex attribute, use the JavaScript Object Notation (JSON)-formatted complex SCIM 2.0 attribute mapping type. |
Additional configuration properties that are available for composed complex SCIM 2.0 attribute mappings include:
sub-attribute-mapping
-
A reference to one or more attribute mappings for the sub-attributes to include in the complex attribute. This is required.
You can use the following example configuration change to create a composed complex SCIM 2.0 attribute mapping:
dsconfig create-scim2-attribute-mapping \ --mapping-name "name Complex Attribute" \ --type composed-complex \ --set scim-attribute-name:name\ --set attribute-usage:fetch \ --set attribute-usage:create-during-realtime-sync \ --set attribute-usage:create-during-resync --set attribute-usage:update-during-realtime-sync \ --set attribute-usage:update-during-resync \ --set "sub-attribute-mapping:Formatted Name" \ --set "sub-attribute-mapping:First Name" \ --set "sub-attribute-mapping:Last Name"