Fulfilling policy contract grant mapping
On the Contract Fulfillment tab, map authentication source values into persistent grants.
About this task
The USER_KEY
attribute is the identifier of the persistent grants.
The USER_NAME
attribute presents the name shown to the resource owner on OAuth user-facing pages.
If extended attributes are defined in System → OAuth Settings → Authorization Server Settings, configure a mapping for each attribute.
The |
Steps
-
On the Contract Fulfillment tab, select a source from the Source list, and then select or enter a value for each attribute in the contract.
Map each attribute from one of the following sources:
-
Authentication Policy Contract
Populates the associated Value list with attributes associated with the APC.
-
**
Context
Values are returned from the context of the transaction at runtime.
If
As the HTTP Request context value is retrieved as a Java object rather than text, OGNL expressions are ideal to evaluate and return values. |
-
Extended Client Metadata
Values are returned from the client record.
-
LDAP
/JDBC
/Other (when a datastore is used)Values are returned from your datastore. When you make this selection, the Value list populates with attributes from the datastore.
-
Expression
(when enabled)Provides more complex mapping capabilities, such as transforming incoming values into different formats. All of the variables available for text entries are also available for expressions.
-
No Mapping
Ignores the Value field.
-
Text
You can enter a text value only, or you can mix text with references to the unique user ID returned from the credentials validator, using the
${attribute}
syntax. You can also enter values from your datastore, when applicable, using the$\{ds.attribute}
syntax, whereattribute
is any of the datastore attributes you have selected.-
Click Next.
-