Create a header identity mapping to make user attributes or client certificates available as HTTP request headers to applications, both site- and agent-based, that use them for authentication.
A single header identity mapping can expose a number of attribute values or a certificate chain up to three levels deep. Header identity mappings are assigned to applications.
- Click Access and then go to Identity Mappings > Identity Mappings.
- Click + Add Identity Mapping.
- In the Name field, enter a name for the mapping.
- In the Type list, select Header Identity Mapping.
-
In the
Attributes
section, select a list type.- Inclusion List: Includes the specified attributes as headers.
- Exclusion List: Includes all attributes as headers, with the exception of those specified.
-
If you selected Inclusion List, specify the
Inclusion List parameters.
-
In the Header Name Prefix field, enter a
prefix.
This prefix is prepended onto all header names.
-
In the Attribute Name field, enter or select the
name of the attribute to retrieve from the user web session in the
Attribute Name field.
For example,
sub
. -
In the Header Name field, enter the name of the
HTTP requests header to contain the attribute value.
The HTTP header you specify here is the actual header name over the HTTP protocol, not an environment variable interpreted format. For example, enter the User-Agent browser type identifying header as User-Agent, not HTTP_USER_AGENT.
- Optional: Click + Add Row to add additional sets of attributes and headers.
- Optional: Click Subject to select which attribute is used as the subject.
-
In the Header Name Prefix field, enter a
prefix.
-
If you selected Exclusion List, specify the
Exclusion List parameters.
-
In the Header Name Prefix field, enter a
prefix.
This prefix is prepended onto all header names.
- Optional:
In the Excluded Attributes field, enter one or
more attributes to exclude.
All attributes not specified are included as headers.
- In the Subject Attribute Name list, select an attribute to use as the subject.
-
In the Header Name Prefix field, enter a
prefix.
-
In the Certificate to Header Mapping section, enter the
header name included in a PEM-encoded client certificate.
The row position correlates to the index in the client certificate chain. For example, the first row always maps to the leaf certificate.
- If you are using a certificate chain, click + Add Row to add another row.
- Click Save.