[OpenAM] Attributes in SSO token
Natalia Castiglioni
natalia.castiglioni at gmail.com
Thu Aug 11 13:57:56 EDT 2011
Once i have set attributes in that way is it possible to get them with the
rest api using attributes?
Thanks
2011/8/11 "Major Péter" <majorpetya at sch.bme.hu>
> Access Control -> Realm -> Authentication -> All Core Settings
>
> Peter
>
> ----- Original Message -----
> From: Natalia Castiglioni <natalia.castiglioni at gmail.com>
> Date: Thursday, August 11, 2011 6:42 pm
> Subject: Re: [OpenAM] Attributes in SSO token
> To: Users <openam at forgerock.org>
>
>
> > is there a way of achieving this through openam GUI
> > ./ssoadm set-realm-svc-attrs -u amadmin -f /tmp/.opensso.pass -e /sales
> > -s iPlanetAMAuthService -a "sunAMUserAttributesSessionMapping=mail|SSO.
> > token.mail" "sunAMUserAttributesSessionMapping=cn|SSO.token.commonname"
> >
> > Thanks
> >
> > 2011/8/10 Major Péter <majorpetya at sch.bme.hu>
> >
> > > See my comments inline...
> > >
> > > On 2011-08-10 15:11, Natalia Castiglioni wrote:
> > > > I am reviewing that info in the book Indira T. and he is explaining
> that
> > > > you can do it with this command
> > >
> > > Let's be clear:
> > > User Profile attribute - the attributes coming from the DataStore
> > > (usually a Directory Server), these belongs to the users LDAP entry.
> > >
> > > Session Property - belongs to a given SSO session, can contain any kind
> > > of (serializable) information
> > > So these are two separate things.
> > >
> > > > "Let us take an example where we want the OpenSSO server to set the
> CN
> > > > and mail
> > > > attributes of the user in the SSO token so that the remote clients
> (such
> > > > as the policy
> > > > agents) can retrieve and use them. To configure using CLI for the sub
> > > > realm /sales,
> > > > invoke the following command line:"
> > > >
> > > > ./ssoadm set-realm-svc-attrs -u amadmin -f /tmp/.opensso.pass -e
> /sales
> > > > -s iPlanetAMAuthService -a
> "sunAMUserAttributesSessionMapping=mail|SSO.
> > > > token.mail"
> "sunAMUserAttributesSessionMapping=cn|SSO.token.commonname"
> > >
> > > This setting is basically: Mapping user attributes to session
> > > properties. When the user logs in these attributes will be mapped into
> > > the session, so you can access them through the SSOToken (using the
> > > ClientSDK/agent). However if the given attribute has been changed since
> > > the login it will NOT get updated with the new value in the session.
> You
> > > can set and get User Profile attributes using the read/update/search
> > > commands on the REST idsvcs interface (openam/identity/*).
> > >
> > > > If this is the case, after configuring this it could be possible to
> call
> > > > the rest API to add values to those attributes and then client can
> get
> > > > it in a transparent way....?
> > >
> > > Can you elaborate on this?
> > >
> > > Peter
> > >
> > > > 2011/8/10 Major Péter <majorpetya at sch.bme.hu <mailto:
> > > majorpetya at sch.bme.hu>>
> > > >
> > > > Via command line? You can achieve this by either using a
> > > > postauthenticationprocessing plugin or a ClientSDK application,
> as
> > > far
> > > > as I can tell there is no such functionality in the REST API.
> > > >
> > > > Peter
> > > >
> > > > On 2011-08-10 15:00, Natalia Castiglioni wrote:
> > > > > I want to add attributes (for example mail and other thinghs)
> of
> > > the
> > > > > user in the SSO token so that remote clients can retrieve and
> use
> > > > them.
> > > > > I know this can be done through command line, but i was
> wondering
> > > if
> > > > > there is some way of achieving this with REST API? Any help is
> > > > appreciated.
> _______________________________________________
> OpenAM mailing list
> OpenAM at forgerock.org
> https://lists.forgerock.org/mailman/listinfo/openam
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.forgerock.org/pipermail/openam/attachments/20110811/b8790b8c/attachment-0001.html
More information about the OpenAM
mailing list