Note: this component stores cluster-wide configuration data and is mirrored across all servers in the topology within the the same cluster.
Note: changes to cluster-wide configuration objects are immediately and automatically mirrored across all servers within the same cluster, so offline changes are not supported.
A External Identity Provider Attribute Mapping defines how the value of a single SCIM Resource Type attribute is determined from an External Identity Provider attribute.
↓Relations to This Component
↓Properties
↓dsconfig Usage
The following components have a direct composition relation to External Identity Provider Attribute Mappings:
The properties supported by this managed object are as follows:
| Basic Properties: | Advanced Properties: |
|---|---|
| ↓ identity-resource-attribute | None |
| ↓ provider-attribute | |
| ↓ login-update-behavior |
identity-resource-attribute (Read-Only)
| Description | The attribute of the identity resource to be mapped from the provider attribute. An identity resource attribute may be mapped from multiple external identity providers. However, the identity resource attribute holds values from only one external identity provider at any given time (i.e. values from a provider can overwrite prior values from a different provider). Examples of valid attribute paths are:
|
| Default Value | None |
| Allowed Values | A string |
| Multi-Valued | No |
| Required | Yes |
| Admin Action Required | None. Modification requires no further action |
| Description | The external identity attribute to be mapped, or the path to a specific field of an external identity attribute. Claims may be defined by name or the path to the specific field of a claim. Examples:
|
| Default Value | None |
| Allowed Values | A string |
| Multi-Valued | Yes |
| Required | Yes |
| Admin Action Required | None. Modification requires no further action |
| Description | Specifies whether this attribute mapping is applied during login. |
| Default Value | only-if-missing |
| Allowed Values | never - The attribute mapping is never applied during login. only-if-missing - The attribute mapping is only applied during login if there is no existing value of the SCIM Resource Type attribute specified in the mapping. always - The attribute mapping is always applied during login and can replace an existing value of the SCIM Resource Type attribute specified in the mapping. |
| Multi-Valued | No |
| Required | Yes |
| Admin Action Required | None. Modification requires no further action |
To list the configured External Identity Provider Attribute Mappings:
dsconfig list-external-identity-provider-attribute-mappings
[--property {propertyName}] ...
To view the configuration for an existing External Identity Provider Attribute Mapping:
dsconfig get-external-identity-provider-attribute-mapping-prop
--mapping-name {name}
--provider-name {name}
[--tab-delimited]
[--script-friendly]
[--property {propertyName}] ...
To update the configuration for an existing External Identity Provider Attribute Mapping:
dsconfig set-external-identity-provider-attribute-mapping-prop
--mapping-name {name}
--provider-name {name}
(--set|--add|--remove) {propertyName}:{propertyValue}
[(--set|--add|--remove) {propertyName}:{propertyValue}] ...
To create a new External Identity Provider Attribute Mapping:
dsconfig create-external-identity-provider-attribute-mapping
--mapping-name {name}
--provider-name {name}
--set provider-attribute:{propertyValue}
[--set {propertyName}:{propertyValue}] ...
To delete an existing External Identity Provider Attribute Mapping:
dsconfig delete-external-identity-provider-attribute-mapping
--mapping-name {name}
--provider-name {name}