Configuration GuidesPolicy Server Configuration GuideAuthentication SchemesXML Document Credential Collector AuthenticationConfigure the XML DCC Authentication Scheme › XML DCC Scheme Mappings

Previous Topic: Configure the XML DCC Authentication Scheme

Next Topic: Configure the Required "user" Mapping
XML DCC Scheme Mappings

To create XML DCC mappings in the Policy Server User Interface, map a user store field name to an XPath string that identifies an element of an XML document. Create these field mappings by browsing a specific XML schema file (.xsd or .dtd) or by entering the XPath string directly.

XPath is a query language for XML that lets you find elements and attributes in an XML document. Because XML documents have a tree structure, an XPath expression uses a path notation to search through the XML document, such as /to/billto/customerID. The XPath string is relative to the document header or body.

The XML DCC authentication scheme requires only one mapped field—named "User"—to identify the XML document element that will be used to look up the user to be authenticated in the user store. To meet this requirement, the Field Mapping dialog forces the first field mapping that you create to be named "User".

The XPath string to which the User field is mapped identifies where in the incoming XML document that the value for the User field should be obtained. At run time, when an XML document is processed, the XPath string associated with the User field is used to locate the element in the document that the Policy Server should use to look up the user in the user store. The Policy Server uses this value with the configured User Directory attributes to determine the LDAP Universal ID that will be used to look up the user. In the case of other directory types such as ODBC, specific SQL queries are set up to look up users. In any case, it is the value of the user obtained from the XML DCC authentication scheme that is passed to these directory specific lookup mechanisms to find the user.

The only other specific field mapping name is "Password." To look up users by username/password, in addition to the User mapping, you must configure a second mapping named "Password." Again, the XPath expression from which the value of the Password field is obtained is dependent on the schema.

Other fields may be defined and user directories may be configured to make use of these fields.