Previous Topic: User Attribute Mapping Overview

Next Topic: Define an Attribute Mapping

How Attribute Mapping Works

User directories store user information such as organizational information, user and group attributes, and individual credentials. Multiple user directories in a SiteMinder environment often store the same user information, but use different underlying schema and user attribute names to identify them. This results in a disparate view of the same user information from a SiteMinder perspective.

The purpose of user attribute mapping is to create a common view of the same user information by defining a universal schema. SiteMinder uses this universal schema to resolve user information across multiple user directories.

You can define a user attribute mapping by mapping a common name to the underlying directory schema that identifies a user attribute. Mapping the same common name to the underlying schema of each user directory in the environment results in a universal schema for the user attribute. This creates a common view of the same user information.

Creating such a view lets SiteMinder reference user attributes without regard for the directory type, greatly reducing the number of policies or other objects that must be configured to account for multiple user directories. Each user attribute mapping is specific to the user directory in which it is defined.

The following illustrates the basic concept of user attribute mapping:

SM--attribute mapping overview case

  1. Two user directories identify the first name of users differently:

    This results in two different representations and views of the same user information.

  2. FirstName is a common name that is mapped to the underlying directory schema:
  3. FirstName results in a common view of the same user information. You can reference FirstName when defining policies, expressions, or other objects that require the first name of users, without concern for the directory-specific schema, because the directories are operationally identical. SiteMinder determines that FirstName is givenname in Directory A and u_givenname in Directory B.


Copyright © 2010 CA. All rights reserved. Email CA about this topic