By default OAM populates User Login value to OAM_REMOTE_USER attribute after authentication.
If there is any third party application is integrated with OAM for single sign on, then that application consumes OAM_REMOTE_USER attribute for further work.
There can be a possiblity of customer want to use the different attribute in downstream application than User Login. Below are the steps to achieve this :
1. Navigate to your Application Domain --> Open the Authorization Policy attached to your protected resources.
2. Open the Responses tab and add the parameter you want to pass to downstream application for their use.
For.e.g :
Name : OAM_ASSERT_ATTR
Type : Header
Value : $user.attr.mail
3. In the downstream application's Admin server create an OAMIdentityAsserter. In the Active Types select OAM_REMOTE_USER and OAM_IDENTITY_ASSERTION in common section.
4. Now in Provider Specific section provide the value OAM_ASSERT_ATTR as a SSOHeader Name.
No comments:
Post a Comment