Claim Mapping Transformation

If you would like to rename or reorganize the claims and their related values before resending them to the service provider, you can use this Transformation object. Basically, what the mapping does is to ensure that the claim in the Source Claim column will receive the value from the Destination Claim column.

When adding a new Claim Mapping Transformation object, by default any new claim type will map to itself. But it is also possible to have claim types that never pass on their values, claim types that pass on their values to multiple other claim types, as well as claim types that receive values from multiple other claim types.

Claim-Mapping-Transformation.png

Claim-Mapping-Transformation1.png

Claim-Mapping-Transformation2.png

The Transformation consists of five sections:

Claim Transformation Name: Give the Transformation object a name that will make it easy to recognize when adding to the Pipelines of Authentication and Protocol connections.

Culture: Since expression may be using and comparing numbers, it is important for the system to know what culture is used in order to know whether comma or dot indicates a decimal point. Currently only two cultures are supported, Danish (comma is decimal point) and American (dot is decimal point). These should cover the needs of other cultures in regards to this issue.

Owner Organization: The organization that the Claim Transformation is added to.

Execute before loading claims from local store: By default, a claim transformation rule is executed after claims from local store are loaded for a principal. Check this option to let it execute before the load.

Conditions: It is possible to specify that the Transformation object is only applied to a Pipeline given certain conditions of the token or user is in place, include:

  • The option to skip the Transformation step when the token belongs or does not belong to a user identified as existing in the Safewhere Identify repository.
  • The option to specify that the Transformation object is not applied when token is processed via specific Authentication Connection or Protocol Connection.
  • The option to specify regular expressions that define which tokens are to be exposed to the transformation step. Please see the Using Regular Expressions in Claim Transformation Conditions section to learn more.

Claim Mapping: To add a new claim mapping item to the list, add the source and destination claims in the drop-downs and click the Add button. This adds it to the list below that. To remove a mapping you do not want, click the Remove button.

Copy claims instead of mapping: By default, the source is replaced by the destination on the issued claim list. When this check box is checked, both the source and the destination appear on the issued claim list.

Let claim types that are not specified in Source pass through this transformation step: By default, only claim mappings in this transformation are passed through. When this check box is checked, the claims that are not specified on the transformation are passed through.