Transformation Procedures are used to transform one set of attributes into another set of attributes. The most common transformation is name-transformation. I.e. performing an operation on the subject of an authentication. Advanced operations on the username can be performed using transformation procedures.
subject
1 2 3 4 5 6 7
function result(transformationContext) { var attributes = transformationContext.attributesMap; // transform the incoming attributes return attributes; }
Important
The main function of a transformation procedure must be called result.
result
The result function takes one argument, which is the object to be validated.
The main function of a transformation procedure
Attributes which is a Map of attributes.
The returned value should be a JavaScript map with the transformed attributes. Any attribute can be transformed by adding, removing and renaming attributes on the incoming map. If name transformation is performed, the resulting object must contain a subject attribute when transformation is complete.
Transformation can usually be done without using procedures, but some tasks are easier to perform with a transformation procedure.
1 2 3 4 5 6 7 8 9 10 11
function result(transformationContext) { var attributes = transformationContext.attributeMap; //Example: To add @example.com to each username, do: attributes.subject = attributes.subject + '@example.com'; //Example: To add extra attributes attributes.newAttribute = "foobar"; return attributes; }
More examples of transformation procedures can be found in the $INSTALL_DIR/examples/configs/transformation-procedures directory.
$INSTALL_DIR/examples/configs/transformation-procedures
attributeMap
This is a Map<String, Object> of the attributes that can be transformed by this transformation procedure.
transformationContext
The input argument to the result function of a transformation procedure. It contains a single attribute
transformationContext.
Get the incoming attributes to transform. This is a Map<String, Object> in Java which may contain a nested structure.
getAttributeDataSource
Retrieves a configured AttributeDataAccessProvider with the provided ID if it exists, or null otherwise.
A dataSource with the requested ID, or null if it does not exist.
dataSource
request
Returns the httpRequest for the current transaction
httpRequest
response
Returns the httpResponse for the current transaction
httpResponse
originalQueryParameters
Returns a originalQueryParameters An object containing the query parameters used in the initial request to either the authorization endpoint, or the authentication endpoint.
sessionManager
Returns the Session Manager
client
Returns an object describing the OAuth client that initiated the authentication flow. See Client Object for the available client properties.