Transformation Procedures

Transformation Procedures are used to transform one set of attributes into another set of attributes. The most common transformation is name-transformation. I.e. performing an operation on the subject of an authentication. Advanced operations on the username can be performed using transformation procedures.

Listing 290 Structure of Transformation Procedures
1
2
3
4
5
6
7
function result(transformationContext) {
  var attributes = transformationContext.attributesMap;

    // transform the incoming attributes

  return attributes;
}

Important

The main function of a transformation procedure must be called result.

Function

The result function takes one argument, which is the object to be validated.

result(transformationContext)

The main function of a transformation procedure

Arguments:
  • transformationContext – The context object for transformations.
Returns:

Attributes which is a Map of attributes.

Return Value

The returned value should be a JavaScript map with the transformed attributes. Any attribute can be transformed by adding, removing and renaming attributes on the incoming map. If name transformation is performed, the resulting object must contain a subject attribute when transformation is complete.

Examples

Transformation can usually be done without using procedures, but some tasks are easier to perform with a transformation procedure.

Listing 291 Transforming a username
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
function result(transformationContext) {
  var attributes = transformationContext.attributeMap;

  //Example: To add @example.com to each username, do:
  attributes.subject = attributes.subject + '@example.com';

  //Example: To add extra attributes
  attributes.newAttribute = "foobar";

  return  attributes;
}

More examples of transformation procedures can be found in the $INSTALL_DIR/examples/configs/transformation-procedures directory.

API

Attributes

attributeMap

This is a Map<String, Object> of the attributes that can be transformed by this transformation procedure.

Context

transformationContext

The input argument to the result function of a transformation procedure. It contains a single attribute

transformationContext.attributeMap

Get the incoming attributes to transform. This is a Map<String, Object> in Java which may contain a nested structure.

Returns:A attributeMap containing the attributes to transform
transformationContext.getAttributeDataSource(dataSourceId)

Retrieves a configured AttributeDataAccessProvider with the provided ID if it exists, or null otherwise.

Arguments:
  • dataSourceId (string) – The ID of the data source.
Returns:

A dataSource with the requested ID, or null if it does not exist.

transformationContext.request

Returns the httpRequest for the current transaction

Returns:httpRequest for the current transaction
transformationContext.response

Returns the httpResponse for the current transaction

Returns:httpResponse for the current transaction
transformationContext.originalQueryParameters

Returns a originalQueryParameters An object containing the query parameters used in the initial request to either the authorization endpoint, or the authentication endpoint.

Returns:originalQueryParameters with request parameters
transformationContext.sessionManager

Returns the Session Manager

Returns:sessionManager of the current session