Transformation Procedures¶

Transformation Procedures are used to transform one set of attributes into another set of attributes. The most common transformation is name-transformation. I.e. performing an operation on the subject of an authentication. Advanced operations on the username can be performed using transformation procedures.

Listing 298 Structure of Transformation Procedures¶

function result(transformationContext) {
  var attributes = transformationContext.attributesMap;

    // transform the incoming attributes

  return attributes;
}

Important

The main function of a transformation procedure must be called result.

Function¶

The result function takes one argument, which is the object to be validated.

result(transformationContext)

The main function of a transformation procedure

Arguments:	transformationContext – The context object for transformations.
Returns:	Attributes which is a Map of attributes.

Return Value¶

The returned value should be a JavaScript map with the transformed attributes. Any attribute can be transformed by adding, removing and renaming attributes on the incoming map. If name transformation is performed, the resulting object must contain a subject attribute when transformation is complete.

Examples¶

Transformation can usually be done without using procedures, but some tasks are easier to perform with a transformation procedure.

Listing 299 Transforming a username¶

function result(transformationContext) {
  var attributes = transformationContext.attributeMap;

  //Example: To add @example.com to each username, do:
  attributes.subject = attributes.subject + '@example.com';

  //Example: To add extra attributes
  attributes.newAttribute = "foobar";

  return  attributes;
}

More examples of transformation procedures can be found in the $INSTALL_DIR/examples/configs/transformation-procedures directory.

API¶

Attributes¶

attributeMap¶: This is a Map<String, Object> of the attributes that can be transformed by this transformation procedure.

Context¶

transformationContext¶

The input argument to the result function of a transformation procedure. It contains a single attribute

transformationContext.attributeMap¶

Get the incoming attributes to transform. This is a Map<String, Object> in Java which may contain a nested structure.

Returns:	A `attributeMap` containing the attributes to transform

transformationContext.getAttributeDataSource(dataSourceId)¶

Retrieves a configured AttributeDataAccessProvider with the provided ID if it exists, or null otherwise.

Arguments:	dataSourceId (string) – The ID of the data source.
Returns:	A `dataSource` with the requested ID, or null if it does not exist.

transformationContext.request¶

Returns the httpRequest for the current transaction

Returns:	`httpRequest` for the current transaction

transformationContext.response¶

Returns the httpResponse for the current transaction

Returns:	`httpResponse` for the current transaction

transformationContext.originalQueryParameters¶

Returns a originalQueryParameters An object containing the query parameters used in the initial request to either the authorization endpoint, or the authentication endpoint.

Returns:	`originalQueryParameters` with request parameters

transformationContext.sessionManager¶

Returns the Session Manager

Returns:	`sessionManager` of the current session

transformationContext.client¶

Returns an object describing the OAuth client that initiated the authentication flow. See Client Object for the available client properties.

Returns:	`client` object.