Layer7 Access Management

Expand all | Collapse all

How to use Identity Mapping

Jump to Best Answer
  • 1.  How to use Identity Mapping

    Posted 03-06-2017 10:45 AM

    I’m IWA authentication and I need to define a response for SM_USER in the IWA policy: I get the sAMAccountName from AD and I need to return the UID from CA Directory in the response. The UID (random UUID) is different than the sAMAccountName. The lookup must be: Return UID (CA Directory) where employeeNumber (CA Directory) = sAMAccountName (AD). Do you know how to achieve that?


    I've created an Custom Search in an Identity Mapping where AD is source directory and CA Directory is the target directory and the search is employeeNumber = sAMAccountName. AFAIK you can use then attributes from both AD and CA Directory in your response.

    Until now it does not return a valid response e.q. SM_USER is empty


    Any suggestion? (im using CA SSO r12.52 SP2 CR01)



  • 2.  Re: How to use Identity Mapping
    Best Answer

    Posted 03-07-2017 01:39 AM

    If I understand your use case right.

    You have :

    • Authentication Directory = Active Directory
    • Authorization Directory = CA Directory


    You have configured AuthAZ Identity mapping with source as Active Directory and Target as CA Directory.

    Now, you would like to return the UID from CA directory (AZ directory) as a response in HTTP_SM_USER header variable.


    This is perfectly possible. However,note that , the Response are evaluated for only that directory which is specified in your Policy. As this is going to be OnAccessAccept Policy, you will be able to retrieve attribute from ONLY CA directory here..





    Identity Mapping :






    In CA Directory I have givenName for this user set to Kelly CADir

    In AD, I have givenName fro this user set to Kelly AD


    As you can see above, as per our configuration , the value was correctly picked from CA Directory.


    Let me know if there is any questions.




  • 3.  Re: How to use Identity Mapping

    Posted 03-08-2017 09:52 AM

    Thanks Ujwol, I got it working now.

    Really appreciated!