Symantec Access Management

Expand all | Collapse all

Map virtual email address to a uid or email

  • 1.  Map virtual email address to a uid or email

    Posted 11-12-2018 03:00 AM

    Hi There,

    HubertDennis william.k.lee

    Sandipan_IAM

     

    Is it possible to map an user with virtual email id(ie, abc@xyz.com) mapped with an actual id (xyz@someupn.com). I need to abc@xyz.com to authenticate the user by mapping the user to xyz@someupn.com and provide access. How to write this expression in Domain or SAML Federation.

     

    Any help would be appreciated.

     

    Though we could do this by Identity Mapping, documentation is less with regards to this.



  • 2.  Re: Map virtual email address to a uid or email

    Posted 11-14-2018 09:22 AM

    HubertDennis

    Hi Hubert,

     

    is this possible?

     

    Requesting your assistance on this please.



  • 3.  Re: Map virtual email address to a uid or email

    Posted 11-14-2018 11:04 AM

    ChristJS

     

    I read this a couple of times and could not decipher the requirements clearly. 

     

    From an Access Management perspective, the Product has no knowledge of the Identity. The Product (any Access Management Product) relies on an Identity Store and results from an Identity Store to make decisions.

     

    The basic question to answer is, "How would an Access Management Product know it has to map an Identity 'abc@xyz.com' which User entered on browser to a different Identity 'xyz@someupn.com' ?". I believe this would be case for all Users i.e. it has to be dynamically supported. Thus the Access Management Product has to make multiple calls to Identity Store to fetch this info out (Albeit also needs to ensure the User Provisioning process works impeccably as these Identities needs to be mapped correctly in the Identity Store to begin-with, inorder to succeed at Access Management Layer).

     

    'abc@xyz.com' --> Maps to --> 'xyz@someupn.com'
    'def@xyz.com' --> Maps to --> 'pqr@someupn.com'
    'ghi@xyz.com' --> Maps to --> 'rst@someupn.com'

     

     

    Let me ask a few Question's,

    • Is both identities in the same Identity Store OR are they in different Identity Store ?
    • Is this mapping supposed to happen as part of Authentication OR as part of Authorization ?

     

     

    Here is a thought process,

    • If it is same Identity Store and has to happen as part of Authentication, then OOB it is not possible. We can try using SmWalker as an Authentication Scheme Wedge and see (POC) if it works.
    • If it is different Identity Store and has to happen as part of Authorization, then we could look at Identity Mapping OR Directory Mapping Solution.

     

    Again I do not have a clear view of the Identity Structure and relationships at this point in time. Hence all the above are just pure suggestions to see if we can get the ball rolling in the right direction.

     

    Regards

    Hubert



  • 4.  Re: Map virtual email address to a uid or email

    Broadcom Employee
    Posted 11-15-2018 07:09 PM

    As mentioned by Hubert , Your usecase/example is not very clear. 

     

    And what is your user directory ? because some of the user directories has got Virtual attribute mapping capability at directory server level eg: OVD/OID. Also there are 3rd party virtual directory products(eg: RadiantOne VDS | Radiant Logic ) available in the market to facilitate this feature.

     

    Coming back to Siteminder side,

    -  You can have a custom logic at you login page (fcc/jsp/asp) to transform the userid entered by the user before posting it to login.fcc for authentication.

     

    Regards

    Ashok