Is it possible to map an user with virtual email id(ie, firstname.lastname@example.org) mapped with an actual id (email@example.com). I need to firstname.lastname@example.org to authenticate the user by mapping the user to email@example.com and provide access. How to write this expression in Domain or SAML Federation.
Any help would be appreciated.
Though we could do this by Identity Mapping, documentation is less with regards to this.
is this possible?
Requesting your assistance on this please.
I read this a couple of times and could not decipher the requirements clearly.
From an Access Management perspective, the Product has no knowledge of the Identity. The Product (any Access Management Product) relies on an Identity Store and results from an Identity Store to make decisions.
The basic question to answer is, "How would an Access Management Product know it has to map an Identity 'firstname.lastname@example.org' which User entered on browser to a different Identity 'email@example.com' ?". I believe this would be case for all Users i.e. it has to be dynamically supported. Thus the Access Management Product has to make multiple calls to Identity Store to fetch this info out (Albeit also needs to ensure the User Provisioning process works impeccably as these Identities needs to be mapped correctly in the Identity Store to begin-with, inorder to succeed at Access Management Layer).
'firstname.lastname@example.org' --> Maps to --> 'email@example.comfirstname.lastname@example.org' --> Maps to --> 'email@example.comfirstname.lastname@example.org' --> Maps to --> 'email@example.com'
Let me ask a few Question's,
Here is a thought process,
Again I do not have a clear view of the Identity Structure and relationships at this point in time. Hence all the above are just pure suggestions to see if we can get the ball rolling in the right direction.
As mentioned by Hubert , Your usecase/example is not very clear.
And what is your user directory ? because some of the user directories has got Virtual attribute mapping capability at directory server level eg: OVD/OID. Also there are 3rd party virtual directory products(eg: RadiantOne VDS | Radiant Logic ) available in the market to facilitate this feature.
Coming back to Siteminder side,
- You can have a custom logic at you login page (fcc/jsp/asp) to transform the userid entered by the user before posting it to login.fcc for authentication.