Hi,

I'm trying to get some data which I have available in a federation access policy (through the protocolContext) to an authentication mechanism InfoMap.

The way I am doing this now is by setting a redirectUri from the access policy with an added HTTP GET request parameter, which I can retrieve in the InfoMap.
This works fine but I don't want the users to see the value in the URL, and be able to change it.

Is there a good way to store data in the access policy which I can retrieve in the infomaps?
Or is there any good documentation/guide available which explains how these components interact with eachother, and what kind of session data is available?

Thanks

------------------------------
Niel Verheire
------------------------------

Hello Niel,

Have you considered using the DMAP?
https://www.ibm.com/docs/en/sva/10.0.3?topic=rules-javascript-whitelist
com.tivoli.am.fim.trustserver.sts.utilities.IDMappingExtCacheDMAPImpl

Here's an example of using the distributed map in an infomap:

https://github.com/IBM-Security/isam-support/blob/master/config-example/aac/info_map_js/infomap_getAttributeFromDMAPCache.js

The Java Documentation has information on how to utilize said cache.

------------------------------
JACK YARBOROUGH
------------------------------

Original Message:
Sent: Wed February 09, 2022 03:30 AM
From: Niel Verheire
Subject: Getting data from Access Policy to an Authentication Mechanism InfoMap

Hi,

I'm trying to get some data which I have available in a federation access policy (through the protocolContext) to an authentication mechanism InfoMap.

The way I am doing this now is by setting a redirectUri from the access policy with an added HTTP GET request parameter, which I can retrieve in the InfoMap.
This works fine but I don't want the users to see the value in the URL, and be able to change it.

Is there a good way to store data in the access policy which I can retrieve in the infomaps?
Or is there any good documentation/guide available which explains how these components interact with eachother, and what kind of session data is available?

Thanks

------------------------------
Niel Verheire
------------------------------

Hi Jack,

Thanks for your suggestion. That certainly seems like a better way.

Got it working using the "user_session_id" header value. As this is before any authentication happens I was unable to use credential attributes.

------------------------------
Niel Verheire
------------------------------

Original Message:
Sent: Wed February 09, 2022 04:39 PM
From: JACK YARBOROUGH
Subject: Getting data from Access Policy to an Authentication Mechanism InfoMap

Hello Niel,

Have you considered using the DMAP?
https://www.ibm.com/docs/en/sva/10.0.3?topic=rules-javascript-whitelist
com.tivoli.am.fim.trustserver.sts.utilities.IDMappingExtCacheDMAPImpl

Here's an example of using the distributed map in an infomap:

https://github.com/IBM-Security/isam-support/blob/master/config-example/aac/info_map_js/infomap_getAttributeFromDMAPCache.js

The Java Documentation has information on how to utilize said cache.

------------------------------
JACK YARBOROUGH

Original Message:
Sent: Wed February 09, 2022 03:30 AM
From: Niel Verheire
Subject: Getting data from Access Policy to an Authentication Mechanism InfoMap

Hi,

I'm trying to get some data which I have available in a federation access policy (through the protocolContext) to an authentication mechanism InfoMap.

The way I am doing this now is by setting a redirectUri from the access policy with an added HTTP GET request parameter, which I can retrieve in the InfoMap.
This works fine but I don't want the users to see the value in the URL, and be able to change it.

Is there a good way to store data in the access policy which I can retrieve in the infomaps?
Or is there any good documentation/guide available which explains how these components interact with eachother, and what kind of session data is available?

Thanks

------------------------------
Niel Verheire
------------------------------