<xsl:variable name='credMethod' select="stsuuser:Attribute[@name='attr:AZN_CRED_AUTH_METHOD']/stsuuser:Value"/>
Unfortunately the user mapping rule is executed immediately after the authentication operation, but before the credential is created. This means that the standard credential information (which includes AZN_CRED_AUTH_METHOD) is not available to the user mapping rule. The full list of data which is made available to the user mapping rule can be found in the documentation: https://www.ibm.com/docs/en/sva/10.0.4?topic=mapping-valid-user-attributes. It looks like you should be able to use the 'method' attribute to determine the method which authenticated the user.
I hope that this helps.
Scott A. Exton Senior Software Engineer Chief Programmer - IBM Security Verify Access IBM Master Inventor
<xsl:variable name="method"><xsl:value-of select="stsuuser:Attribute[@name='method']/stsuuser:Value"/></xsl:variable>