Transforming userID to match login ID

During the login procedure, BMC Helix Single Sign-On checks that the login ID provided by an end user matches the userID available in the user store of an identity provider (IdP). In many use cases, the login ID and the userID do not match, therefore end users cannot log in by using their login credentials. In such cases, BMC Helix Single Sign-Ontransform the userID for an authentication method by specifying a userID transformation type.

For example, the user name from the identity provider response is CustomeUserName@gmail.com coming from the identity provider response and the user name specified in the Remedy AR System is CustomUserName. To configure the authentication method for end users' login, you must remove the domain from the userID.

You might also need to transform a userID when you integrate BMC Helix SSO with BMC applications, set up an authentication method, and then change the original authentication method. The new authentication method might not provide the same userID format that was available with the original method, and you must specify a userID transformation type for this authentication type.   


Important

The userID transformation options are supported for all authentication types except "Local".

To transform the userID to match the login ID

  1. In the UserID Transformation field, specify a required transformation type.

To specify a custom userID to match the login ID

  1. In the left navigation panel of the Add Realm or Edit Realm page, click Authentication.
  2. In the Custom Expression field, specify your value in the following format "userId + {value}".
    For example, by using the #userId + "@bmc.com" expression, you construct Mary@bmc.com.
  3. Click Save.
    You can specify a custom userID by using predefined string functions. The list of Java string functions and their description is displayed in the following table:

    FunctionDescription
    strip()Returns a string whose value is this string, with all leading and trailing white spaces removed.
    substring(int beginIndex)Returns a string that is a substring of this string. The substring begins with the character at the specified index and extends to the end of this string.
    substring(int beginIndex, int endIndex)Returns a string that is a substring of this string. The substring begins at the specified beginIndex and extends to the character at index endIndex - 1.
    toLowerCase()Converts all of the characters in this string to lower case.
    toUpperCase()Converts all of the characters in this string to upper case.
    split(String regex)Splits a string at matches of the given regular expression.
    replace(String target, String replacement)Returns a string resulting from replacing all occurrences of target in this string with replacement.

    The following table represents examples of using string functions: 

    ExpressionCurrent valueTransformed value
    #userId.split('@')[0]user1@example.comuser1
    #userId.split('@')[0].toUpperCase()user1@example.comUSER1
    #userId.replace("@example.com", "@abc.com")user1@example.comuser1@abc.com
    #userid.substring(2)p_user12345user12345
    #userid.substring(4, 9) + #userid.substring(0, 4)user1234512345user

To transform AR System login ID

When your AR System login ID doesn't match the BMC Helix SSO login ID format, you can transform the login ID with the help of AR REST API. For information about the AR REST API, see AR Server REST API architecture Open link .

To activate the login ID transformation option:

  1. In BMC Helix SSO, navigate to the appropriate realm.
  2. In the left navigation panel of the Add Realm or Edit Realm page, click Authentication.
  3. In the Custom Expression field, specify your value in the following format: 
    #arAliasToLoginName.convert('AR REST API URL', 'ARUser', 'encrypted ARUser Password', Field ID, #userId)
  4. Click Save.
    For example, you get the following result:
    #arAliasToLoginName.convert('https://example.com:8443', 'Demo', 'AES-GCM:5de2a10c228a89e8aaaf069c5fb7e448afb997565c0d3c46ba3ddac39fccbddc', 117, #userId)
    where '117' is a field ID for "Full Name" of the schema User.


Was this page helpful? Yes No Submitting... Thank you

Comments