Configuring a new user ID transformation
When you are integrating BMC Atrium Single Sign-On with existing legacy systems, the new authentication methods might not provide the same user ID format that was available with previous authentication methods. Some methods also return a user ID in a format that cannot be used directly, for example, when CAC is used for authentication. In these situations, you can modify the user ID format by using the UserId Transformer options on the Realm Authentication panel in the Realm Editor. By default, two transformation options are available. You can add complex transformations to the UserId Transformer list by creating customized plug-ins.
If more complex transformations are necessary, follow these processes:
Creating a new plug-in
To enable you to create a customized plug-in, a java class must implement the UserId Transformer interface. You can access the class file of this interface—which is used to develop and create the customized plug-in—from the atsso-auth.jar file at the following location: <installation-directory>/tomcat/webapps/atriumsso/WEB-INF/lib.
To create a new plug-in
- Create a new java class that implements the UserId Transformer interface.
Customize the class file as per your requirements.
- Compile the java file to create a class file.
You can create a jar library for the class file, if required.
Installing the plug-in
After you create a new plug-in, you must install it.
Before you install the plug-in on the Atrium SSO server, you must shutdown the server.
To install the plug-in
- You can install the plug-in class directly into the Atrium SSO server by copying the class file into the following directory: <installation-directory>/tomcat/webapps/atriumsso/WEB-INF/classes.
Alternatively, if you have packaged the class file in a jar library, copy the jar file into the following directory: <installation-directory>/tomcat/webapps/atriumsso/WEB-INF/lib.
If you need any additional libraries for the transformation plug-in, you the libraries into the following directory: <installation-directory>/tomcat/webapps/atriumsso/WEB-INF/lib.
- Add the full canonical class name of the new plug-in to the com.bmc.atrium.sso.opensso.extensions.userid.UserIdTransformer file at the following location: <installation-directory>/tomcat/webapps/atriumsso/WEB-INF/classes/META-INF/services.
- Restart the server.
If you have deployed BMC Atrium Single Sign-On in a High Availability (HA) environment, install the plug-in on all nodes in the cluster before configuring the realm to use the new transformation.
Using the new user ID transformation
After you install the plug-in on the server, open the BMC Atrium SSO Admin console and edit the realm for which you want to configure user ID transformation.
- On the Realms panel, select the realm and click Edit. The Realm Editor is displayed.
- On the Realm Authentication panel, select the type of transformation that you created from the UserId Transformer list.
You do not need to restart the server after applying the transformation. In-progress logon sessions will display the specified configuration, but newly started logon sessions will see the user ID as per the updated transformation.