Single sign-on mapping definition file (imdd_sso_mapping.properties)
- Organization of this page
Format
user-ID-for-the-OpenID-provider = JP1-user-name user-ID-for-the-OpenID-provider = JP1-user-name ...
Files
imdd_sso_mapping.properties
imdd_sso_mapping.properties.model (model file of the single sign-on mapping definition file)
Storage directory
- In Windows
-
- For a physical host:
-
Manager-path\conf\imdd\
- For a logical host:
-
shared-folder\jp1imm\conf\imdd\
- In UNIX
-
- For a physical host:
-
/etc/opt/jp1imm/conf/imdd/
- For a logical host:
-
shared-directory/jp1imm/conf/imdd/
Description
This file defines the mapping between the name of the JP1 user used in the Intelligent Integrated Management Base and the name of the user registered in the OpenID provider.
When the definitions are applied
When the jddupdatessomap command is completed successfully, the settings in the single sign-on mapping definition file take effect in the Intelligent Integrated Management Base.
When the definitions are applied
When the jddupdatessomap command is completed successfully, the settings in the single sign-on mapping definition file take effect in the Intelligent Integrated Management Base.
Information that is specified
Save the single sign-on mapping definition file in UTF-8 format, with no byte order mark (BOM) added to it.
The single sign-on mapping definition file has the following rules:
-
Comment lines start with # or !.
-
The user ID for the OpenID provider and the JP1 user name are case-sensitive.
-
If an invalid format is found in a line, processing continues, ignoring the line.
-
When you specify multiples user IDs for the same OpenID provider, the last specified one is enabled.
-
There is no upper limit on the number of definitions.
-
If the definition is applied when the file has no valid property at all, the KAJY52031-W message is output and the applied single sign-on mapping definitions are cleared.
- user-ID-for-the-OpenID-provider
-
Specify the user ID registered in the OpenID provider. It is mapped to the JP1 user name specified on the right side.
- JP1-user-name
-
Specify the name of the JP1 user registered in the JP1/Base authentication server. It is mapped to the user ID registered in the OpenID provider specified on the left side.
For details about the characters available in the JP1 user name, see the manual JP1/Base User's Guide.
The JP1 user requires the JP1 permission level of JP1_Console_Admin, JP1_Console_Operator, or JP1_Console_User, which is needed to log in to the Intelligent Integrated Management Base. If an unregistered JP1 user or a JP1 user without the JP1 permission is specified, the KAJY52027-E error occurs upon user authentication.
DS users whose JP1 authentication information is managed in the directory server through directory server linkage of JP1/Base are not applicable for single sign-on mapping authentication. If a DS user goes through authentication when the user is specified in the single sign-on mapping definition file, the KAJY52027-E error occurs during user authentication. For details about directory server linkage of JP1/Base, see the JP1/Base User's Guide.
Notes
-
The user ID for the OpenID provider contains all characters, except for the end-of-line symbol, from the first non-space character to before the first unescaped =, :, or a space character.
-
If you use characters that show the end of the user ID for the OpenID provider (=, :, or a space character) in the user ID, add a backslash before the end-indicating character to escape it.
-
If you use characters that show the comment at the beginning of the user ID for the OpenID provider (# or !) in the user ID, add a backslash before the comment-indicating character to escape it.
The following table lists characters that must be escaped when used in the user ID for the OpenID provider.
No. |
Character |
Unicode |
When it must be escaped |
---|---|---|---|
1 |
= |
\u003D |
Always required |
2 |
: |
\u003A |
|
3 |
Space |
\u0020 |
|
4 |
# |
\u0023 |
Required for the first character |
5 |
! |
\u0021 |
Example definition
OpenIDuser001 = JP1admin OpenIDuser002 = JP1ope ...