Single sign-on mapping definition file (imdd_sso_mapping.properties)

Format

user-ID-for-the-OpenID-provider = JP1-user-name
user-ID-for-the-OpenID-provider = JP1-user-name
...

To Page Top

Files

imdd_sso_mapping.properties

imdd_sso_mapping.properties.model (model file of the single sign-on mapping definition file)

To Page Top

Storage directory

In Windows

For a physical host:

Manager-path\conf\imdd\

For a logical host:

shared-folder\jp1imm\conf\imdd\

In UNIX

For a physical host:

/etc/opt/jp1imm/conf/imdd/

For a logical host:

shared-directory/jp1imm/conf/imdd/

To Page Top

Description

This file defines the mapping between the name of the JP1 user used in the Intelligent Integrated Management Base and the name of the user registered in the OpenID provider.

To Page Top

When the definitions are applied

When the jddupdatessomap command is completed successfully, the settings in the single sign-on mapping definition file take effect in the Intelligent Integrated Management Base.

To Page Top

When the definitions are applied

When the jddupdatessomap command is completed successfully, the settings in the single sign-on mapping definition file take effect in the Intelligent Integrated Management Base.

To Page Top

Information that is specified

Save the single sign-on mapping definition file in UTF-8 format, with no byte order mark (BOM) added to it.

The single sign-on mapping definition file has the following rules:

• Comment lines start with # or !.

• The user ID for the OpenID provider and the JP1 user name are case-sensitive.

• If an invalid format is found in a line, processing continues, ignoring the line.

• When you specify multiples user IDs for the same OpenID provider, the last specified one is enabled.

• There is no upper limit on the number of definitions.

• If the definition is applied when the file has no valid property at all, the KAJY52031-W message is output and the applied single sign-on mapping definitions are cleared.

user-ID-for-the-OpenID-provider

Specify the user ID registered in the OpenID provider. It is mapped to the JP1 user name specified on the right side.

JP1-user-name

Specify the name of the JP1 user registered in the JP1/Base authentication server. It is mapped to the user ID registered in the OpenID provider specified on the left side.

For details about the characters available in the JP1 user name, see the manual JP1/Base User's Guide.

The JP1 user requires the JP1 permission level of JP1_Console_Admin, JP1_Console_Operator, or JP1_Console_User, which is needed to log in to the Intelligent Integrated Management Base. If an unregistered JP1 user or a JP1 user without the JP1 permission is specified, the KAJY52027-E error occurs upon user authentication.

DS users whose JP1 authentication information is managed in the directory server through directory server linkage of JP1/Base are not applicable for single sign-on mapping authentication. If a DS user goes through authentication when the user is specified in the single sign-on mapping definition file, the KAJY52027-E error occurs during user authentication. For details about directory server linkage of JP1/Base, see the JP1/Base User's Guide.

To Page Top

Notes

• The user ID for the OpenID provider contains all characters, except for the end-of-line symbol, from the first non-space character to before the first unescaped =, :, or a space character.

• If you use characters that show the end of the user ID for the OpenID provider (=, :, or a space character) in the user ID, add a backslash before the end-indicating character to escape it.

• If you use characters that show the comment at the beginning of the user ID for the OpenID provider (# or !) in the user ID, add a backslash before the comment-indicating character to escape it.

The following table lists characters that must be escaped when used in the user ID for the OpenID provider.

To Page Top

Example definition

OpenIDuser001 = JP1admin
OpenIDuser002 = JP1ope
...

To Page Top