Map session userID

This document describes how to set the userID in the session to another value than the default value. The default value, depending on the authenticator, is:

- The entered username

- Certificate subject-serialnumber

The session userID will be used as token identifier for PhenixID Pocket Pass and PhenixID One Touch.

Use case

In some scenarios, the default userID will be a complex string which is hard to remember for the end user. For example, a user authenticating with a SITHS certificate will get the HSA id as default userID. An example of HSA-id is TST5565594230-10R3170. This id is very hard to remember for the end user in scenarios with PhenixID Pocket Pass or PhenixID OneTouch authentication. In such cases, mapping to a more user-friendly userID value may be desired.

Configuration

Session userID is set during authentication. It is set in the pipe connected to the authenticator.

 

Add these valves to the pipe. Change "userid" parameter to the desired value to set as userID in session.

	{
				"name": "SessionLoadValve",
				"config": {
					"id": "{{request.session_id}}"
				}
			},
			{
				"name": "SessionBindToUidValve",
				"config": {
					"userid": "<userid>"
				}
			},
			{
				"name": "SessionPersistValve",
				"config": {}
			}

 

Example

- Client certificate authentication

- Map session userID to value from LDAP (sAMAccountName)

 

	{
		"id": "pipeCert",
		"valves": [
			
			{
				"name": "LDAPSearchValve",
				"config": {
					"connection_ref": "local_ldap",
					"base_dn": "dc=demo,dc=phenixid,dc=se",
					"scope": "SUB",
					"size_limit": "0",
					"filter_template": "(serialNumber={{request.serialNumber}})",
					"attributes": "sAMAccountName"
				}
			},
			{
				"name": "SessionLoadValve",
				"config": {
					"id": "{{request.session_id}}"
				}
			},
			{
				"name": "SessionBindToUidValve",
				"config": {
					"userid": "{{item.sAMAccountName}}"
				}
			},
			{
				"name": "SessionPersistValve",
				"config": {}
			}
		]
	}