Configure profile mappers - Fluid Topics

Configure profile mappers - Fluid Topics - 3.11

Fluid Topics Configuration and Administration Guide

Category

Reference Guides

Audience

public

Version

3.11

When creating a new realm or updating an existing one, users with the ADMIN role can access a section called Profile mappers.

Although the section itself is read-only, it is possible to make modifications by selecting the Run configuration assistant button. This opens the Profile mappers assistant drawer, where the following mapping methods are available:

Select properties.
Define a JavaScript function.

Why configure profile mappers?

Configuring profile mappers establishes a relationship between the following elements:

The user's information as defined when their Fluid Topics account was first created.
The user's information as Fluid Topics retrieves it from the realm's configuration when the user authenticates.

Some administrators also use profile mappers to request additional information about a user from an external domain.

What information is mappable?

The information administrators can map depends on the realm. The following table identifies mappable information for each realm:

Realm	Mappable user information	Notes
Internal	Groups Roles Search preferences
LDAP	Display name Groups Roles Search preferences
OpenID Connect	ID (must be stable) Display name Email Groups Roles Search preferences
SAML realm	ID (must be stable) Display name Email Groups Roles Search preferences	If the SAML provider is Keycloak, additional configuration in the Keycloak UI is required to ensure that the condition of a stable ID is met.

Example

The following lines show an example of JavaScript code that users with the ADMIN role can use to configure Profile mappers in order to assign specific roles and groups to users and administrators:

admin_users = ['admin@myawesomecompany.com',
    'john.doe@myawesomecompany.com',
];

// Push company user roles
user.roles = []

if (admin_users.includes(attributes.emailAddress)) {
    user.roles.push("ADMIN",
        "BETA_USER",
        "ANALYTICS_USER", "DEBUG_USER",
        "PERSONAL_BOOK_USER",
        "PERSONAL_BOOK_SHARE_USER", "HTML_EXPORT_USER",
        "PDF_EXPORT_USER",
        "SAVED_SEARCH_USER", "COLLECTION_USER",
        "PRINT_USER");
} else {
    user.roles.push("PERSONAL_BOOK_USER",
        "PERSONAL_BOOK_SHARE_USER",
        "HTML_EXPORT_USER",
        "PDF_EXPORT_USER",
        "SAVED_SEARCH_USER", "COLLECTION_USER",
        "PRINT_USER");
}

// Push company user groups
user.groups = []
user.groups =
    function () {
        if (admin_users.includes(attributes.emailAddress))
            return ['Documentation Admin']
        if (attributes.emailAddress.endsWith('@myawesomecompany.com'))
            return ['Internal']
        else
            return ['External']
    }();

- When running the configuration assistant, it is necessary to have the email address of an existing user on hand.

- When configuring search preferences, defining a JavaScript function is the only mapping method available.

Pressing Control + Space or Control + i, or typing http. displays inline help for the configuration assistant.