After the SSO ticket containing the representee's identity has been received by the representee's Loginapp, the identity is propagated to the representee application using the configured identity propagator. In addition to the representee's identity, the identity propagator also has the possibility to transport information expressing the fact that the user is currently represented. This is done by adding the representer's ID to the propagated identity information.
Representer ID
By default, the representer's ID is the login username. Typical representee applications will need to map the representer's ID to the corresponding user in the database, for example, to retrieve the representer's first and last name and to display the representer's full name in the user interface.
Alternatively, Airlock IAM can send a context data field of the represented to the represented application.
Representer ID propagation
Generally, the Loginapp forwards the representer ID to the configured identity propagator as a parameter REPRESENTER_ID but, depending on the ID propagator plugin, a different parameter name must be used.
Read the ID propagator's plugin documentation in the Config Editor to see how to propagate the represented ID.
Examples:
Identity propagator | Representer ID propagation |
---|---|
Generic Identity Propagation >> Ticket String Provider >> User Identity Map | The represented ID is available as attribute representer-user-id. |
SSO Ticket Identity Propagator | The ticket contains an attribute with the name representerId. |
SAML Assertion Cookie Identity Propagator | Register custom attribute as @info:REPRESENTER_ID. |