Copy Attribute
The Copy Attribute authentication action allows copying or moving one or more attributes from one location to another. Attribute locations are one of the following: Subject Attributes, Context Attributes or Action Attributes.
The attributes can be renamed while copied from one location to another, by setting a different target path than the source one.
By default, the action will copy the attribute (and not move it). When an attribute is moved it is removed from the source location.
Note that a given attribute can be used in many operations and copied or moved in multiple locations using only one Copy Attribute action.
If the attribute already exists in the target location, then the copy replaces the existing value and overrides it.
Configuration#
The action is configured with a list of operations. An operation is a copy or a move and is defined by a source location and attribute path, as well as a target location and attribute path. For each copy or move operation, the following configuration options are available:
| Configuration | Mandatory | Description |
|---|---|---|
name | Yes | The unique identifier of the operation. |
move | No | When false, the attribute is copied to the target location. When true the attribute is moved to the target location and removed from source location. Default: false |
sourcePath | Yes | The fully qualified name of the attribute to copy or move. |
sourceLocation | Yes | The source location of the attribute to copy or move (subject-attributes, context-attributes, action-attributes). |
source-is-attribute-name | No | The source name is literal, and does not represent a path. Enable this if your attribute name contain a period, which would indicate that it is addressing a nested object. |
targetPath | Yes | The fully qualified name of the copied attribute. |
targetLocation | Yes | The target location of the copied attribute (subject-attributes, context-attributes, action-attributes). |
target-is-attribute-name | No | The target name is literal, and does not represent a path. Enable this if the attribute name you are creating contain a period, which would indicate that it is addressing a nested object. |
Back-channel support#
This action can be used in back-channel authentication.