Update Account
The Update Account authentication action allows updating the authenticated user account with attribute values from the authentication session.
The update account authentication action updates an account during the authentication process. This action applies a sequence of update operations, defined on the configuration, on an account managed by an account manager, also defined via configuration.
The updated account is the one whose username string matches the subject string in current authentication attributes, i.e., the authentication attributes provided to the action. If no such account exists, the update account action returns a failure result and the authentication process ends with that failure.
This update account action supports three different operations:
- Adding an account attribute using a value retrieved from the action’s subject attributes, context attributes, or action attributes.
- Replacing an account attribute using a value retrieved from the action’s subject attributes, context attributes, or action attributes.
- Removing an account attribute given an attribute path.
The addition and replacement operation behavior is the same as the one defined for the AttributeUpdate SDK class.
Configuration#
The following configuration options are available
| Configuration | Mandatory | Description |
|---|---|---|
account-manager | yes | Where the account should be updated. |
operation | yes | One or more entries defining an update mutation on the account. |
operation/name | yes | An unique name for the operation. |
operation/add-attribute | no | Defines an addition operation. |
operation/replace-attribute | no | Defines a replacement operation. |
operation/delete-attribute | no | Defines a deletion operation. |
An addition operation has the following configuration settings.
| Configuration | Mandatory | Description |
|---|---|---|
operation/add-attribute/source-attribute-path | yes | Defines the path of the attribute containing the value to use on the addition. |
operation/add-attribute/source-attribute-location | no | Defines the location of the attribute containing the value to use on the addition (subject attributes, context attributes, or action attributes). Default location is the action attributes. |
operation/add-attribute/target-attribute-path | yes | Defines the path of the account attribute to add. |
operation/add-attribute/convert-to-multi-value | no | If present, the source attribuve value is wrapped inside a multi-valued value. |
operation/add-attribute/convert-to-multi-value/primary | no | Defines if the multi-valued value is the primary value. |
operation/add-attribute/source-attribute-is-required | no | If enabled, the action will fail if the source attribute is not found, otherwise the operation is ignored (default behavior). |
A replacement operation has the following configuration settings.
| Configuration | Mandatory | Description |
|---|---|---|
operation/replace-attribute/source-attribute-path | yes | Defines the path of the attribute containing the value to use on the replacement. |
operation/replace-attribute/source-attribute-location | no | Defines the location of the attribute containing the value to use on the replacement (subject attributes, context attributes, or action attributes). Default location is the action attributes. |
operation/replace-attribute/target-attribute-path | yes | Defines the path of the account attribute to replace. |
operation/replace-attribute/convert-to-multi-value | no | If present, the source attribuve value is wrapped inside a multi-valued value. |
operation/replace-attribute/convert-to-multi-value/primary | no | Defines if the multi-valued value is the primary value. |
operation/replace-attribute/source-attribute-is-required | no | If enabled, the action will fail if the source attribute is not found, otherwise the operation is ignored (default behavior). |
A delete operation has the following configuration settings.
| Configuration | Mandatory | Description |
|---|---|---|
operation/delete-attribute/target-attribute-path | yes | Defines the path of the account attribute to delete. |
Back-channel support#
This action can be used in back-channel authentication.