Copy Attribute

The Copy Attribute authentication action allows copying or moving one or more attributes from one location to another. Attribute locations are one of the following: Subject Attributes, Context Attributes or Action Attributes.

The attributes can be renamed while copied from one location to another, by setting a different target path than the source one.

By default, the action will copy the attribute (and not move it). When an attribute is moved it is removed from the source location.

Note that a given attribute can be used in many operations and copied or moved in multiple locations using only one Copy Attribute action.

If the attribute already exists in the target location, then the copy replaces the existing value and overrides it.


The action is configured with a list of operations. An operation is a copy or a move and is defined by a source location and attribute path, as well as a target location and attribute path. For each copy or move operation, the following configuration options are available:

Configuration Mandatory Description
name yes The unique identifier of the operation.
move no When false, the attribute is copied to the target location. When true the attribute is moved to the target location and removed from source location. Default: false
sourcePath yes The fully qualified name of the attribute to copy or move.
sourceLocation yes The source location of the attribute to copy or move (subject-attributes, context-attributes, action-attributes).
targetPath yes The fully qualified name of the copied attribute.
targetLocation yes The target location of the copied attribute (subject-attributes, context-attributes, action-attributes).