A data source transformer action transforms the input attribute names and values. It does not enforce attributes, so it will not fail the authentication.
Transforming attribute names means that an attribute named user-email, for example, can be transformed to something like email in the output. This is useful when unifying data from different account sources.
Transforming attribute values means that the data inside the attribute is transformed. The data source transformer can replace the value of a given attribute with the value of an attribute found in the data source.
It is also possible to exclude attributes from the result, simply by listing them as excluded-attributes in the configuration. This will result in them being dropped when found.
The Data Source transformer uses an attribute data source to fetch external attributes. See the data source section on how to configure the data source for attribute queries.
By default, this action transforms the subject attributes.
It can be configured to transform the context attributes or the action attributes, by setting the attributes-location configuration setting.
Take the email attribute, replace its value with that of the user-email attribute provided by the configured data-source:
To add new values that exist in the data source, simply list them as additional values:
As with the regex transformer, it is also possible to exclude attributes and rename the attribute names.
The following configuration options are available: