Access an identity’s profile
AM allows a node to read and write data to and from an identity’s profile.
This is useful if a node needs to store information more permanently
than when using either the authentication trees' NodeState or the identity’s session.
|
Any node that reads or writes to an identity’s profile must only occur in a tree after the identity has been verified. For example, as the final step in a tree or directly after a Data Store Decision node. To store a verified identity in the journey session, call |
Read an identity’s profile
Use the IdUtils static class:
AMIdentity id = IdUtils.getIdentity(username, realm);|
Use the IdUtilsWrapper class to assist with testing. |
If AM is configured to search for the identity’s profile using a different search attribute than the default, provide the attributes as a third argument to the method.
To obtain the attributes, you could request them in the configuration of the node or obtain them from the realm’s authentication service configuration.
The following example demonstrates how to obtain the user alias:
public AMIdentity getIdentityFromSearchAlias(String username, String realm) {
ServiceConfigManager mgr = new ServiceConfigManager(
ISAuthConstants.AUTH_SERVICE_NAME,
AccessController.doPrivileged(AdminTokenAction.getInstance());
ServiceConfig serviceConfig = mgr.getOrganizationConfig(realm, null);
Set<String> realmAliasAttrs = serviceConfig.getAttributes()
.get("iplanet-am-auth-alias-attr-name");
return IdUtils.getIdentity(username, realm, realmAliasAttrs);
}By combining these approaches, you can search for an identity by using the ID and whichever configured attribute field(s) as necessary.