User Attribute Retrieval and Transformation helps you to perform the following activities:
Retrieve attribute values from external sources other than the configured user stores. The sources can be external REST web service, external database, or any external LDAP repository.
Transform attribute values before they are sent as part of an assertion to a federated provider. For example, you can edit an attribute value before it is sent from identity provider to a service provider in a SAML 2.0 federation. You can also edit an attribute value sent from identity provider to Access Gateway used in policies.
Transform the attribute value used in policies. For example, you can transform Identity Server role-based policies.
User Attribute Retrieval and Transformation introduces the following configuration settings in Identity Server:
Data Source: An entity that holds configuration properties that help in connecting to an external data source. The properties of the data source can be defined in the data source user interface. A data source can be a REST web service, an LDAP repository, or an SQL database.
Attribute Source:Represents queries that fetch attributes from a data source. You can define an LDAP search filter or an SQL query. You can also define requests and configure the response to retrieve attributes from a REST web service resource endpoint.
Virtual Attribute: Helps you specify the attributes that must be transformed and in the way the transformations happen. A virtual attribute can transform multi-valued attributes.