User and organization attributes - CustomerID
Description
Ubisecure CustomerID supports storing basic user information to predefined repository objects. Also custom information can be stored to the main user authentication data repository by creating a mapping between the Ubisecure CustomerID internal field name and the repository attribute name. (See eidm2.properties data.attribute.mapping
)
Ubisecure CustomerID internal user information fields are:
firstname, surname, email, mobile, login, locale, password, customerid, companyid, acceptTerms
Mapping of basic internal fields to repository attributes goes as follows:
firstname = givenName
surname = sn
email = mail
mobile = mobile
login = uid (configurable with general.login.attribute)
locale = By default not mapped. Can be mapped using data.attribute.mapping.
password = UbiloginAuthMethod-object
Mapping of extra fields to repository:
ssn = description (configurable with data.attribute.mapping)
customerid = Virtual organization structure (depending on configuration)
companyid = Virtual organization structure (depending on configuration)
Custom attributes
Mapping of custom fields to repository attributes is configured with data.attribute.mapping
 –properties.
Ubisecure CustomerID supports custom attributes for users and organizations. For users custom attributes will be stored in the database. They may be additionally stored also in the main user authentication data repository. For organizations custom attributes will only be stored in the database.
Storing user custom attributes in the main user authentication data repository is defined using the data.attribute.mapping.<attribute name>
property as defined below in Data Storing Properties chapter. All user custom attributes will be automatically stored to the database as strings. Defining if the user attributes should be encrypted is done using the data.attribute.encrypt
 property as defined below in Data Storing Properties chapter.
All organization custom attributes will be automatically stored to the database as strings.
Ubisecure CustomerID does not provide default language text keys for custom attributes because we don't know the names of the custom attributes beforehand. Therefore always when new custom attributes are defined also the language files need to be updated. At least the following new language keys may be required for each new user custom attribute:
admin.approval.user.<custom user attribute name>.tooltip admin.roleinvitation.user.<custom user attribute name>.tooltip registerWizard.<custom user attribute name> registration.<registration name>.input.user.<custom user attribute name>.tooltip tooltip.user.attribute.modification.<custom user attribute name> user.<custom user attribute name>
The display text for each new organization attribute must also be added to the messages_XX.properties file. At least the following new language keys may be required for each new organization custom attribute:
registerWizard.organization.<custom organization attribute name> = <custom organization attribute text shown before field during registration> organization.<custom organization attribute name> = <custom organization attribute text shown before field>
An example of localization for the custom attribute "sic".
# shown during registration registerWizard.organization.sic = SIC Code # shown on organization details page organization.sic = Industry Classification Code
Organization custom attributes that have not been set for organizations will not be returned in API responses.
Reserved attribute names
There are some reserved names that cannot be used for custom attribute names. They are:
acceptterms, cn, companyid, create, customerid, disable, email, enable, firstname, friendlyname, hetu, locale, login, mandates.remove, mobile, organizationclass, organizationid, organizationtype, otp, otp.activated, otp.state, parentorganizationid, password, pwd, pwd.activated, registration, repouser, responseidformat, roleid, roles.remove, sms, sms.activated, ssn, status, surname, technicalname, uid, userid, username
and virtual
.
Built-in validations
Password
- Maximum lenght for password value is 64 characters.
Custom attributes
- Maximum length for a custom attribute value is 255 characters.
- Only lower case alphanumeric characters are allowed when naming custom attributes.
Configurations
These configurations are available in the eidm2.properties
 file.
data.attribute.encrypt
This is a comma separated list of custom attributes that should be encrypted to all data storage facilities, i.e. internal database, Ubisecure Directory and Active Directory. This cannot be enabled for certain attributes, such as cn, mobile or email.
Attributes that are encrypted cannot be used for Directory User Mapping. Attributes that are encrypted can only be found in searches by the exact value (not for example by just a prefix).
Default is <none set>
.
Example:
data.attribute.encrypt = ssn
data.attribute.mapping.<fieldname>
These properties define the mapping between user interface field names and repository attribute names. Some fields have fixed attributes where they are stored to (see previous chapter) and these properties define the attributes where other fields are stored to.
Default is data.attribute.mapping.ssn = description
Example:Â
data.attribute.mapping.ssn = description
NOTE: There is no need to define mapping for built-in attributes firstname, surname, email, mobile and login.
data.attribute.country
This property lists attributes that store country values. The values are stored as two-character codes, but all user interfaces for the attribute modification show a country selector user interface element. See Customization - CustomerID page on how to configure the country selector options.
Default is <not set>
.
Example:
data.attribute.country = country