On the IBM Security Access Manager (ISAM) for Mobile appliance, the authentication service exposes a number of mapping rules. Four of them are related to the OTP capabilities and the last one is a mapping rule that fires once the authentication service has completed and allows manipulation of the returned ISAM credential.
I have a scenario where I am required to access values supplied in the HTTP headers from WebSEAL. (My scenario was the result of an OAuth based approach, however this can also be necessary when you are using tag values from WebSEAL.)
If you need the header value from any of the OTP based mapping rules, you can get the header from the STSUU context attributes. Here is an example looking for a value supplied by the header customHeader.
var waCtxAttrCon = stsuu.getContextAttributesAttributeContainer();
var headerValue = waCtxAttrCon.getAttributeValueByNameAndType
("customHeader","otp.useragent.httpheader.type");
IDMappingExtUtils.traceString("Header Value Acquired: " + headerValue);
If you need the header value in the AuthSvcCredential mapping rule, it’s a little bit different.
//Get State ID from headers...
var headerValue = context.get
(Scope.REQUEST, "urn:ibm:security:asf:request:header", "customHeader");
IDMappingExtUtils.traceString("Header Value Acquired: " + headerValue);
Philip Nye 