Dynamic Mapping

JFrog Platform Administration Documentation

Content Type
Administration / Platform
ft:sourceType
Paligo

Note

Dynamic mapping is supported from Artifactory version 7.95.

Identity mappings can contain dynamic mappings that are used to support verification or modification for a username or group name in the token subject based on a pattern. The pattern is a string that specifies which claim you want to extract from the token request. If the claim is not found, the token request fails. The pattern can be used to replace a part of the claim with a username, or to add data, or to verify that the data in the claim matches a definition. For a dynamic group definition, the pattern is applied to all groups and adds the pattern to the group scope.

When creating an identity mapping, you can choose for the token scope to create a Group Mapping with an identity mapping Pattern, as shown below.

dynamic-mapping-01.png

Following are several examples of identity mapping patterns.

Example

For the following mapping, there will be no change. The identity mapping will take the actor claim and use it as is.

{{actor}} 

When the claims are applied, the pattern “actor” : “saidegreen” in the token subject will be used as is: applied-permissions/user:saidegreen.

Example

For the following, the dynamic mapping will try to find the actor claim in the token request claim and add @jfrog.com at the end.

{{actor}} | $0@Jfrog.com

When the claims are applied, the pattern “actor” : “saidegreen” in the token subject will become applied-permissions/user:saidegreen@jfrog.com.

Example

For the following, the dynamic mapping will try to find the actor claim in the token request claim and then remove the @jfrog.com at the end.

({{actor}})@jfrog.com|$1

When the claims are applied, the pattern “actor” : “username@jfrog.com” in the token subject will become applied-permissions/user:username.

Example

For the following, the dynamic mapping will look for email claims that start with jf and end with jfrog.com.

jf{{mail}}jfrog.com|$0

When the claims are applied, the pattern “mail” : “jfuserid30@jfrog.com” in the token subject will become applied-permissions/user:jfuserid30@jfrog.comuser:username. However, “mail” : “gituserid30@jforg.com” will fail the request because the email does not start with jf.

Example

For the following, the dynamic mapping will look for claims that contain group and add to the end of the claim -jfrog.

{{group}} | $0-jfrog 

When the claims are applied, the claims claim("group", "gitgroup, gitgroup2, gitgroup3, gitgroup4") will become applied-permissions/groups:"gitgroup-jfrog","gitgroup2-jfrog","gitgroup3-jfrog","gitgroup4-jfrog".

Example

Following are examples of dynamic mapping patterns with the format {claim value, pattern, result}.

{"jfuser-f12jf", "jf{{actor}}jf|$1", "user-f12"}
{“jfuser-f12jf”, jfrog{actor}}jfrog|$1, “jfroguser-f12jfrog”}
{“user”, “{{actor}}”, “user”}
{“user”, “{{actor}} | hub$0jfrog”, “hubuserjfrog”}