The UserNameMapping section of TdgssUserConfigFile.xml is used to parse out the database username. To obtain the database logon username, JWT uses the subject (sub) claim from the JWT payload as the username by default. But, the claim may be different for each identity provider or the claim may need to be parsed to select a portion of it to be used as the username.
For example, if a JWT claim has preferred_username and the value is an email address like xys@company.com, the email address must be mapped to xys because an email address cannot be used as a database username. In the example, the UserNameMapping section contains a claim for preferred_username: claim=preferred_username. The claim is matched with the regular expression pattern in Match. If it matches, DatabaseName = $1. In this example, $1 is xys according to the Match pattern. So, xys is used as the database username.
<Mechanism Name="JWT"> <MechanismProperties JWTDynamicKey="yes|no" JWTokenExchange="yes|no" JWTClientTlsCACertDir="</opt/teradata/tdat/site/xyz/abc>" .../> <UserNameMapping Claim="preferred_username"> Match="(\w+)@([\w+.]+)" DatabaseName="${1}" /> <UserNameMapping Claim="sub"> Match="(\w+)|(\w+)" DatabaseName="Auth_${2}" /> <UserNameMapping Claim="sub" Match="(.+)" DatabaseName="${1}" /> <UserNameMapping Claim="qlid" Match="(\w{2})(\d{6})" DatabaseName="${1}_${2}" /> </Mechanism>
where the Match pattern is a POSIX regular expression.