Federation Manager GuideFederation PartnershipsFederation Users Configuration at the Asserting Party › Configure Federation Users

Previous Topic: Federation Users Configuration at the Asserting Party

Next Topic: User Identification (Relying Party)

Configure Federation Users

Federation users are those users allowed to access protected federated resources.

To specify federation users

Note: Click Help for a description of fields, controls, and their respective requirements.

  1. Select a user directory from the list in the Directory column of the table of the Federated Users group box.

    The pull-down list consists of one or more directory entries, depending on the number of directories you specified in the previous dialog.

  2. Select the user class in the User Class column.
  3. Specify a user name or create a filter for the User Name/Filter By column.
  4. (Optional) You can select Exclude for an entry to indicate that you want to exclude this user class. The default is to include all users in the directory.

    Note: An exclude criteria always takes precedence over an include criteria in case the two criteria conflict.

  5. (Optional) Click Add Row to specify an additional user class for the same directory or another user directory.
  6. (Optional) Configure the SiteMinder Connector settings:
    1. If Federation Manager is integrating with an existing SiteMinder deployment, enable the SiteMinder Connector by selecting the check box.
    2. (Optional) Clear the Enforce UserDN and Directory Name Comparison so that the Federation Manager or SiteMinder uses a Universal ID to retrieve a user record. The Universal ID enables the user directories to be physically different and of different types. Use of the Universal ID is sufficient to regard the retrieved user record as the correct record.

      Note: If you rely on the Universal ID, each user must have a unique Universal ID. If the Universal IDs are not unique, the system accessing the user record can retrieve the wrong record.

      If you leave the check box selected (the default), Federation Manager and SiteMinder must use the same physical directory. The name for both of these directories must be the same for user store lookups. The entity authenticating the user compares the information that the user provides against the UserDN and the Directory Name of the user record.

  7. Click Next.

    The Assertion Configuration dialog displays.