Federation Manager GuideGetting Started with a Simple PartnershipConfigure the SP Partner › Specify the User Identification Attribute

Previous Topic: Create the SP-to-IdP Partnership

Next Topic: Configure Single Sign-on

Specify the User Identification Attribute

Designate which attribute from the assertion should be used to identify a user. This identity attribute value is used in the user disambiguation process, that is, the process of locating the user record in the SP's user directory.

To specify the user identification attribute

  1. Go to the User Identification step.
  2. Accept the default, Use Name ID, in the Choose Identity Attribute from Assertion group box.
  3. In the Map Identity Attribute to User Directories group box, enter the following:

    This entry instructs Federation Manager to replace the variable (%s) with the value of the Name ID attribute from the assertion and match it with the Name column in the sample users database. If a match is found, the user is disambiguated and allowed to access the target resource.

  4. Click Next to configure single sign-on.

Copyright © 2010 CA. All rights reserved. Email CA about this topic