Federation Manager Guide › Federation Manager Introduction › Federation in Your Enterprise › Attributes for Customizing an Application

Attributes for Customizing an Application

Federation Manager offers two ways of using attributes to customize target applications.

• Attributes Added to Assertions at the Asserting Party

  You can include attributes from a user store record in an assertion to further identify a user for the purpose of customizing an application.

  Attributes can be used by servlets, Web applications, or other custom applications to display customized content or enable and disable other custom features. When used with Web applications, attributes can implement fine-grained access control by limiting what a user can do at the target site. For example, you can send an attribute variable called Account Balance and set it to reflect the user's account holdings at BankLtd.

  Attributes take the form of name/value pairs. When the relying party receives the assertion, it takes the attribute values and makes them available to applications.

• Attribute Mapping at the Relying Party

  A set of assertion attributes received by the relying party can be mapped to a set of application attributes being delivered to the target application.

  For example, FinancePro includes an assertion attribute CellNo=5555555555. At BankLtd, this attribute name is transformed to an application attribute Mobile=5555555555. The attribute name is converted but the value remains the same.

  Multiple assertion attributes can also be transformed into a single application attribute. For example, FinancePro may send an incoming assertion with the attributes Acct=Savings and Type=Retirement and transformed at BankLtd into FundType= Retirement Savings.