|
|
|
When a customer at FinancePro accesses a resource at BankLtd, the NameID is always in the assertion. This identifier allows BankLtd to determine who the customer is and the level of access to allow for that customer.
The NameID can be used to establish a federated identity when the user store at each partner identifies the users in the same way with the same ID.
The following figure shows the user store at each site with the same employee IDs.
Federation Manager lets you configure account linking as part of the partnership configuration process. You specify a NameID format, whether or not a static value or user attribute value will define the NameID, then indicate the specific value in the user store to be used. The NameID that Federation Manager includes in the assertion will conform to this configuration.
When the assertion is received by the relying party, the user disambiguation process at BankLtd can link the value in the assertion to a record in its user store.
| Copyright © 2010 CA. All rights reserved. | Email CA about this topic |