Previous Topic: Assertion ConfigurationNext Topic: User Consent at a SAML 2.0 IdP


Configure Assertion Options

Configure assertion options in the Assertion Configuration step of the partnership wizard.

Follow these steps:

  1. Configure the settings in the Name ID section.

    The relying party uses these values to know how to interpret the value that is passed in the assertion.

    Based on the value of the NameID Type, complete one of the following tasks:

    Note: Click Help for a description of fields, controls, and their respective requirements.

  2. (Optional - SAML 2.0 only) Select Allow Creation of User Identifier so the asserting party can create a value for the NameID. For this feature to work, the AuthnRequest from the relying party must include an AllowCreate attribute.

    Note: If you select this option, the value of the Name ID Format value must be Persistent Identifier.

  3. (Optional) Click Add Row in the Assertion Attributes table to specify one or more attributes for inclusion in the assertion. Optionally, you can encrypt the attribute.

    Click Help for detailed information about the columns in the attribute table.

    Note: For attributes from an LDAP user store, you can add multivalued user attributes to an assertion. The Help describes how to specify multivalued user attributes.

  4. (Optional) If you have written an assertion generator plug-in using the Federation Manager Java SDK, complete the fields in the Assertion Generator Plug-in section.

    To write a plug-in, see the Programming Guide for Federation Manager Java SDK.

  5. Click Next to continue with partnership configuration.