Previous Topic: Modify a User Directory Connection for your SharePoint Directories in the SiteMinder Policy Server (r6.x SP6)

Next Topic: Create a Custom Mapping to Filter Items Containing a Particular Object Class Attribute from your Search Results (r6.x)

Configuring the SiteMinder Policy ServerProtecting SharePoint Resources with SiteMinder (r6.x SP6) RoadmapEdit the User Attribute Mapping File to Configure Virtual Attribute Mappings to your SharePoint User Directories (r6.x SP6)

Edit the User Attribute Mapping File to Configure Virtual Attribute Mappings to your SharePoint User Directories (r6.x SP6)

SiteMinder uses virtual attribute mappings for the FBA authentication method to preserve some SharePoint features that are lost when the Agent for SharePoint performs authorization and authentication (instead of the SharePoint environment). For example, the DisplayName attribute mapping allows SiteMinder to add the first and last names of the user to the upper right corner of the browser window. If the DisplayName mapping is not set, SiteMinder uses the login ID of the user instead. Use these mappings for each directory in your SharePoint environment.

Use the following file to configure virtual attribute mappings for r6.x SP6:

policy_server_home\config\UserAttrMapping.txt
policy_server_home

Specifies the installation directory where your SiteMinder Policy Server is installed. The %NETE_PS_ROOT% environment variable points to this directory.

Default: (Windows) C:\Program Files\CA

To configure virtual attribute mappings (r6.x SP6)

  1. Open the UserAttrMapping.txt file with a text editor.
  2. Locate the section containing the mappings that apply to the type of directory server you are using for your SiteMinder user store. The following example shows the mappings for a Sun Java System server: 
    UserDirName=ldap-sunone
GroupID=cn
Email=mail
UniversalID=uid
DisplayName=cn
  3. Replace the ldap-sunone in the first line of the previous example with the name of the user directory connection defined in the Policy Server User Interface. For example, if your user directory connection is named, SP_UserD, then change the line to match the following: 
    UserDirName=SP_UserD
  4. Locate the following the attribute names, and then change their values (on the right of the equals signs) to match the physical attributes in your user directory:
    UniversalID

    Specifies the directory attribute that contains the user name from a SiteMinder directory that contains your SharePoint users to the SiteMinder Agent for SharePoint.

    Examples: (Sun Java System) UniversalID=uid or UniversalID=cn

    Examples: (Microsoft Active Directory) UniversalID=cn or UniversalID=sAMAccountName

    Example: (DB2) UniversalID=Name

    Note: If you are using a SharePoint server (MOSS), and you plan to Import User Profiles, record the value of the UniversalID mapping for future reference.

    Email

    Specifies the directory attribute that contains the email address of a user within a SiteMinder directory that contains your SharePoint users to the SiteMinder Agent for SharePoint.

    Example: (Sun Java System) Email=mail

    Example: (Microsoft Active Directory) Email=mail

    Example: (DB2) Email=EmailAddress

    GroupID

    Specifies the directory attribute that contains the group or role to which a user belongs within a SiteMinder directory that contains your SharePoint users to the SiteMinder Agent for SharePoint.

    Example: (Sun Java System) GroupID=cn

    Example: (Microsoft Active Directory) GroupID=cn

    Example: (DB2) GroupID=Name

    DisplayName

    Specifies the directory attribute that contains the user name you want to display from a SiteMinder directory that contains your SharePoint users to the SiteMinder Agent for SharePoint. The value of this virtual attribute appears in the upper right corner of the browser window after SiteMinder authenticates the user to SharePoint.

    Example: (Sun Java System) DisplayName=cn

    Example: (Microsoft Active Directory) DisplayName=displayName

    Example: (DB2) DisplayName=Name

  5. Repeat steps 2 though 4 for any other SiteMinder user stores associated with your Policy Server that you want to use with your Agent for SharePoint environment. Add more sections if necessary.
  6. (Optional) Remove (or comment out) the other example sections in the file that you do not apply to your environment. If you are not using a DB2 user store, for example, you can remove the following section: 
    # mappings for "DB2-userstore"
  7. Save the UserAttrMapping.txt file and close the text editor.

    The virtual attribute mappings are configured.

More information:

Update the Agent Configuration Parameters for your Agent for SharePoint