Configuring the SiteMinder Policy Server › Protecting SharePoint Resources with SiteMinder r12.0 SP2 Roadmap › Create Virtual Attribute Mappings to your SharePoint User Directories (r12.0 SP2)

Create Virtual Attribute Mappings to your SharePoint User Directories (r12.0 SP2)

SiteMinder uses virtual attribute mappings for the FBA authentication method to preserve some SharePoint features that are lost when the Agent for SharePoint performs authorization and authentication (instead of the SharePoint environment). For example, the DisplayName attribute mapping allows SiteMinder to add the first and last names of the user to the upper right corner of the browser window. If the DisplayName mapping is not set, SiteMinder uses the login ID of the user instead. Use these mappings for each directory in your SharePoint environment.

The SiteMinder Agent for SharePoint contains the following attribute mappings:

UniversalID

Specifies the directory attribute that contains the user name from a SiteMinder directory that contains your SharePoint users to the SiteMinder Agent for SharePoint.

Examples: (Sun Java System) UniversalID=uid or UniversalID=cn

Examples: (Microsoft Active Directory) UniversalID=cn or UniversalID=sAMAccountName

Example: (DB2) UniversalID=Name

Email

Specifies the directory attribute that contains the email address of a user within a SiteMinder directory that contains your SharePoint users to the SiteMinder Agent for SharePoint.

Example: (Sun Java System) Email=mail

Example: (Microsoft Active Directory) Email=mail

Example: (DB2) Email=EmailAddress

GroupID

Specifies the directory attribute that contains the group or role to which a user belongs within a SiteMinder directory that contains your SharePoint users to the SiteMinder Agent for SharePoint.

Example: (Sun Java System) GroupID=cn

Example: (Microsoft Active Directory) GroupID=cn

Example: (DB2) GroupID=Name

DisplayName

Specifies the directory attribute that contains the user name you want to display from a SiteMinder directory that contains your SharePoint users to the SiteMinder Agent for SharePoint. The value of this virtual attribute appears in the upper right corner of the browser window after SiteMinder authenticates the user to SharePoint.

Example: (Sun Java System) DisplayName=cn

Example: (Microsoft Active Directory) DisplayName=displayName

Example: (DB2) DisplayName=Name

The names and the attributes to which they are mapped in the previous list are the default values. For r12.0 SP2, change them according to your needs. Use the same names and mappings in both the directory entry on the Policy Server and the related Web Agent Configuration Object.

You must employ the following procedure for each of the listed attributes:

1. UniversalID
2. Email
3. GroupID
4. DisplayName

To create attribute mappings for your SharePoint user directories

1. Click Infrastructure, Directory, User Directory, Modify User Directory.

   The User Directory search screen appears.

2. Search for the directory instance you created, and then click Select.

   Modify User Directory: screen appears.

3. Scroll down to the Attribute Mapping List group box, and then click Create.

   The Create Attribute Mapping screen appears.

4. Verify that Create a new object of type Attribute Mapping is selected, and then click OK.

   The Create Attribute Mapping: screen appears.

5. Enter a distinctive name for your attribute mapping that you are creating, and an (optional) description. For example, enter the UniversalID mapping and description.
6. Click the Definition field, and then enter the attribute name from your user directory that you want to associate with the UniversalID mapping.

   Note: If you are using a SharePoint server (MOSS), and you plan to Import User Profiles, record the value of the UniversalID mapping for future reference.

7. Click OK.

   The Create Attribute Mapping: screen closes.

8. Repeat these steps for each attribute.

More information:

Update the Agent Configuration Parameters for your Agent for SharePoint