Federation Security Services Guide › Deploying Federation without the FSS Sample Application › Set Up the Identity Provider › Select Users For Which Assertions Will Be Generated at the IdP
Select Users For Which Assertions Will Be Generated at the IdP
When you specify a Service Provider for inclusion in an affiliate domain, you include a list of users and groups for which the Assertion Generator will generate SAML assertions. You may only add users and groups from directories that are in an affiliate domain.
To select users that will use assertions as credentials
- Log in to the FSS Administrative UI.
- From the Domains tab, expand Federation Sample Partners and select SAML Service Providers to display the Service Providers.
- Select sp.demo and right-click to open the properties of this Service Provider.
- From the Users tab of the SAML Service Provider Properties dialog, select the IdP user store tab. In this deployment, select the IdP LDAP tab.
- Click Add/Remove.
The Users/Groups dialog opens.
- Search the Available Members list for Tuser1 and Tuser2. These are the employees listed in the IdP LDAP directory.
- Click the binoculars icon under the Available Members list.
- In the Search LDAP/AD Directory dialog, select Attribute-Value Pair and complete the fields as follows:
Attribute
uid
Value
*
- Click OK. The individual users in the IdP LDAP directory are displayed.
- Holding the CTRL or SHIFT key, select the entries for Tuser1 and Tuser2 then click the left arrow to move them to the Current Members list.
- Click OK to return to the SAML Service Providers Properties dialog.
- Configure a Name ID for Inclusion in the Assertion.