Federation Security Services Guide › Identify Consumers at a SAML 1.x Producer › Configure Attributes to Include in SAML 1.x Assertions (Optional) › Attribute Types › Configure Attributes for SAML 1.x Assertions

Configure Attributes for SAML 1.x Assertions

You can configure responses to pass attributes from a SAML assertion to a target application at the consumer site.

To configure an attribute for an assertion

1. In the Affiliate Properties dialog, select the Attributes tab.
2. Click Create.

   The Affiliate Attribute Editor dialog opens.

3. From the Attribute drop-down list, select whether you want to configure a header or cookie variable.
4. From the Attribute Setup tab, select one of the following options in the Attribute Kind group box:
   • Static
   • User Attribute
   • DN Attribute

   If you select the DN Attribute, you can also select the Allow Nested Groups check box. Selecting this check box allows SiteMinder to return an attribute from a group that is nested in another group specified by a policy. Nested groups often occur in complex LDAP deployments.

   Your selection from the Attribute drop-down list and the response attribute type you select determine the available fields in the Attribute Fields group box.

5. Complete the fields for the Attribute Kind you select. The Attribute Kind that you select determines which additional fields you must configure.

   Static

   Fill in the following fields:

   • Variable Name

     Enter the name for the attribute SiteMinder returns to the affiliate.

   • Variable Value

     Enter the static text as the value for the name/value pair.

     For example, to return the name/value pair show_content=yes, enter show_content as the variable name and yes as the variable value.

   User Attribute

   Fill in the following fields:

   • Variable Name

     Enter the name for the attribute SiteMinder returns to the consumer.

   • Attribute Name

     Enter the attribute in the user directory for the name/value pair.

     For example, to return the email address of a user to the consumer, enter email_address as the Variable Name, and email as the Attribute Name.

   DN Attribute

   Fill in the following fields:

   • Variable Name

     Enter the name for the attribute SiteMinder returns to the consumer.

   • DN Spec

     Enter the distinguished name of the user group from which SiteMinder retrieves the user attribute. The DN must be related to the users for whom you want to return values to the consumer. If you do not know the DN, click Lookup. Use the SiteMinder User Lookup dialog to locate the user group and select a DN.

   • Attribute Name

     Enter the attribute in the user directory for this attribute for the name/value pair.

   Note: If you selected Affiliate-HTTP-Cookie-Variable from the Attribute menu, the Variable Name field label changes to Cookie Name.

6. (Optional) if the LDAP user directory contains nested groups, and you want the Policy Server to retrieve DN attributes from the nested groups, select the Allow Nested Groups check box in the Attribute Kind group box.
7. Click OK to save your changes.