Federation Security Services GuideAuthenticate WS-Federation Users at a Resource PartnerLocate User Records for Authentication › Configure Disambiguation Locally

Previous Topic: Locate User Records for Authentication

Next Topic: Obtain a LoginID for a WS-Federation User

Configure Disambiguation Locally

To locate a user record in a local user directory you have to disambiguate the user. Disambiguation is a two-step process:

  1. Obtain the LoginID--either by the default behavior of extracting it from the assertion or by using an Xpath query.
  2. Using the LoginID, locate the user in the user store--either by the default behavior of passing the LoginID to the Policy Server or using a search specification.

Note: The use of Xpath and search specification are optional.

Copyright © 2010 CA. All rights reserved. Email CA about this topic