Federation Security Services GuideUse an Attribute Authority to Authorize UsersSet up a SAML Requestor to Generate Attribute Queries › Create a Federation Attribute Variable

Previous Topic: Configure the Backchannel for the Attribute Query

Next Topic: Create a Policy Expression with the Federation Attribute Variable

Create a Federation Attribute Variable

To use a federation attribute variable in a policy expression, you need to first create the attribute variable.

To define a federation attribute variable

  1. Log on to the FSS Administrative UI.
  2. From the list of Domains, expand the policy domain where the variable will be added.
  3. Expand the Variables list by clicking on the plus (+) symbol.
  4. Select Federation Attribute Variable then select Edit, Create Variable

    The Federation Attribute Variable Properties dialog opens.

  5. Complete all the fields in the dialog.
  6. Click OK to save the variable.
  7. Add this variable to an expression used by a policy that protects a federated resource.

Note: A policy expression can use multiple Federation attribute variables; each variable is tied to a SAML 2.0 authentication scheme. Therefore, a single expression can result in many attribute requests sent to many Attribute Authorities.

Copyright © 2010 CA. All rights reserved. Email CA about this topic