Federation Security Services GuideAuthenticate SAML 2.0 Users at the Service ProviderConfigure User Disambiguation for User Look UpsConfigure Disambiguation Locally as Part of the Authentication Scheme › Use a Search Specification to Locate a User

Previous Topic: Obtain the LoginID

Next Topic: Configure Single Sign-on at the SP
Use a Search Specification to Locate a User

After obtaining the LoginID, you can use a search specification to locate the user in place of the default behavior, where the LoginID is passed to the Policy Server.

To locate a user with a search specification

  1. From the Authentication Scheme Properties dialog box, click Additional Configuration.

    The SAML 2.0 Auth Scheme Properties dialog box opens.

  2. Select the Users tab.
  3. Select a namespace to match the search specification to and click Edit.

    The SiteMinder Authentication Scheme Namespace Mapping dialog box opens.

  4. In the Search Specification field, enter a namespace attribute that the authentication scheme uses to search that namespace, then click OK. Use %s in the entry as a variable representing the LoginID.

    Note: Click Help for descriptions of settings and controls, including their respective requirements and limits.

    For example, the LoginID has a value of user1. If you specify Username=%s in the Search Specification field, the resulting string is Username=user1. This string is checked against the user store to find the correct record for authentication.

  5. Click OK to save your configuration changes.

Copyright © 2010 CA. All rights reserved. Email CA about this topic