|
|
|
In Use Case 13, the IdP, discounts.com, includes an attribute named buyerID that identifies a particular user and is included in an assertion. When the assertion is sent to the Service Provider, smwidgets.com, the same attribute does not exist in the user record at the Service Provider. The Service Provider must create an attribute in the appropriate user record so that the user can authenticate and gain access to the protected resource.
An employee of discounts.com selects a link to access the latest price list on widgets at smwidgets.com. The employee logs in with his name and buyer ID.
The following illustration shows this use case.
The identity based on the user's buyer ID is created at discounts.com and placed in the assertion. The buyer ID value is entered as the NameID in the assertion. However, there is no mapped identity at smwidgets.com for the buyer ID. The administrator at the Service Provider has to establish a mapping using dynamic account linking so that smwidgets can authenticate the employee and allow access to the price list.
| Copyright © 2010 CA. All rights reserved. | Email CA about this topic |