Federation Security Services Guide › Deploy Federation Using a Manual Configuration › Set Up the Identity Provider › Select Users for which the IdP Generates Assertions

Select Users for which the IdP Generates Assertions

When you specify a Service Provider for inclusion in an affiliate domain, you include a list of users and groups for which the Assertion Generator generates SAML assertions. Add only users and groups from directories that are in an affiliate domain.

To select users that use assertions as credentials

1. Log in to the FSS Administrative UI.
2. From the Domains tab, expand Federation Sample Partners and select SAML Service Providers to display the Service Providers.
3. Select sp.demo and right-click to open the properties of this Service Provider.
4. From the Users tab of the SAML Service Provider Properties dialog, select the IdP user store tab. In this deployment, select the IdP LDAP tab.
5. Click Add/Remove.

   The Users/Groups dialog opens.

6. Search the Available Members list for Tuser1 and Tuser2. These employees are listed in the IdP LDAP directory.
   1. Click the binoculars icon under the Available Members list.
   2. In the Search LDAP/AD Directory dialog, select Attribute-Value Pair and complete the fields as follows:

      Attribute

      uid

      Value

      *

   3. Click OK. The individual users in the IdP LDAP directory are displayed.
   4. Hold the CTRL or SHIFT key, and select the entries for Tuser1 and Tuser2. Then, click the left arrow to move them to the Current Members list.
7. Click OK to return to the SAML Service Providers Properties dialog.
8. Configure a Name ID for Inclusion in the Assertion.