Federation Security Services Guide › Authorize Users with Attributes from an Assertion Query › Set up a SAML Requestor to Generate Attribute Queries › Enable Attribute Queries and Specify Attributes

Enable Attribute Queries and Specify Attributes

To enable the SAML Requester to send an attribute query

1. Log on to the FSS Administrative UI.
2. Access the Authentication Scheme Properties dialog for the SAML 2.0 authentication scheme. The SAML 2.0 authentication scheme protects the resource that is protected based on a user attribute.
3. Click on Additional Configuration.

   The SAML 2.0 Auth Scheme Properties dialog opens.

4. Click on the Attributes tab.
5. Click Add.

   The Add Attribute dialog opens.

6. Enter values for the following fields:
   • Local Name
   • Attribute Name
   • Name Format

   Note: Click Help for a description of fields, controls, and their respective requirements.

7. Click OK to save your changes.

   You return to the Attributes dialog.

8. In the Attribute Query section, select Enabled and enter a value for the Attribute Service field.
9. Optionally, select the following check boxes:
   • Sign Attribute Query
   • Require Signed Assertions
   • Get All Attributes
10. Click OK.

    The Name IDs tab opens and a message is displayed instructing you to specify an attribute name for the name identifier.

11. Configure a NameID. This NameID configured in the SAML 2.0 Auth.Scheme Properties is included in the attribute query for use by the Attribute Authority.