Previous Topic: Configure the Backchannel for the Attribute QueryNext Topic: Create a Policy Expression with the Federation Attribute Variable

Federation Security Services GuideAuthorize Users with Attributes from an Assertion QuerySet up a SAML Requestor to Generate Attribute QueriesCreate a Federation Attribute Variable

Create a Federation Attribute Variable

To use a federation attribute variable in a policy expression, first create the attribute variable.

To define a federation attribute variable

  1. Log on to the FSS Administrative UI.
  2. From the list of Domains, expand the policy domain where the variable is added.
  3. Expand the Variables list by clicking the plus (+) symbol.
  4. Select Federation Attribute Variable then select Edit, Create Variable

    The Federation Attribute Variable Properties dialog opens.

  5. Complete all the fields in the dialog.
  6. Click OK to save the variable.
  7. Add this variable to an expression used by a policy that protects a federated resource.

Note: A policy expression can use multiple Federation attribute variables; each variable is tied to a SAML 2.0 authentication scheme. Therefore, a single expression can result in many attribute requests sent to many Attribute Authorities.