Previous Topic: Obtain a LoginID for a WS-Federation UserNext Topic: Configure WS-Federation Single Sign-on at the Resource Partner

Federation Security Services GuideConfigure SiteMinder as a Resource PartnerConfigure the WS-Federation Authentication SchemeUse a Search Specification to Locate a WS-Federation User

Use a Search Specification to Locate a WS-Federation User

You can use a search specification to locate a user record in place of the default behavior of the LoginID being passed to the Policy Server to locate the user.

To locate a user with a search specification

  1. From the Authentication Scheme Properties dialog, click Additional Configuration.

    The WS-Federation Auth Scheme Properties dialog opens.

  2. Select the Users tab.
  3. Select a namespace to match the search specification to and click Edit.

    The SiteMinder Authentication Scheme Namespace Mapping dialog opens.

  4. In the Search Specification field, enter the attribute that the authentication scheme uses to search a namespace, then click OK. Use %s in the entry as a variable representing the LoginID.

    Note: Click Help for descriptions of settings and controls, including their respective requirements and limits.

    For example, the LoginID has a value of user1. If you specify Username=%s in the Search Specification field, the resulting string is Username=user1. This string is verified against the user store to find the correct record for authentication.

  5. Click OK to save your configuration changes.