FederationFederation Security Services GuideAuthenticate SAML 1.x Users at a ConsumerConfigure SAML 1.x User Disambiguation › Specify a Search Specification to Locate a User (SAML 1.x)

Previous Topic: Obtain the LoginID

Next Topic: Customize Assertion Processing with the Message Consumer Plug-in
Specify a Search Specification to Locate a User (SAML 1.x)

After obtaining the LoginID, configure a search specification to locate the user.

To locate a user with a search specification

  1. From the Scheme Setup dialog, select a namespace and click Edit, to the right of the namespace box.

    The SiteMinder Authentication Scheme Namespace Mapping dialog box opens.

    In the Search Specification field, enter a user directory attribute followed by %s, which represents the LoginID. The authentication scheme uses this attribute to search the namespace.

    For example, the LoginID has a value of user1. If you specify Username=%s in the Search Specification field, the resulting string is Username=user1. This string is checked against the user store to find the correct record for authentication.

    Note: Click Help for a description of fields, controls, and their respective requirements.

  2. Click OK to save your changes.

    You return to the Authentication Scheme Properties dialog.

The combination of the LoginID value and the search specification define the disambiguation process.