SAML Service Provider Attribute Editor Dialog--Attribute Setup Tab

Federation › Federation Security Services Guide › SAML 2.0 Service Provider Reference › SAML Service Provider Dialog--Attributes Tab › SAML Service Provider Attribute Editor Dialog--Attribute Setup Tab

SAML Service Provider Attribute Editor Dialog--Attribute Setup Tab

Attribute field

Specify the format for the attribute that will be part of a SAML assertion. Options are:

unspecified
basic
uri

Refer to the SAML 2.0 specification for definitions of these formats.

Attribute Kind Group Box

The Attribute Kind group box contains radio buttons that allow you to specify the attribute type:

Static

Returns data that remains constant. Use a static attribute to include as part of an assertion. Specify static values in the Variable Name and Variable Value fields.

User Attribute

Returns profile information from a user entry in a user directory. Specify the name for the attribute in the Variable Name field and the user directory attribute in the Attribute Name field.

Note: For the SiteMinder IdP to return values from a user directory, configure the user directory in the SiteMinder User Directory pane.

DN Attribute

Returns profile information from a directory object in a user directory. Groups and Organizational Units (OUs) that are part of a user DN are examples of directory objects whose attributes can be treated as DN attributes. For example, you can use a DN attribute to return a company division for a user, based on the user’s membership in a division.

Activates the Variable Name, DN Spec, and Attribute Name, which you configure to add the attribute to the assertion.

Selecting a DN Attribute also activates the Allow Nested Groups check box. Allowing nested groups lets SiteMinder return an attribute from a group that is nested in another group specified by a policy. Nested groups often occur in complex LDAP deployments.

Note: For the Identity Provider to return an assertion containing DN attributes, the user directories must be configured in the SiteMinder User Directory pane.

Allow Nested Groups

Indicates that nested groups are allowed when selecting the DN. Enabled if the DN Attribute is selected.

Note: If the attribute is configured to be encrypted, the Encryption Certificate settings in the Encryption tab will be enabled.

Encrypted

Instructs SiteMinder to encrypt the DN attribute.

Retrieval Method

Specifies the intended use of the attribute.

Limits:

SSO
Indicates that the attribute is used for single sign-on.
Attribute Service
Indicates the attribute is for use by the Attribute Authority to complete requests from an attribute query.

Attribute Fields

Complete the fields for the Attribute Kind that you selected. Different fields become available depending on the attribute type (static, user attribute, DN attribute).

Variable Name: Designates the name for the attribute that SiteMinder returns in the assertion. Complete this field for any attribute type.
Variable Value: (Static only) Defines the static text as the value for the name/value pair. Enter a value.
Attribute Name: (User and DN Attributes only) Specifies the user directory attribute SiteMinder uses for the name/value pair.
DN Spec: (DN Attribute only) Specifies the DN of the user or user group and the name of the user attribute in the Attribute Name field.

Email CA Technologies about this topic