|
|
|
The Users tab defines how to obtain user information from an assertion in an incoming <RequestSecurityTokenResponse> message.
The tab includes the following fields and controls:
User Disambiguation Group Box
XPath query that the authentication scheme applies to the assertion to obtain the LoginID.
The default XPath query used when none is configured, is:
/Assertion/Subject/NameID/text()
Xpath queries should not contain namespace prefixes. The following is an invalid Xpath query:
/saml:Response/saml:Assertion/saml:AuthenticationStatement/ saml:Subject/saml:NameIdentifier/text()
The valid Xpath query is:
//Response/Assertion/AuthenticationStatement/Subject/
NameIdentifier/text()
Example
To obtain the attribute called “FirstName” from the assertion for authentication, the XPath query is:
/Assertion/AttributeStatement/Attribute[@Name=”FirstName”]/AttributeValue/text()
Selectable List of namespace types and defined search specifications from which you can select namespace (user directory) type and then define a search specification for user disambiguation.
Opens the Authentication Scheme Namespace Mapping dialog where you can enter a Search Specification that defines the attribute that the authentication scheme uses to search a namespace. Use %s as the entry representing the LoginID.
For example, the LoginID is user1. If you specify Username=%s in the Search Specification field, the resulting string is Username=user1. This string is checked against the user store to find the correct record for authentication.
Authentication Scheme Namespace Mapping Dialog
The Authentication Scheme Namespace Mapping dialog is where you specify the attribute that the authentication scheme uses to search a namespace. The dialog contains the following field:
Specifies the attribute that the WS-Federation authentication scheme uses to search a namespace. Use %s in the entry as a variable representing the LoginID.
| Copyright © 2011 CA. All rights reserved. | Email CA Technologies about this topic |