Attributes you specify on the Identity Server are used in attribute requests and responses, depending on whether you are configuring a service provider (request) or identity provider (response). Attribute sets provide a common naming scheme used in the exchange. For example, an attribute set can map the Liberty attribute FN (first name) to the equivalent remote name used at the service provider, which might be Name.
Attributes also can be defined and used in policy enforcement. They can be attributes defined by the Web Service Profiles, or customized attributes that can be mapped into SAML attributes. You also map user attributes so that the Identity Server can accept them from SAML.
To create and configure an attribute set:
In the Administration Console, click
> > > > .Specify a name for identifying the attribute set, then click
.You can select an existing attribute set that you have created, which you can use as a template for the new set.
To create a set, click
.Local Attribute: A drop-down list of all server profile and LDAP attributes. As an example, you can select
to use in role policies, which enables trusted providers to send role information in authentication assertions. Customizable attributes can be created and displayed in this list.Remote Attribute: The name of the attribute defined at the external provider. The text for this field is case sensitive. If you leave this field blank, the system sends an internal value that is recognized between Identity Servers.
For a SAML 1.1 identity consumer (service provider), a name identifier received in an assertion is automatically given a remote attribute name of saml:NameIdentifier. This allows the name identifier to be mapped to a profile attribute that can then be used in policy definitions.
Click
.The system displays the map settings on the Define Attributes page, as shown below:
You can continue adding as many attributes as you need.
Click
after you created the map.The system displays the map on the Attribute Sets page, as well as indicating whether it is in use by a provider. (See Section 9.8, Selecting Attributes for a Trusted Provider.)