Configure the identity provider and the service provider so that the role assignments can be added to the attribute and retrieved from the attribute.
To export the roles from the identity provider, log in to Administration Console for the identity provider. (In Figure A-3, this is Site A.)
On the Home page, click Identity Servers > [cluster name] > Edit > SAML 2.0 > [Name of Service Provider] > Attributes.
Select the attribute set you created, then move All Roles so this attribute is sent with authentication.
Click OK.
Update Identity Server of Site A.
To import the roles from the identity provider to the service provider, log in to Administration Console for the service provider. (In Figure Figure A-3, this is Site B.)
On the Home page, click Identity Servers > [cluster name] > Edit > SAML 2.0 > [Name of Identity Provider] > Attributes.
Select the attribute set you created, then move All Roles so this attribute is obtained with authentication.
Click OK.
Update Identity Server of Site B.
Continue with Configuring Policies to Process Received Roles.