The WS Federation namespace is http://schemas.xmlsoap.org/claims. With WS Federation, you need to decide which attributes you want to share during authentication. This scenario uses the LDAP mail attribute and the All Roles attribute.
On the Home page, click Identity Servers > IDP Global Settings > Attribute Sets > Add Attribute Set icon.
Specify the following details:
Attribute Set Name: Specify a name that identifies the purpose of the set. For example, wsfed_attributes.
Select Set to use as Template: Select None.
Click Next.
To add a mapping for the mail attribute, perform the following steps:
Click the Add Attribute Mapping icon.
Specify the following details:
|
Field |
Description |
|---|---|
|
Local Attribute |
Select LDAP Attribute:mail [LDAP Attribute Profile]. |
|
Remote Attribute |
Specify emailAddress. This is the attribute that this scenario uses for user identification. |
|
Remote Namespace |
Select the option and specify the following namespace: http://schemas.xmlsoap.org/claims |
Click Save.
To add a mapping for the All Roles attribute, perform the following steps:
Click the Add Attribute Mapping icon.
Specify the following details:
|
Field |
Description |
|---|---|
|
Local Attribute |
Select All Roles. |
|
Remote Attribute |
Specify group. This is the name of the attribute that is used to share roles. |
|
Remote Namespace |
Select the option and specify the following namespace http://schemas.xmlsoap.org/claims |
Click Save.
Click Finish.
Continue with Enabling the Attribute Set.