Configuring objectSid as the Immutable ID

Configuring objectSid as the Immutable ID consists of the following tasks:

  1. Adding the objectSid Attribute as a Custom Attribute

  2. Creating Attribute Set

  3. Configuring the Attribute Set for WS-Federation or WS-Trust

Adding the objectSid Attribute as a Custom Attribute

  1. On the Home page, click Identity Servers > [cluster name] > IDP Global Settings > Custom Attributes.

  2. Under LDAP Attribute Names, click Plus icon.

  3. Specify objectSid, and select 64-bit Encode Attribute Data.

  4. Click Save.

Creating Attribute Set

  1. On the Home page, click Identity Servers > [cluster name] > IDP Global Settings > Attribute Sets.

  2. Click Plus icon, and specify a Set Name. Click Next.

  3. Click Plus icon and specify the following details:

    Field

    Description

    Local Attribute

    Ldap Attribute:mail [LDAP Attribute Profile]

    Remote Attribute

    URN

    Remote Namespace

    http://schemas.xmlsoap.org/claims

    Remote Format

    unspecified

    Attribute Value Encoding

    Special characters encoded

  4. Click Save.

  5. Create another Attribute Set. Click Plus icon, and specify a Set Name.

  6. Click Next > Plus icon and specify the following details:

    Field

    Description

    Local Attribute

    Ldap Attribute: Ldap Attribute:objectSid#[nidsForceBinary] [LDAP Attribute Profile]

    Remote Attribute

    ImmutableID

    Remote Namespace

    http://schemas.microsoft.com/LiveID/Federation/2008/05

    Remote Format

    unspecified

    Attribute value encoding

    Special characters encoded

  7. Click Save > Finish.

Configuring the Attribute Set for WS Federation or WS-Trust

Configure the Attribute Set for the WS-Federation or WS-Trust service provider. See Configuring the Attributes Set with Authentication and Modifying Service Providers.