Configure the identity provider and the service provider so that the role assignments can be added to the attribute and retrieved from the attribute.
To export the roles from the identity provider, log in to Administration Console for the identity provider. (In Figure A-3, this is Site A.)
Click Devices > Identity Servers > Edit > Liberty > [Name of Service Provider] > Attributes.
If you are using SAML 2.0 or SAML 1.1 protocol, the steps are the same. You just need to click the appropriate tab after clicking Edit. The path is the same for these protocols.
Select the attribute set you created, then move All Roles so this attribute is sent with authentication.
Click OK.
Update Identity Server of Site A.
To import the roles from the identity provider to the service provider, log in to Administration Console for the service provider. (In Figure Figure A-3, this is Site B.)
Click Devices > Identity Servers > Edit > Liberty > [Name of Identity Provider]> Attributes.
Select the attribute set you created, then move All Roles so this attribute is obtained with authentication.
Click OK.
Update Identity Server of Site B.
Continue with Configuring Policies to Process Received Roles.