The WS Federation namespace is http://schemas.xmlsoap.org/claims. With WS Federation, you need to decide which attributes you want to share during authentication. This scenario uses the LDAP mail attribute and the All Roles attribute.
Click Devices > Identity Server > Shared Settings > Attribute Sets > New.
Specify the following details:
Set Name: Specify a name that identifies the purpose of the set. For example, wsfed_attributes.
Select set to use as template: Select None.
Click Next.
To add a mapping for the mail attribute, perform the following steps:
Click New.
Specify the following details:
Field |
Description |
---|---|
Local attribute |
Select LDAP Attribute:mail [LDAP Attribute Profile]. |
Remote attribute |
Specify emailAddress. This is the attribute that this scenario uses for user identification. |
Remote namespace |
Select the option, and then specify the following namespace http://schemas.xmlsoap.org/claims |
Click OK.
To add a mapping for the All Roles attribute, perform the following steps:
Click New.
Specify the following details:
Field |
Description |
---|---|
Local attribute |
Select All Roles. |
Remote attribute |
Specify group. This is the name of the attribute that is used to share roles. |
Remote namespace |
Select the option, and then specify the following namespace http://schemas.xmlsoap.org/claims |
Click OK.
Click Finish.
Continue with Enabling the Attribute Set.