Creating an Attribute Set for WS Federation

The WS Federation namespace is http://schemas.xmlsoap.org/claims. With WS Federation, you need to decide which attributes you want to share during authentication. This scenario uses the LDAP mail attribute and the All Roles attribute.

  1. Click Devices > Identity Server > Shared Settings > Attribute Sets > New.

  2. Specify the following details:

    Set Name: Specify a name that identifies the purpose of the set. For example, wsfed_attributes.

    Select set to use as template: Select None.

  3. Click Next.

  4. To add a mapping for the mail attribute, perform the following steps:

    1. Click New.

    2. Specify the following details:

      Field

      Description

      Local attribute

      Select LDAP Attribute:mail [LDAP Attribute Profile].

      Remote attribute

      Specify emailAddress.

      This is the attribute that this scenario uses for user identification.

      Remote namespace

      Select the option, and then specify the following namespace

      http://schemas.xmlsoap.org/claims

    3. Click OK.

  5. To add a mapping for the All Roles attribute, perform the following steps:

    1. Click New.

    2. Specify the following details:

      Field

      Description

      Local attribute

      Select All Roles.

      Remote attribute

      Specify group.

      This is the name of the attribute that is used to share roles.

      Remote namespace

      Select the option, and then specify the following namespace

      http://schemas.xmlsoap.org/claims

    3. Click OK.

  6. Click Finish.

  7. Continue with Enabling the Attribute Set.