Configure trust between trusted providers, using the Liberty or SAML 2.0 protocol.
You must be familiar with SAML 2.0 and Configuring Liberty.
Configure local authentication.
You must create an external contract at the service provider that matches the contract of the identity provider. See Authentication Framework.
Create an attribute set and select the local attribute All Roles in the set. This must be done at the identity provider and service provider.
This attribute set is used to pass roles from an identity provider to an external service provider in authentication assertions. See Configuring Attribute Sets.