Configuring objectSid as the Immutable ID

Configuring objectSid as the Immutable ID consists of the following tasks:

  1. Adding the objectSid Attribute as a Custom Attribute

  2. Creating Attribute Set

  3. Configuring the Attribute Set for WS-Federation or WS-Trust

Adding the objectSid Attribute as a Custom Attribute

  1. Click Devices > Identity Servers > Shared Settings > Custom Attributes.

  2. Under LDAP Attribute Names, click New.

  3. Specify objectSid, and select 64-bit Encode Attribute Data.

  4. Click OK.

Creating Attribute Set

  1. Click Attribute Sets.

  2. Click New, and specify a Set Name. Click Next.

  3. Click New and specify the following details:

    Field

    Description

    Local attribute

    Ldap Attribute:mail [LDAP Attribute Profile]

    Remote attribute

    URN

    Remote namespace

    http://schemas.xmlsoap.org/claims

    Remote format

    unspecified

    Attribute value encoding

    Special characters encoded

  4. Click OK.

  5. Create another Attribute Set. Click New, and specify a Set Name.

  6. Click Next > New and specify the following details:

    Field

    Description

    Local attribute

    Ldap Attribute: Ldap Attribute:objectSid#[nidsForceBinary] [LDAP Attribute Profile]

    Remote attribute

    ImmutableID

    Remote namespace

    http://schemas.microsoft.com/LiveID/Federation/2008/05

    Remote format

    unspecified

    Attribute value encoding

    Special characters encoded

  7. Click OK > Finish.

Configuring the Attribute Set for WS Federation or WS-Trust

Configure the Attribute Set for the WS-Federation or WS-Trust service provider. See Configuring the Attributes Sent with Authentication and Modifying Service Providers.