Configuring objectSid as the Immutable ID consists of the following tasks:
Adding the objectSid Attribute as a Custom Attribute
Creating Attribute Set
Configuring the Attribute Set for WS-Federation or WS-Trust
Click Devices > Identity Servers > Shared Settings > Custom Attributes.
Under LDAP Attribute Names, click New.
Specify objectSid, and select 64-bit Encode Attribute Data.
Click OK.
Click Attribute Sets.
Click New, and specify a Set Name. Click Next.
Click New and specify the following details:
Field |
Description |
---|---|
Local attribute |
Ldap Attribute:mail [LDAP Attribute Profile] |
Remote attribute |
URN |
Remote namespace |
http://schemas.xmlsoap.org/claims |
Remote format |
unspecified |
Attribute value encoding |
Special characters encoded |
Click OK.
Create another Attribute Set. Click New, and specify a Set Name.
Click Next > New and specify the following details:
Field |
Description |
---|---|
Local attribute |
Ldap Attribute: Ldap Attribute:objectSid#[nidsForceBinary] [LDAP Attribute Profile] |
Remote attribute |
ImmutableID |
Remote namespace |
http://schemas.microsoft.com/LiveID/Federation/2008/05 |
Remote format |
unspecified |
Attribute value encoding |
Special characters encoded |
Click OK > Finish.
Configure the Attribute Set for the WS-Federation or WS-Trust service provider. See Configuring the Attributes Sent with Authentication and Modifying Service Providers.