In some deployments, the service provider side of an interaction might not store user accounts. The single sign-on solution is for all identity provider user accounts to be mapped to one service provider user account. Any attributes inside the Attribute Statement will be set as properties of the single sign-on token. The following procedure maps an identity provider user to a service provider anonymous user and passes two attributes to the service provider.
In the console, select the identity provider you wish to configure.
Edit Attribute Map attribute.
attribute Map defines the mapping between the provider that this metadata is configuring and the remote provider. This attribute takes a value of autofedAttribute-value=remote-provider-attribute. For example:
From the console, select the service provider you wish to configure.
Edit the following attributes for the service provider.
transient User will take a value of one of the existing transient user identifiers on the service provider side, for example, anonymous.
attribut eMap defines the mapping between the provider that this metadata is configuring and the remote provider. This attribute takes a value of autofedAttribute_value=remote_provider_attribute. For example:
To test, invoke the single sign-on URL with the NameIDFormat=transient query parameter appended to it.
All identity provider users will be mapped to anonymous on the service provider side. mail and employeeNumber will be set as properties in the identity provider user's single sign-on token.