You must configure the attribute mapper on the identity provider side to include an AttributeStatement from the user. The account mapper on the service provider side will perform user mapping based on the AttributeStatement.
Enable auto Federation for the Identity Provider. For more information, see To Federate Disparate Accounts with Auto Federation.
Repeat the above steps to modify the service provider's extended metadata.
Enable Dynamic Profile Creation using the OpenSSO Enterprise console.
Log in to the OpenSSO Enterprise console as the top-level administrator, by default, amadmin.
Under the Access Control tab, select the appropriate realm.
Select the Authentication tab.
Select Advanced Properties.
Set User Profile to Dynamic or Dynamic with User Alias and click Save.
Log out of OpenSSO Enterprise.
To test, invoke single sign-on from the service provider.