Sun Java System SAML v2 Plug-in for Federation Services User's Guide

Using Non-Default Federation Attributes

If Access Manager or Federation Manager is retrieving data from an LDAPv3–compliant directory, the object class sunFMSAML2NameIdentifier (containing two allowed attributes, sunfm- saml2-nameid-info and sun-fm-saml2-nameid-infokey) needs to be loaded into the entries of all existing users. When the directory contains a large user database the process is time-intensive. The following procedure can be used to modify your SAML v2 Plug-in for Federation Services installation to use existing LDAP attributes to store user federation information. In this case, there is no need to change the schema.

ProcedureTo Store Federation Information in Existing Attributes

  1. Modify the values of the following properties in to reflect the existing attributes to which you want federation information written:

    • com.sun.identity.saml2.nameidinfo.attribute

    • com.sun.identity.saml2.nameidinfokey.attribute

    Note – is located in the /etc/opt/product-directory/config directory in Access Manager and in the /staging-directory/web-src/WEB-INF/classes directory in Federation Manager.

  2. Restart the web container.

    Federation information will now be written to the specified attributes.