If Access Manager or Federation Manager is retrieving data from an LDAPv3–compliant directory, the object class sunFMSAML2NameIdentifier (containing two allowed attributes, sunfm- saml2-nameid-info and sun-fm-saml2-nameid-infokey) needs to be loaded into the entries of all existing users. When the directory contains a large user database the process is time-intensive. The following procedure can be used to modify your SAML v2 Plug-in for Federation Services installation to use existing LDAP attributes to store user federation information. In this case, there is no need to change the schema.
Modify the values of the following properties in AMConfig.properties to reflect the existing attributes to which you want federation information written:
com.sun.identity.saml2.nameidinfo.attribute
com.sun.identity.saml2.nameidinfokey.attribute
AMConfig.properties is located in the /etc/opt/product-directory/config directory in Access Manager and in the /staging-directory/web-src/WEB-INF/classes directory in Federation Manager.
Restart the web container.
Federation information will now be written to the specified attributes.