To Modify the Identity Provider Metadata
-
As a root user, log into the Access Manager 1 host.
-
In the Identity Provider extended metadata file, map the Email Address and Telephone Number attributes.
For example, in the first value-pair mapping, mail is the LDAP attribute name, and EmailAddress is the information to be sent over the wire using SAMLv2 protocols.
# cd /etc/opt/SUNWam/config # vi saml2-idp-extended-metadata.xml ... <Attribute name="attributeMap"> <Value>EmailAddress=mail</Value> <Value>Telephone=telephonenumber</Value> ...
Save the file.
-
Delete the existing metadata.
# /opt/SUNWam/saml2/bin/saml2meta delete -u amadmin -w 4m4dmin1 -r /users -e loadbalancer3.example.com Descriptor and config fore entity "loadbalancer-3.example" was deleted successfully.
-
Load the modified metadata file into the Directory Server.
#/opt/SUNWam/saml2/bin/saml2meta import -u amadmin -w 4m4dmin1 -r /users -m saml2-idp-metadata.xml -x saml2-idp-extended-metadata.xml File "saml2-idp-metadata.xml" was imported successfully. File "saml2-idp-extended-metadata.xml" was imported sucessfully.
When you map the attributes on one Access Manager server, the mapping is also made available to the second Access Manager. So you do not have to modify metadata on the Access Manager 2 server. The metadata will also be made available to the Federation Manager servers.
- © 2010, Oracle Corporation and/or its affiliates