As a root user, log into the Federation Manager 1 host .
In the Service Provider extended metadata file, map the Email Address and Telephone Number attributes.
# cd /etc/opt/SUNWam/config # vi saml2-sp-extended-metadata.xml ... <Attribute name="attributeMap"> <Value>EmailAddress=EmailAddress</Value> <Value>Telephone=Telephone</Value> ... |
Notice that the value mail in the EmailAddress attribute—value pair does not have to be identical to the value EmailAddress specified in the Identity Provider metadata.
Add anonymous to the transient user list.
<Attribute name="transientUser"> <Value>anonymous</Value> |
Save the file.
Delete the existing metadata.
# /opt/SUNWam/saml2/bin/saml2meta -i /var/opt/SUNWam/fm/war_staging delete -u amadmin -w 11111111 -e loadbalancer-9.siroe.com |
Load the modified metadata file into the Directory Server.
#/opt/SUNWam/saml2/bin/saml2meta -i /var/opt/SUNWam/fn/war_staging import -u amadmin -w 11111111 -m saml2-sp-metadata.xml -x saml2-sp-extended-metadata.xml File "saml2-sp-metadata.xml" was imported successfully. File "saml2-sp-extended-metadata.xml" was imported sucessfully. |
Save the file.
Restart Federation Manager 1.
# cd /opt/SUNWwbsvr/https-FederationManager-1.siroe.com # ./stop; ./start |
Restart Federation Manager 2.
# cd /opt/SUNWwbsvr/https-FederationManager-2.siroe.com # ./stop; ./start |