Using Non-Default Federation Attributes
If OpenSSO Enterprise is retrieving data from an LDAPv3–compliant directory, the object class sunFMSAML2NameIdentifier (containing two allowed attributes, sunfm- saml2-nameid-info and sun-fm-saml2-nameid-infokey) needs to be loaded into the entries of all existing users. When the directory contains a large user database the process is time-intensive. The following procedure can be used to modify your SAML v2 Plug-in for Federation Services installation to use existing LDAP attributes to store user federation information. In this case, there is no need to change the schema.
To Store Federation Information in Existing
Attributes
-
In the OpenSSO Enterprise console, go to Configuration>Global>SAMLv2 Service Configuration.
-
Modify the following attributes:
-
Attribute name for Name ID information
-
Attribute name for Name ID information key
See SAMLv2 Service Configuration in Sun OpenSSO Enterprise 8.0 Administration Reference for more information.
-
-
Restart the web container.
Federation information will now be written to the specified attributes.
- © 2010, Oracle Corporation and/or its affiliates