Sun OpenSSO Enterprise 8.0 Administration Guide

Using Non-Default Federation Attributes

If OpenSSO Enterprise is retrieving data from an LDAPv3–compliant directory, the object class sunFMSAML2NameIdentifier (containing two allowed attributes, sunfm- saml2-nameid-info and sun-fm-saml2-nameid-infokey) needs to be loaded into the entries of all existing users. When the directory contains a large user database the process is time-intensive. The following procedure can be used to modify your SAML v2 Plug-in for Federation Services installation to use existing LDAP attributes to store user federation information. In this case, there is no need to change the schema.

ProcedureTo Store Federation Information in Existing Attributes

  1. In the OpenSSO Enterprise console, go to Configuration>Global>SAMLv2 Service Configuration.

  2. Modify the following attributes:

    • Attribute name for Name ID information

    • Attribute name for Name ID information key

    See SAMLv2 Service Configuration in Sun OpenSSO Enterprise 8.0 Administration Reference for more information.

  3. Restart the web container.

    Federation information will now be written to the specified attributes.