I find that there is not adequate documentation about attribute mapping configuration in the wso2 federation setup.I'm not able to clearly understand how it be done. OpenAm has a GUI where we can enter attribute mapping . Tivoli has the option to do this with an xsl file. How can we do this in wso2 ? There is something called an attribute profile and a claim, but I didn't find a sample or full documentation about this. Appreciate greatly your help on this.
Asked
Active
Viewed 485 times
1 Answers
0
Identity Sever has a claim management feature where you can manage user's attributes. It uses claims to map with User store level attributes. Claim can be identified by an unique URL called "claim Uri." When you are using SAML2 SSO, or WS-Trust or user profile and user management API of Identity Server, you need to use these claim uri to retrieve user attributes. As an example when you configure SAML2 SSO, you can see set of claim uris to configure. This decides the attributes that are added in to the SAML Assertion. You can find more details about claim management from here
Asela
- 5,781
- 1
- 15
- 23
-
Claim mapping is not working for me. I was able to do with openAM. I have defined attributes in salesforce and map with attributed defined in custom claim. I am not sure how it works. – Sohan Mar 17 '15 at 06:07
-
I also think this claim does not in actual helps in federation. There is federation authentication but there is no attribute processing assertion available. It's difficult to understand from WSO2 docs how claim mapping works. – Sohan Mar 17 '15 at 11:43
-
@Sohan After you have set custom claim attributes you need to check the "Enable attribute profile" and "Include attributes in the response always checkboxes" in SAML configs for IS 5.1.0 and 5.2.0. – Hareendra Chamara Philips Feb 22 '17 at 11:48
-
Ok.. i will check that – Sohan Feb 22 '17 at 13:44