Manage attribute sources
Use the Attribute Source management page to add, edit, or delete identity attribute sources. We can manage the following types of attribute sources with this UI:
- Fixed
- Attribute Name and Value fields. Both fields are in free text format. We can specify any text in these fields to suit your needs.
- Credential
- Attribute Name and Credential Attribute fields. For the Credential Attribute field, we can select from a list of commonly used credential attribute values or add a value that is not already in the list. The Credential attribute source does not work for the Relying Party in an OpenID Connect federation, because when the mapping occurs the user does not have the credential from which to retrieve the attribute.
- LDAP
- This type contains the attribute name and the details of the LDAP server to look up the attribute in. The following fields are available:
- Attribute Name
- Name of the attribute on the appliance. This field is required.
- LDAP Attribute
- Name of the attribute on the LDAP server. This field is required.
- Server Connection
- The ID of the existing LDAP server connection that contains information about the location and the credential required to connect to the LDAP server. This field is required. To add an LDAP attribute source, there must be at least one LDAP server connection present. For details about how to create an LDAP server connection, see Manage server connections.
- Scope
- The scope of the search. Valid values are Subtree, One level, and Base. This field is optional.
- Selector
- A comma-separated list of the attributes to be retrieved from the search result. When multiple attributes are required from the same search result, we can use the selector to include all the required attributes. For example, "cn,sn,mobile,email". This field is optional.
- Search Filter
- The search filter to use for the search. We can use a variable macro that will be replaced during the run time before the search. The macro will be replaced with a value from the STSUU attributes. If the value is not found, it will not be replaced. The macro is indicated by curly brackets. For example, "(cn={AZN_CRED_PRINCIPAL_NAME})". This field is required.
- BaseDN
- The base DN to run the search on. We can use a variable macro that will be replaced during the run time before the search. The macro will be replaced with a value from the STSUU attributes. If the value is not found, it will not be replaced. The macro is indicated by curly brackets. For example, "dc=iswga" or"dc={myBaseVariable}". This field is required.
Steps
- Log in to the local management interface.
- Click Federation > Manage > Attribute Source.
- We can create, modify, or delete attribute sources.
- Create an attribute resource
- Click Add and select the type of attribute source to create.
- Provide details for the attribute source.
- Click Add.
- Deploy the changes.
- Modify an attribute source
- Select the attribute source to modify.
- Click Edit.
- Edit the details of the attribute source as needed.
- Click Modify.
- Deploy the changes.
- Delete an attribute source
- Before deleting an attribute source, ensure the attribute source is not used by any federations or partners. Deleting an attribute source used by a federation or partner could cause failure of single sign-on flows.
- Select the attribute source to delete.
- Click Delete.
- Click Delete to confirm the deletion.
- Deploy the changes.
Parent topic: Federation administration