Novell ACCESS MANAGER 3.1 SP1 - IDENTITY SERVER Manual page 134

You can select an existing attribute set that you have created, which you can use as a template
for the new set.
3 To create an attribute for the set, click New.
4 Fill in the following fields:
Specify the attribute. Select from the following:
Local Attribute: Select an attribute from the drop-down list of all server profile, LDAP,
and shared secret attributes. As an example, you can select All Roles to use in role
policies, which enables trusted providers to send role information in authentication
assertions. Customizable attributes can be created and displayed in this list. Share secret
attributes must be created before they can be added to an attribute set. For instructions, see
Section 4.4.1, "Creating Shared Secret Names," on page
Constant: Specify a value that is constant for all users of this attribute set. The name of
the attribute that is associated with this value is specified in the Remote Attribute field.
Remote Attribute: Specify the name of the attribute defined at the external provider. The text
for this field is case sensitive.
A value is optional if you are mapping a local attribute. If you leave this field blank, the
system sends an internal value that is recognized between Identity Servers.
For a SAML 1.1 identity consumer (service provider), a name identifier received in an
assertion is automatically given a remote attribute name of saml:NameIdentifier. This
allows the name identifier to be mapped to a profile attribute that can then be used in
policy definitions.
A value is required if you are mapping a constant.
An attribute set with a constant is usually set up when the Identity Server is acting as an
identity provider for a SAML or Liberty service provider. The name must match the
attribute name that the service provider is using.
134 Novell Access Manager 3.1 SP1 Identity Server Guide
137.