Table of Contents
Advertisement
Configuring User Identification
8
Methods for Federation
Configuring authentication involves determining how the service provider interacts with the identity
provider during user authentication and federation. Three methods exist for you to identify users
from a trusted identity provider:
You can identify users by matching their authentication credentials
You can match selected attributes and then prompt for a password to verify the match, or you
can use just the attributes for the match.
You can assume that the user does not have an account and create new accounts with user
provisioning. If there are problems during provisioning, you see error messages with more
information.
The following sections describe how to configure these methods:
Section 8.1, "Selecting a User Identification Method for Liberty or SAML 2.0," on page 209
Section 8.2, "Selecting a User Identification Method for SAML 1.1," on page 211
Section 8.3, "Configuring the Attribute Matching Method," on page 213
Section 8.4, "Defining the User Provisioning Method," on page 214
Section 8.5, "User Provisioning Error Messages," on page 217
8.1 Selecting a User Identification Method for
Liberty or SAML 2.0
User identification determines how an account at the identity provider is matched with an account at
the service provider. If federation is enabled between the two, the user can set up a permanent
relationship between the two accounts. If federation is not enabled (see
an Authentication Request for an Identity Provider," on page
identification method.
1 In the Administration Console, click Devices > Identity Servers > Edit > Liberty [or SAML
2.0] > [Identity Provider] > User Identification.
Section 5.4.5, "Configuring
159), you cannot set up a user
Configuring User Identification Methods for Federation
8
209
Advertisement
Table of Contents
Troubleshooting
Need help?
Do you have a question about the ACCESS MANAGER 3.1 SP1 - IDENTITY SERVER and is the answer not in the manual?