Table of Contents
Advertisement
A user matching expression is a set of logic groups with attributes that uniquely identify a user.
User matching expressions enable you to map the Liberty attributes to the correct LDAP
attributes during searches. You must know the LDAP attributes that can be used to identify
unique users in the user store.
In order to use user matching, the Personal Profile must be enabled. It is enabled by default. If
you have disabled it, you need to enable it. See
Profiles," on page
224.
6a In the Name option, specify a name for the matching expression.
6b Click the Add Attributes icon, then select an attribute.
The Personal Profile attributes are listed first, then the LDAP attributes.
6c (Conditional) To add more attributes, click the Add Attributes icon.
6d Click Finish.
6e Select the new expression on the User Method Matching page, then click OK.
7 Click OK twice.
8 Update the Identity Server.
8.3 Configuring the Attribute Matching Method
If you enabled the Attribute matching option when
configure a matching method.
The Liberty Personal Profile is enabled by default. If you have disabled it, you need to enable it. See
Section 10.2, "Enabling Web Services and Profiles," on page
1 In the Administration Console, click Devices > Identity Servers > Servers > Edit > Liberty [or
SAML 1.1, or SAML 2.0] > [Identity Provider] > User Identification.
2 Click Attribute Matching settings.
3 Select and arrange the user stores you want to use.
Order is important. The user store at the top of the list is searched first. If a match is found, the
other user stores are not searched.
4 Select a matching expression, or click New to create a look-up expression. For information on
creating a look-up expression, see
page
136.
Section 10.2, "Enabling Web Services and
selecting a user identification
224.
Section 4.3, "Configuring User Matching Expressions," on
Configuring User Identification Methods for Federation 213
method, you must
Advertisement
Table of Contents
Troubleshooting
