Novell ACCESS MANAGER 3.1 SP1 - IDENTITY SERVER Manual page 230

Remote Attributes: If you set up federation, the Identity Server can read attributes from
these remote service providers. Sometimes, the service provider is set up to push a set of
attribute values when the user logs in. These pushed attributes are cached, and the Identity
Server can quickly read them. If a requested attribute has not been pushed, a request for
the Liberty attribute is sent to remote service provider. This can be time consuming,
especially if the user has federated with more than one remote service provider. Remote
Attributes should always be the last item in this list.
Available Read Locations: The list of available locations from which the system can read
attributes containing profile data. Locations in this list are currently not being used.
Selected Write Locations: The list of selected locations to write attribute data to. If you add
multiple entries to this list, the system searches attributes in each location in the order you
specify. When a match is found for an attribute, the other locations are not searched. Use the
up/down and left/right arrows to control which locations are selected and the order in which
they are selected.
Configuration Datastore: Liberty attribute values can be stored in the configuration store
of the Administration Console. The Identity Server can write values to these attributes. If
this location appears first in the list of Selected Write Locations, all Liberty attribute
values are written to this location. If you want values written to the LDAP user store, the
LDAP Data Mappings location must appear first in the list.
LDAP Data Mappings: If you have mapped a Liberty attribute to an LDAP attribute in
your user store, the Identity Server can write values to the attribute in the LDAP user
store. To create LDAP attribute maps, see
Attributes," on page
Available Write Locations: The list of available locations to write attributes containing
profile data. Locations in this list are currently not being used.
6 (Optional) Specify data model extensions.
Data Model Extension XML: The data model for some Web services is extensible. You can
enter XML definitions of data model extensions in this field. Data model extensions hook into
the existing Web service data model at predefined locations.
All schema model extensions reside inside of a schema model extension group. The group
exists to bind model data items together under a single localized group name and description.
Schema model extension groups can reside inside of a schema model extension root or inside
of a schema model extension. There can only be one group per root or extension. Each root is
hooked into the existing Web service data model. Multiple roots can be hooked into the same
location in the existing Web service data model. This conceptual model applies to the structure
of the XML that is required to define data model extensions.
See Appendix D, "Data Model Extension XML," on page 319
7 Click OK, then click OK on the Web Service Provider page.
8 Update the Identity Server configuration on the Servers page.
230 Novell Access Manager 3.1 SP1 Identity Server Guide
Section 10.9, "Mapping LDAP and Liberty
235.
for more information.