Novell ACCESS MANAGER 3.1 SP2 - IDENTITY SERVER GUIDE 2010 Manual page 254

4 Update the Identity Server.
5 Continue with
Creating an Attribute Set for WS Federation
The CardSpace attribute set is not in the correct namespace for WS Federation. The WS Federation
namespace is
claims. With WS Federation, you need to decide which attributes you want to share during
authentication. This scenario uses the LDAP mail attribute and the All Roles attribute.
1 On the Identity Servers page, click Shared Settings.
2 To create a new attribute set, click New, then fill in the following fields:
Set Name: Specify a name that identifies the purpose of the set, for example, wsfed_attributes.
Select set to use as template: Select None.
3 Click Next.
4 To add a mapping for the mail attribute:
4a Click New.
4b Fill in the following fields:
Local attribute: Select LDAP Attribute:mail [LDAP Attribute Profile].
Remote attribute: Specify emailAddress. This is the attribute that this scenario uses for
user identification.
Remote nanespace: Select the radio button by the text box, then specify the following
namespace:
http://schemas.xmlsoap.org/claims
4c Click OK.
5 To add a mapping for the All Roles attribute:
5a Click New.
5b Fill in the following fields:
Local attribute: Select All Roles.
Remote attribute: Specify group. This is the name of the attribute that is used to share
roles.
Remote nanespace: Select the radio button by the text box, then specify the following
namespace:
http://schemas.xmlsoap.org/claims
5c Click OK.
6 Click Finish.
7 Continue with
Enabling the Attribute Set
Because the WS Federation protocol uses STS, you must enable the attribute set for STS in order to
use it in an WS Federation relationship.
1 On the Identity Servers page, click Servers > Edit > STS.
254 Novell Access Manager 3.1 SP2 Identity Server Guide
"Creating an Attribute Set for WS Federation" on page
http://schemas.xmlsoap.org/claims
"Enabling the Attribute Set" on page
254.
. Also, CardSpace has a defined set of
254.