Novell ACCESS MANAGER 3.1 SP2 - IDENTITY SERVER GUIDE 2010 Manual page 366

provider names for the Liberty PP: sn and PP: ph# attributes are lastname and
phonenumber, respectively. (See
Authentication," on page
c. The Identity Server uses the PP service to look up the values for the user's PP: sn and PP:
ph# attributes.
The Identity Server recognizes that the values for the user's PP: sn and PP: ph# attributes
are Jones and 555-1212, respectively.
3. The Identity Server sends an HTTP redirect with an artifact.
The Identity Server now has the information to generate a SAML assertion. The Identity Server
sends an HTTP redirect containing the artifact back to the browser. The redirect looks similar to
the following:
http://xyz.com/auth/afct?TARGET=http://xyz.com/index.html&SAMLArtifact
=<<artifact>>
4. The remote SAML server requests the assertion.
The HTTP redirect results in the browser sending the artifact to the SAML server at xyz.com.
The SAML server at xyz.com requests the SAML assertion from the Identity Server.
5. The Identity Server sends the assertion to the remote SAML server.
The remote SAML server receives the artifact and looks up the assertion.The assertion is sent
to the SAML server at xyz.com in a SOAP envelope. The assertion contains the attributes
lastname=Jones and phonenumber=555-1212.
The user now has an authenticated session at xyz.com. The xyz.com SAML server redirects the
user's browser to http://xyz.com/index.html, which was referenced in the original HREF in
Step 1.
366 Novell Access Manager 3.1 SP2 Identity Server Guide
Section 7.6.1, "Configuring the Attributes Obtained at
200.)