Use the alias service migration tool to preserve existing aliases from earlier versions of Tivoli® Federated Identity Manager.
The alias service stores mappings between a user identity and one or more string aliases on a per federation context basis. In the actual alias service interfaces, this federation context is also called as the partner ID. The primary clients of the alias service are SAML 2.0 federations by using persistent name identifiers.
In the earlier versions of Tivoli Federated Identity Manager (before 6.2.2), the federation context is the ProviderID of the SAML partner. There is no difference between the federation context if two or more federations import the same partner metadata. This task might cause potential privacy and functional problems.
In this version, a unique identifier is introduced in the partner ID parameter of the UserIdDescriptor object that is passed to the alias service client. This approach includes the federation ID in the partner ID as part of alias service operations for SAML 2.0 federations. It also uses a per-partner federation property to toggle how a partner stores and retrieves aliases from the alias service.
Existing aliases and federations work without any migration. But if they are modified to use the new alias service format, you must use the alias service migration tool to migrate existing aliases.
Tivoli Federated Identity Manager provides an alias service delegate so that an authenticated user can manage their alias service entries. The delegate is accessed through the /sps/alias URI and uses a query string parameter called partner to determine which partner to obtain aliases for.
For SAML 2.0 federations that are using the new format of storing aliases, the query string parameter value must be in the format federationID|partnerID. For example: