Managing attribute sources

Use the Attribute Source management page to add, edit, or delete your identity attribute sources.

About this task

You can manage the following types of attribute sources with this UI:

Fixed
This type contains the Attribute Name and Value fields. Both fields are in free text format. You can specify any text in these fields to suit your needs.
Credential
This type contains the Attribute Name and Credential Attribute fields. For the Credential Attribute field, you can select from a list of commonly used credential attribute values or add a value that is not already in the list.
Note: The Credential attribute source does not work for the Relying Party in an OpenID Connect federation, because when the mapping occurs the user does not have the credential from which to retrieve the attribute.
LDAP
This type contains the attribute name and the details of the LDAP server to look up the attribute in. The following fields are available:
Attribute Name
Name of the attribute on the appliance. This field is required.
LDAP Attribute
Name of the attribute on the LDAP server. This field is required.
Server Connection
The ID of the existing LDAP server connection that contains information about the location and the credential that is required to connect to the LDAP server. This field is required.
Note: To add an LDAP attribute source, there must be at least one LDAP server connection present. For details about how to create an LDAP server connection, see Managing server connections.
Scope
The scope of the search. Valid values are Subtree, One level, and Base. This field is optional.
Selector
A comma-separated list of the attributes to be retrieved from the search result. When multiple attributes are required from the same search result, you can use the selector to include all the required attributes. For example, "cn,sn,mobile,email". This field is optional.
Search Filter
The search filter to use for the search. You can use a variable macro that will be replaced during the run time before the search. The macro will be replaced with a value from the STSUU attributes. If the value is not found, it will not be replaced. The macro is indicated by curly brackets. For example, "(cn={AZN_CRED_PRINCIPAL_NAME})". This field is required.
BaseDN
The base DN to run the search on. You can use a variable macro that will be replaced during the run time before the search. The macro will be replaced with a value from the STSUU attributes. If the value is not found, it will not be replaced. The macro is indicated by curly brackets. For example, "dc=iswga" or"dc={myBaseVariable}". This field is required.

Procedure

  1. Log in to the local management interface.
  2. Click Federation > Manage > Attribute Source.
  3. You can create, modify, or delete attribute sources.
    Creating an attribute resource
    1. Click Add and select the type of attribute source to create.
    2. Provide details for the attribute source.
    3. Click Add.
    4. Deploy the changes.
    Modifying an attribute source
    1. Select the attribute source to modify.
    2. Click Edit.
    3. Edit the details of the attribute source as needed.
    4. Click Modify.
    5. Deploy the changes.
    Deleting an attribute source
    Note: Before deleting an attribute source, ensure that the attribute source is not used by any federations or partners. Deleting an attribute source that is used by a federation or partner could cause failure of single sign-on flows.
    1. Select the attribute source to delete.
    2. Click Delete.
    3. Click Delete to confirm the deletion.
    4. Deploy the changes.