9.8 Selecting Attributes for a Trusted Provider

You can select attributes that an identity provider sends and a service provider receives in an authentication. You can also create attribute sets or select attribute sets that you created globally in Section 7.1, Configuring Attribute Sets.

  1. In the Administration Console, click Access Manager > Identity Servers > Servers > Edit > Liberty [or SAML] > [Provider] > Access > Attributes.

    IDP attributes

  2. To create an attribute set, select New Attribute Set from the Attribute Set drop-down menu.

    An attribute set is a group of attributes that can be exchanged with the trusted provider. For example, you can specify that the local attribute of any attribute in the Liberty profile (such as Informal Name) matches the remote attribute specified at the service provider.

  3. Specify a set name, then click Next.

  4. On the Define Attributes page, click New.

  5. Select a local attribute.

  6. Optionally, you can provide the name of the remote attribute.

  7. Click OK, then click Finish.

    After you select attributes, the system displays them on the Attributes page.

    You can select attributes from the Available Attributes field, and move them to the left side of the page. If you are an identity provider setting up a service provider, the left side of the page is used for attributes to be sent in an assertion to a service provider.

    If you are a service provider setting up an identity provider, the attributes that you move to the left side of the page are those you want to be obtained by the service provider during authentication.