You can map a federated user with transient name identifier to a local user based on ldap attribute match.
In the Administration Console, click
> > > > .Click
, then fill in the following fields:Display name: Specify a name for the class.
Java class: Select
.Java class path: Enter
Click
, then configure the following properties for the class:ignoreErrors: Specify true to ignore the password retrieval failure.
pwdType: Specify 0 to retrieve a universal password and 1 to retrieve a simple password.
userLookupType: Specify 1 to make the ldapattribute searchable.
attributeName: Specify the ldap attribute. The value of this ladp attribute is used to identify the local user.
attributeAutoprovision: Specify false to prevent automatic provisioning of attributes.
retainPrincipal: Specify false to prevent retaining previous principal.
Click
.When you create a method, you can specify property values that are applied to just this method and not the entire class. The method also allows you to specify which user stores can use the method.
On the Local page for the Identity Server, click
> .Specify a
name.From the
selection list, select the option.In the
list, select the option.Click
.Perform the following actions:
In the Administration Console, click
> > > > >Change the post execution method of SAML2 with the PasswordFetchClassEx method.
Click
.Click
twice.Update Identity Server.