|Applies To||RSA Federated Identity Management Module (FIM) 3.1|
Microsoft Windows 2003 Server
Solaris 10.0 (SPARC)
|Issue||How to retrieve attributes from FIM IdP|
Attribute is not showing up in SAML Messages
|Cause||FIM is not configured properly to retrieve the attributes.|
If you wish to have attributes sent from an IdP to an SP (in the SAML Response message) then a number of tasks need to be carried out on both systems which include passing the metadata file from the SP over to the IdP.
If you are using ClearTrust 5.5.3 (Access Manager 6.x) then the CTBasicAttributePluginRP plug-in should be loaded on the SP and the CTBasicAttributePluginAP plug-in should be loaded on the IdP. Where the these plug-ins are being used there is a one-to-one relationship between a ClearTrust property defined for a user with a SAML attribute which will be tranferred.
When using the database plug-in or the LDAP plug-in make sure that you have reviewed the steps in the last 5 pages of chapter 9 of the RSA Federated Identity Manager Installation and Configuration Guide.
If you chose to write a custom attribute plug-in then you should follow the design notes in the FIM developers guide.
Now the following steps should be carried out on the SP.
Now follow these steps on the IdP
Documentation for full administration creating plugins and configuration can be found on SecurCare online at:
RSA Federated Identity Manager 3.1 Planning Guide
RSA Federated Identity Manager 3.1 Installation & Configuration Guide
RSA Federated Identity Manager 3.1 Developer's Documentation
|Legacy Article ID||a31740|