To ensure that Access Manager recognizes Identity Manager as a trusted service provider, add the metadata text for OSP to the Identity Server and configure an attribute set. This process includes the following activities:
Access Manager needs the metadata text for OSP. You should copy the contents of the metadata .xml file to a document that you can open on the Access Manager Identity Server.
In a browser, navigate to the URL for the OSP metadata. By default, Identity Manager uses the following URL:
https://server:port/osp/a/idm/auth/saml2/spmetadata
where server:port represent the Tomcat server that hosts OSP.
View the page source for the spmetadata.xml file.
Copy the contents of the file to a document that you can access in Adding Identity Manager as a Trusted Service Provider
To ensure that SAML can perform an assertion exchange between Access Manager and OSP, create an attribute set in Access Manager. Attribute sets provide a common naming scheme for the exchange. OSP looks for an attribute value that identifies the subject of the assertion. By default, the attribute is mail.
For more information, see “Configuring Attribute Sets” in the NetIQ Access Manager Identity Server Guide.
Open the Administration Console for Access Manager.
Click Devices > Identity Servers > Shared Settings > Attribute Sets > New.
Specify a name for the attribute set. For example, IDM SAML Attributes.
Click Next, and then click New.
For Local Attribute, select Ldap attribute: mail [LDAP Attribute Profile].
For Remote Attribute, specify mail.
Click OK, and then click Finish.
Configure Access Manager to recognize Identity Manager as a trusted service provider. For more information, see “Creating a Trusted Service Provider for SAML 2.0” in the NetIQ Access Manager Identity Server Guide.
Open the Administration Console for Access Manager.
Click Devices > Identity Servers > Edit > SAML 2.0.
Click New > Service Provider.
For Provider Type, specify General.
For Source, specify Metadata Text.
In the Text field, paste the contents of the spmetadata.xml file that you copied in Copying the Metadata for Identity Manager.
Specify a name for the new OSP service provider.
Click Next, then click Finish.
On the SAML 2.0 tab, select the OSP service provider that you created in Step 7.
Click Attributes.
Select the attribute set that you created in Creating an Attribute Set for SAML. For example, IDM SAML Attributes.
Move the attributes available for the OSP service provider set to the Send with authentication panel on the left side of the page.
The attributes that you move to the Send with authentication panel are the attributes that you want to be obtained during authentication.
Click OK twice.
To update the Identity Server, click Devices > Identity Servers > Update > Update All Configuration.