SiteMinder Federation - how to retrieve attributes from 2 user directories for a single assertion

Discussion created by jsjohnson on Aug 7, 2014
Latest reply on Sep 10, 2014 by CBertagnolli

I'm using SiteMinder 12.51. I've created a SAML 2.0 federation partnership between the local IdP and the remote SP. I have configured connections to two separate user directories which also happen to be different types of directories. These two directories do not share a common schema. So far my use case is covered in the product documentation. Where I need help, and where my use case does not seem to be clearly covered in the documentation, is that for a given assertion, I must use "directory A" to authenticate using local authentication mode, while retrieving an attribute (lets say "attribute X") that only exists in "directory B". I must use directory A for authentication as it has the password used for authenticating the user, while directory B does not have this password for authentication. I must retrieve "attribute X" from directory B because this attribute does not exist in any other directory. During my testing it seems that the user directories are queried by order of precedence until a record is found matching the Universal ID. How can I configure my federation partnership to perform the authentication against directory A, which does not contain attribute X, while for the same assertion retrieving attribute X from directory B?


Unless I'm not following the documentation correctly, then, it seems that simple attribute mapping does not meet my needs as I'm not simply trying to create a common schema "view".


Any assistance would be greatly appreciated.