Symantec Access Management

  • Private Community

  • 1.  Federation Manager as Service Provider auto create User

    Posted Sep 04, 2012 08:35 AM
    Using Federation Manager as Service Provider receiving a SAML token which verifies ok how can I easiest automatically create the user in a User Directory so that Authentication works.
    I know that FM requires the user to exist in the User Store in order to disambiguate the user but since I trust the SAML Issuer and the SAML token verifies ok I do not want to precreate the users in the
    User Store rather do it on the fly.

    I know I can use the Dynamic Remote Provisioning but then I will need to create an application that can receice the cookie and then create the user and this will involve a number of redirects and building a new application

    In the old FSS with SiteMinder I could use the Authentication API but is this supported with FM?


    any other ideas?

    /Jan


  • 2.  RE: Federation Manager as Service Provider auto create User
    Best Answer

    Posted Sep 05, 2012 10:10 AM
    Managed to get this to work using the Dynamic Remote Provisioning.



    Used the FM as SP, set it do Dynamic Remote Provisioning with OpenFormatCookie, this redirected the user to a small .Net application where we installed the .Net SDK and the sample, modified this, created the user in a SQL user store, redirected the user back to SP Assertion URL, FM authenticated the user ok by verifying the OpenFormatCookie.



    /Jan


  • 3.  RE: Federation Manager as Service Provider auto create User

     
    Posted Sep 10, 2012 06:33 PM
    Thanks for letting everyone know Jan! :grin: