Change federation
To change federation of persistently linked accounts:
-
Retrieve the name identifier value, used to manage the federation in the second step.
-
You can retrieve the name identifier value on the IdP side by checking the value of the
sun-fm-saml2-nameid-infokeyproperty.For example, if the user’s entry in the directory shows:
sun-fm-saml2-nameid-infokey: https://<tenant-env-fqdn>/am| https://<tenant-env-sp-fqdn>/am| XyfFEsr6Vixbnt0BSqIglLFMGjR2Then, the name identifier on the IdP side is
XyfFEsr6Vixbnt0BSqIglLFMGjR2. -
You can retrieve the name identifier value on the SP side by checking the value of
sun-fm-saml2-nameid-info.For example, if the user’s entry in the directory shows:
sun-fm-saml2-nameid-info: https://<tenant-env-sp-fqdn>/am| https://<tenant-env-fqdn>/am| ATo9TSA9Y2Ln7DDrAdO3HFfH5jKD| https://<tenant-env-fqdn>/am| urn:oasis:names:tc:SAML:2.0:nameid-format:persistent| 9B1OPy3m0ejv3fZYhlqxXmiGD24c| https://<tenant-env-sp-fqdn>/am| SPRole|falseThen, the name identifier on the SP side is
9B1OPy3m0ejv3fZYhlqxXmiGD24c.
-
-
Use the identifier to initiate a change request, as in the following examples:
-
To initiate a change request from the service provider, use a URL similar to the following example:
https://<tenant-env-sp-fqdn>/am/saml2/jsp/spMNIRequestInit.jsp ?idpEntityID=https%3A%2F%2Fwww.idp.com%3A8443%2Fopenam &metaAlias=/sp &requestType=NewID &IDPProvidedID=XyfFEsr6Vixbnt0BSqIglLFMGjR2You can substitute
am/SPMniInitforam/saml2/jsp/spMNIRequestInit.jsp. -
To initiate a change request from the identity provider, use a URL similar to the following example:
https://<tenant-env-fqdn>/am/saml2/jsp/idpMNIRequestInit.jsp ?spEntityID=https%3A%2F%2Fwww.sp.com%3A8443%2Fopenam &metaAlias=/idp &requestType=NewID &SPProvidedID=9B1OPy3m0ejv3fZYhlqxXmiGD24cYou can substitute
am/IDPMniInitforam/saml2/jsp/idpMNIRequestInit.jsp
-