1. Click Map New Token Processor Instance and select a configured Username Token Processor as the Token Processor Instance.
  2. On the Attribute Retrieval screen, select the option to retrieve additional attributes from data stores to fulfill the attribute contract.
  3. In the Attribute Sources & User Lookup screen, configure the LDAP data store that will return the upn attribute for the corresponding user, adding userPrincipalName as an additional attribute and including a filter value such as sAMAccountName=${username}.
  4. On the Attribute Contract Fulfillment screen, select Text as the Source for SAML_SUBJECT and enter an unused value. Select LDAP as the Source for upn and select userPrincipalName as the value.
  5. Configure issuance criteria, if necessary.