Defining Shared Settings4133novdocx (en) 19 February 20104Defining Shared SettingsYou can define shared settings so that they can be reused and are available in any Identity Servercluster configuration. The settings include: Attribute sets: Sets of attributes that are exchangeable between identity and service providers. User matching expressions: The logic of the query to the user store for identification when anassertion is received from an identity provider. SharedSecret names: Custom shared secret names that you want to be available whenconfiguring policies. LDAP attributes: Custom LDAP attribute names that you want to be available whenconfiguring policies.This section describes the settings that can apply to any configuration. Section 4.1, “Configuring Attribute Sets,” on page 133 Section 4.2, “Editing Attribute Sets,” on page 135 Section 4.3, “Configuring User Matching Expressions,” on page 136 Section 4.4, “Adding Custom Attributes,” on page 137 Section 4.5, “Adding Authentication Card Images,” on page 1404.1 Configuring Attribute SetsAttributes you specify on the Identity Server are used in attribute requests and responses, dependingon whether you are configuring a service provider (request) or identity provider (response).Attribute sets provide a common naming scheme used in the exchange. For example, an attribute setcan map the Liberty attribute FN (first name) to the equivalent remote name used at the serviceprovider, which might be Name.Attributes also can be defined and used in policy enforcement. They can be attributes defined by theWeb Service Profiles, or customized attributes that can be mapped into SAML attributes. You alsomap user attributes so that the Identity Server can accept them from SAML.To create and configure an attribute set:1 In the Administration Console, click Devices > Identity Server > Shared Settings > AttributeSets > New.2 Specify a name for identifying the attribute set, then click Next.