6-46 Oracle Fusion Middleware Administrators Guide for Oracle Identity Federation 3. Enter one of these commands based on the name format used: setFederationPropertySPproviderID,nameformatemail,attribute-name,st ring if name format is Email Address setFederationPropertySPproviderID,nameformatx500,attribute-name,str ing if name format is X509 Subject Name setFederationPropertySPproviderID,nameformatunspecified,attribute-nam e,string if name format is Unspecified setFederationPropertySPproviderID,nameformatkerberos,attribute-name, string if name format is Kerberos setFederationPropertyproviderID,nameformatwindows,attribute-name,st ring if name format is Windows Domain Qualified Name setFederationPropertyproviderID,nameformatcustom,attribute-name,str ing if name format is Custom

6.21 Configuring Audience Restrictions for Assertions

When using assertions to exchange information, SAML authorities such as an identity provider or attribute authority can set the conditions under which an assertion is valid. Typical conditions might be: ■ Time before which the assertion is not valid ■ Time after which the assertion is not considered valid any more ■ List of providers that can process the assertion. Only a provider listed in the AudienceRestictionCondition element of the assertion is able to use the assertion. The SAML specifications define the AudienceRestictionCondition as a list of Audience elements, each one referencing a provider that can process the assertion. By default, Oracle Identity Federation creates an AudienceRestrictionCondition element when generating an assertion, and includes the recipient of the assertion using these rules: ■ For SAML 1.x protocol exchanges, set the Audience as the Assertion Consumer Service URL of the service provider. ■ For SAML 2.0 protocol exchanges, set the Audience as the ProviderID of the service provider Attribute Requestor. Note: If federation store was set and a federation record exists for the user, the nameid in the federation record is used.