Extracting data from PingFederate
Extract data collected from PingFederate through the simple and advanced parameter mappings to use in a PingAM journey (tree).
Steps
- 
Create a script to extract data coming from PingFederate into the PingAM journey that you specified in the adapter settings: - 
In the PingAM administrative console, go to the realm that the journey is in, then go to Scripts and click New Script. 
- 
In the Name field, give the script a meaningful name. 
- 
In the Description field, give the script a meaningful description. 
- 
In the Script Type list, select Decision node script for authentication trees. 
- 
In the Language section, select JavaScript. 
- 
In the Evaluator Version section, confirm that the value is Legacy. 
- 
In the Script field, enter the following sample code. Use this script as a starting point. In this example, the data sent from PingFederate is configured with the Parameter Name appName./* - Data made available by nodes that have already executed are available in the sharedState variable. - The script should set outcome to either "true" or "false". */ var fr = JavaImporter(org.forgerock.openam.auth.node.api.Action); var pfApplicationName = nodeState.get("appName").asString(); logger.error("The PingFederate application name passed in is {}", pfApplicationName); //for each attribute, add the 'putSessionProperty' method action = fr.Action.goTo("true").putSessionProperty("am.pf.appName", pfApplicationName) .build(); outcome = "true";
- 
Click Validate. 
 
- 
- 
Use the script in the authentication journey: - 
Go to Authentication > Trees and open the journey that’s being used in the adapter. 
- 
Drag the Scripted Decision node onto the journey. 
- 
Select the Scripted Decision node and give the node a meaningful name. 
- 
In the Script list, select the script that you created in the previous step. 
- 
In the Outcomes field, enter true. Press Enter.
- 
Connect the Trueoutcome of the DataStore Decision node to the Scripted Decision node.
- 
Connect the Trueoutcome of the Scripted Decision node to the Success node.
- 
Click Save. 
 
- 
- 
Add the properties that the script sets in the session to the allow list: - 
In the PingAM administrative console, go to Services. 
- 
Add or edit the Session Property Whitelist Service. To add this service: - 
Click Add a Service. 
- 
In the Choose a service type list, search for Session Property Whitelist Serviceand select it in the list.
 
- 
- 
On the Session Property Whitelist Service page, in the Allowlisted Session Property Names field, add the properties that you set in the script: For example: - 
am.pf.appName
 
- 
- 
Click Save Changes. 
 
- 
- 
Test the user journey.