Creating a policy fragment
Create a policy fragment that will allow you to include the PingOne Verify IdP Adapter in your user registration flow.
Steps
-
On the PingFederate administrator console, go to Authentication → Policies → Fragments.
-
Click Add Fragment.
-
In the Name field, enter a name, such as
PingOne Verify Fragment
. -
From the Inputs list, select your input policy contract, such as PingOneVerifyInput.
-
From the Outputs list, select your input policy contract, such as PingOneVerifyOutput.
-
In the Policy area, select a PingOne Verify IdP Adapter instance.
-
Under the PingOne Verify IdP Adapter instance, click Options.
-
On the Options dialog, from the Source list, select Inputs.
-
From the Attribute list, select the attribute that contains the user identifier, such as username.
-
Select the User ID Authenticated check box.
-
Click Done.
-
-
For the Fail path, select Done.
-
For the Success path, select your output policy contract, such as PingOneVerifyOutput.
-
Configure the policy contract to include attributes from the input as well as from the PingOne Verify IdP Adapter.
-
Under the output policy contract, click Contract Mapping.
-
On the Contract Fulfillment tab, map the output attributes to allow the policy fragment to provide information, such as the transaction status and user identifier, to the authentication policy.
Table 1. Example contract fulfillment mappings Source Value Inputs
email
Inputs
username
Adapter (PingOne Verify IdP Adapter instance)
transactionStatus
Adapter (PingOne Verify IdP Adapter instance)
subject
-
Click Done.
-
-
Click Save.