Mapping attributes to groups
Map attribute values in the System for Cross-domain Identity Management (SCIM) request to group attributes.
About this task
Steps
-
On the Attribute Fulfillment tab, for each attribute, select a source from the list and then choose or enter a value. You must map all target attributes.
[.uicontrol]Context**
When selected, the Value list populates with the available context of the transaction. Select the desired context from the list.
As the |
If you are configuring an OAuth Attribute Mapping configuration and have added
|
-
Expression
This option provides more complex mapping capabilities ,such as transforming incoming values into different formats. All of the variables available for text entries are also available for expressions.
If you need to map two attribute values from a SCIM request to one LDAP attribute value, use an OGNL expression to create the LDAP attribute.
Enable OGNL expression by editing the
<pf_install>/pingfederate/server/default/data/config-store/org.sourceid.common.ExpressionManager.xml
file. Restart PingFederate after saving the change.For a clustered PingFederate environment, edit the
org.sourceid.common.ExpressionManager.xml
file on the console node, sign on to the administrative console to replicate this change to all engine nodes in the System → Server → Cluster Management window, and restart all nodes. -
SCIM Group
When you make this selection, the associated Value list populates with the defined components of the SCIM request.
-
No Mapping
Select this option to ignore the Value field.
-
Text
The value is what you enter. This can be text only, or you can mix text with references to any of the values from the SCIM request, using the
${attribute}
syntax.You can reference attribute values in the form of
$\{attributeName:-defaultValue}
. The default value is optional. When specified, it is used at runtime if the attribute value is not available. Do not use$\{
and}
in the default value.-
Click Done.
-