Fulfilling IdP adapter grant mapping
On the Contract Fulfillment tab, map authentication source values into persistent grants. Persistent grants and any associated attributes and their values remain valid until the grants expire or until PingFederate explicitly revokes or cleans them up.
About this task
The USER_KEY
attribute is the identifier of the persistent grants.
The USER_NAME
attribute presents the name shown to the resource owner on OAuth user-facing pages.
If extended attributes are defined in System → OAuth Settings → Authorization Server Settings, configure a mapping for each attribute.
The |
Steps
-
Go to Authentication → OAuth → IdP Adapter Grant Mapping and select your mapping, or click Add Mapping.
-
On the Contract Fulfillment tab, select a source from the Source list and then select or enter a value for each attribute in the contract.
You can map each attribute from one of the following sources:
-
Adapter
When selected, the associated Value drop-down list contains attributes configured in the IdP adapter instance.
-
**
Context
Values are returned from the context of the transaction at runtime.
If
As the HTTP Request context value is retrieved as a Java object rather than text, OGNL expressions are ideal to evaluate and return values. |
-
Extended Client Metadata
Values are returned from the client record.
-
LDAP/JDBC/Other
Values are returned from your datastore, if used.
-
Expression
If enabled, this option provides more complex mapping capabilities, such as transforming incoming values into different formats. All of the variables available for text entries are available for expressions.
-
No Mapping
This option ignores the Value field.
-
Text
You can enter text only, or mix text with references to the attributes returned from the adapter instance, using the
${attribute}
syntax.You can also enter values from your datastore using the
$\{ds.attribute}
syntax, whereattribute
is any of the datastore attributes you have selected.-
Click Next.
-