PingFederate Server

Defining an attribute contract for SP STS

An attribute contract is the set of user attributes expected in incoming SAML assertions. For more information, see Attribute contracts.

About this task

On the Attribute Contract tab, identify the user attributes.

Optionally, you can mask the values of attributes, other than SAML_SUBJECT, in logs that PingFederate writes when it receives security tokens.

Use the Edit, Update, and Cancel workflows to make or undo a change to an item. Use the Delete and Undelete workflows to remove an item or cancel the removal request.

Steps

  1. Go to Authentication → Integration → IdP Connections.

  2. On the WS-Trust STS tab, click Configure WS-Trust STS.

  3. On the Token Generation tab, click Configure Token Generation.

    Result:

    The Token Generation configuration window opens.

  4. Click the Attribute Contract tab.

  5. Enter the name in the Extend the Contract field.

    Attribute names are case-sensitive and must correspond to the attribute names expected by the requester.

  6. Optional: Select the Mask Values in Log check box .

  7. Click Add.

  8. Repeat until all applicable attributes are defined.

  9. Click Next.