Mapping token exchange attributes to token generator attributes
When configuring the OAuth authorization server to exchange security tokens, if it uses token generator instances to create the requested tokens, then map the attributes in the attribute contract produced by the token exchange processor policy to the attributes created by the token generator instances.
Before you begin
Before you perform the following procedure:
-
Define the token exchange processor policies. See Defining token exchange processor policies.
-
Configure the token generator instances. See Managing token generators.
About this task
In the Token Generator Mappings window, map the attributes from a token exchange processor policy to the attributes from a token generator instance.
Steps
-
Go to Applications → Token Exchange → Token Generator Mappings to open the Token Generator Mappings window.
-
From the Source Instance list, select a token exchange processor policy.
-
From the Target Instance list, select a token generator from a token exchange generator group. Click Add Mapping button.
Result:
The Mapping Configuration window opens.
-
On the Attribute Sources & User Lookup tab, add token generators additional attribute sources for contract fulfillment as needed. Click Next.
-
On the Token Contract Fulfillment tab, select a Source and Value for each attribute. Click Next.
-
On the Issuance Criteria tab, add and specify conditions that attributes must satisfy for PingFederate to exchange the token as needed. Click Next.
-
On the Summary tab, review the mapping configuration. Click Done.
Result:
The Token Generator Mappings window opens.
-
Click Save.