PingFederate Server

Selecting an attribute mapping method

On the Mapping Method tab, you can select if and how PingFederate should query local datastores to help fulfill the attribute contract in conjunction with attribute values from the authentication source.

About this task

To determine whether you need to look up additional values, compare the attribute contract against the adapter contract or the authentication policy contract. If the attribute contract requires more information, you must determine whether local datastores can supply it.

Alternatively, you can configure datastore queries as part of the fulfillment configuration for the applicable identity provider (IdP) adapter contract or authentication policy contract. If so, you do not need to set up datastore query on the connection level.

Steps

  1. For initial steps to configure IdP adapter instances, see Mapping an adapter instance.

  2. On the Mapping Method tab, select one of the following options.

    Mapping method Description

    Retrieve additional attributes from multiple data stores using one mapping

    Select to configure one or more datastores to look up attributes for a single mapping.

    Retrieve additional attributes from a data store

    Select to define alternate datastores to look up attributes and a failsafe mapping configuration.

    When this option is selected, the token authorization framework, through issuance criteria, does not apply. For more information, see Token authorization and Selecting an attribute mapping method.

    Use only the adapter contract values in the SAML assertion

    Select if you do not require connection-level datastore query.

  3. Click Next to save changes and proceed to the next tab.