PingFederate Server

Configuring attribute scopes

With OpenID Connect, scopes affect the list of attributes that PingFederate can return to the OAuth clients. In the Attribute Scopes tab, you can optionally add associations between scopes and attributes beyond what is defined in the specification.

Steps

  1. Go to Applications → OAuth → OpenID Connect Policy Management and select your policy, or click Add Policy.

  2. In the Attribute Scopes tab, add any number of scope-to-attributes associations.

    1. Select a scope from the Scope list.

      Common and exclusive scopes are both available.

    2. Select the relevant check boxes under Attributes.

      If you have selected a standard scope, its associated standard attributes are automatically selected and cannot be modified. You can select additional attributes to be associated with the selected scope.

      If you have selected the profile scope, any non-standard attributes that are not associated with the profile scope become inaccessible to your OAuth clients. The administrative console displays a warning message with a list of inaccessible attributes. Select the relevant check boxes to make the non-standard attributes accessible, or ignore the message to leave them inaccessible for now.

    3. Click Add.

    4. Optional: Repeat these steps to define additional scope-to-attributes associations.

    Click Edit, Update, or Cancel to make or undo a change to an existing entry. Click Delete or Undelete to remove an existing entry or cancel the removal request.

  3. Click Next.