PingFederate Server

Fulfilling identity hint contract

You can fulfill identity hint contracts in PingFederate.

About this task

On the Identity Hint Contract Fulfillment tab, fulfill the identity hint contract with values from the original identity hint, datastores, dynamic text values, or attribute mapping expressions, if enabled.

Steps

  1. From the Source list, select a source.

    For more information about the Source list, see the following table.

    Source Description

    Context

    Select Context to return specific information from the request.

    JDBC, LDAP, or other types of datastore (if configured)

    Select an attribute source when PingFederate should retrieve attribute value from a datastore.

    When you make this selection, the list under Value populates with attributes from your database, directory, or other datastore.

    Applicable only if you have added at least one attribute source on the Attribute Sources & User Lookup tab. For more information, see Configuring attribute sources and user lookup.

    Request

    Select Request to use the attribute value PingFederate found in the CIBA request without customization.

    Expression (if enabled)

    Select Expression to support complex mapping requirements, such as transforming incoming values into different formats. Additionally, HTTP request is retrieved as a Java object rather than text. For this reason, select Expression as the source and use OGNL expressions to evaluate and return specific information from the HTTP request.

    Applicable only if you have enabled the use of expressions in PingFederate. For more information, see Attribute mapping expressions.

    No Mapping

    Select No Mapping to ignore the Value field, making value selection unnecessary.

    Text

    Select Text to return the value you enter under Value.

    You might use a static text value if the target web application provides a service based on the name of your organization.

    You can mix text with references to attributes from the identity provider (IdP) adapter contract by using the $\{<attribute>} syntax.

    $\{ds.<attr-source-id>.<attribute>}You can also enter references to syntax, where <attr-source-id> is the Attribute Source ID value you entered on the Data Store tab and <attribute> is an attribute from the datastore.

    You can reference attribute values in the form of $\{attributeName:-defaultValue}. The default value is optional. When specified, it is used at runtime if the attribute value is not available. Do not use $\{ and } in the default value.

  2. Specify a value associated with the selected source.

    Not applicable if you selected Request. You can also enter references to attributes from configured attribute sources by using the Source list.

  3. Repeat these steps until all attributes are configured.

  4. Click Next.