PingFederate Server

Selecting attribute sources (SAML 2.0)

For SAML 2.0 connections, the server can be configured to use only assertion attributes for user provisioning, or to retrieve more attributes from the identity provider (IdP) in a follow-on attribute query transaction.

About this task

The User Attributes tab displays the attributes expected in the assertion from this IdP.

Screen capture of the User Attributes tab.

The attribute query is a SAML 2.0 profile. For OpenID Connect, SAML 1.x, and WS-Federation connections, this tab is not presented. PingFederate uses only attributes from the assertion for user provisioning.

Steps

  • If you and your IdP partner have agreed to use the Attribute Query profile for provisioning, select that option before leaving this tab.

    You configure the attribute query profile later in the task flow.