PingFederate Server

Configuring an AWS DynamoDB datastore

Set up an Amazon Web Services (AWS) DynamoDB so that PingFederate can store user attributes in the DynamoDB NoSQL database.

Before you begin

Ensure that your server is configured to access DynamoDB. For more information on how to configure your server to access DynamoDB, see Setting up DynamoDB (web service) in the AWS DynamoDB documentation.

About this task

DynamoDB’s NoSQL nature allows for flexible schema design and horizontal scalability, accommodating varying attribute types and high volumes of user data. DynamoDB’s robust security and reliability features help ensure the confidentiality and integrity of stored user attributes.

To create a DynamoDB datasource and map local attribute names to DynamoDB document paths:

Steps

  1. Go to System → Data & Credential Stores → Data Stores.

  2. In the Data Stores window, click Add New Data Store.

  3. On the Data Store Type tab, enter a name for the datastore.

  4. Optional: To mask attribute values returned from this datastore in PingFederate logs, select the Mask Values in Log check box.

  5. In the Type list, select AWS DynamoDB.

  6. Click Next.

  7. In the Configure Data Store Instance window, configure your AWS DynamoDB connection.

  8. In the Attributes field, define the list of attributes that you want the datastore to return when performing a lookup.

    For information about each field, see the following table.

    Field Description

    Local Attribute

    The attribute names that are populated in drop-down menus during contract mapping.

    DynamoDB Attributes

    Specifies document path, the DynamoDB-specific syntax that identifies where precisely in the record an attribute is located. For more information, see Document paths in the AWS DynamoDB documentation.

    Table Name

    The name of the DynamoDB table.

    Allow Multi-value Attributes

    When selected, a DynamoDB query that returns multiple records will result in multi-valued attributes. Otherwise, only the first record returned from the query is used. This check box is selected by default.

    API Call Timeout

    The amount of time in milliseconds to allow the client to complete the execution of the API call. The default value is 10000.

    API Call Attempt Timeout

    The amount of time in milliseconds to wait for the HTTP request to complete before giving up and timing out. The default value is 1000.

    Mask Values in Log

    Determines whether all attribute values returned through this datastore should be masked in PingFederate logs. These values are only applicable when editing an existing data store.

  9. Click Next.

  10. Click Test Connection to determine whether the administrative node can query the specified DynamoDB table.

    Datastore validation is not enabled during configuration, which lets you configure datastores without requiring a successful connection between the administrative node and the AWS DynamoDB. You can also save the datastore even if the connection is not currently successful.

Next steps

See Specifying filters and fields for an AWS DynamoDB datastore to continue setting up your DynamoDB datasource and map local attribute names to DynamoDB document paths.