--- title: Defining an attribute contract description: An attribute contract is the set of user attributes that you and your partner have agreed will be sent in single sign-on (SSO) tokens for this connection. component: pingfederate version: 13.1 page_id: pingfederate:administrators_reference_guide:help_usersessioncreationtasklet_createattributecontractstate canonical_url: https://docs.pingidentity.com/pingfederate/13.1/administrators_reference_guide/help_usersessioncreationtasklet_createattributecontractstate.html llms_txt: https://docs.pingidentity.com/pingfederate/llms.txt docs_for_agents: https://developer.pingidentity.com/build-with-ai/docs-for-agents.md revdate: July 5, 2022 section_ids: about-this-task: About this task steps: Steps next-steps: Next steps --- # Defining an attribute contract An attribute contract is the set of user attributes that you and your partner have agreed will be sent in single sign-on (SSO) tokens for this connection. ## About this task You can extend the attribute contract with additional attributes. Optionally, you can configure PingFederate to mask individual extended attributes in its logs. For more information, see [Attribute contracts](../introduction_to_pingfederate/pf_attr_contract.html) and [Attribute masking](../introduction_to_pingfederate/pf_attrib_masking.html). | | | | - | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | | If you are creating or updating a SAML or an OpenID Connect identity provider (IdP) connection, consider using the partner's metadata to do so. If the metadata contains the required information, PingFederate automatically populates the attribute contract for you. | ## Steps 1. On the **Attribute Contract** tab, enter the attribute name in the text box. Attribute names are case-sensitive and must correspond to the attribute names expected by your partner. | | | | - | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | | If you are configuring a SAML connection to an InCommon participant, the assertion might contain attributes such as `urn:oid:0.9.2342.19200300.100.1.3` and `urn:oid:2.5.4.42`, which are standard names under various specifications, such as [RFC4524](https://datatracker.ietf.org/doc/html/rfc4524) and [RFC4519](https://datatracker.ietf.org/doc/html/rfc4519). Learn more in [InCommon Community Organizations](https://incommon.org/community-organizations/). The following table describes a subset of the object IDs (OIDs) referenced by the most common attributes used by InCommon participants.OID value Description 0.9.2342.19200300.100.1.3 mail 1.3.6.1.4.1.5923.1.1.1.1 eduPersonAffiliation 1.3.6.1.4.1.5923.1.1.1.6 eduPersonPrincipalName 1.3.6.1.4.1.5923.1.1.1.7 eduPersonEntitlement 1.3.6.1.4.1.5923.1.1.1.9 eduPersonScopedAffiliation 1.3.6.1.4.1.5923.1.1.1.10 eduPersonTargetedID 2.5.4.3 cn 2.5.4.4 sn 2.5.4.10 o 2.5.4.42 givenName 2.16.840.1.113730.3.1.241 displayNameFor other attributes, see the metadata from your partner. The `FriendlyName` values, if available, should provide additional information about the attributes. Alternatively, third-party resources such as the [LDAP OID Reference Guide](https://ldap.com/ldap-oid-reference-guide/) might help as well. | 2. (Optional) Select the checkbox under **Mask Values in Log**. 3. Click **Add**. 4. Repeat until all desired attributes are defined. ## Next steps Click **Edit**, **Update**, and **Cancel** to make or undo a change to an item. Click **Delete** and **Undelete** to remove an item or cancel the removal request.