PingFederate Server

Configuring IdP adapter contract fulfillment

You can map values into the identity provider (IdP) adapter contract using the Adapter Contract Fulfillment tab.

Steps

  1. Go to Authentication > Integration > IdP Adapters

  2. Click the Instance Name of the existing IdP adapter instance you want to configure.

  3. Go to the Adapter Contract Mapping tab.

    If this is a child instance, select the Override Adapter Contract checkbox to modify the configuration unless you have already selected the override option in the Extended Contract tab, in which case the Override Adapter Contract checkbox is automatically selected.

  4. Click Configure Adapter Contract.

  5. Select a source in the Source list and specify a Value to associate with it.

    The following table provides more information about the Source list and the possible Values.

    Source Description

    Adapter

    Select Adapter to use the attribute value returned by the IdP adapter without customization.

    Context

    Select Context to return specific information from the request.

    Extended Properties

    Select Extended Properties to return extended properties.

    Learn more about defining extended properties in Populating extended property values for IdP connections.

    JDBC, LDAP, or other types of datastores (if configured)

    Select an attribute source when PingFederate should retrieve attribute value from a datastore.

    When you make this selection, the Value list is populated with attributes from your database, directory, or other datastore.

    Applicable only if you have added at least one attribute source on the Attribute Sources & User Lookup tab. Learn more in Defining attribute sources and user lookup.

    Expression (if enabled)

    Select Expression to support complex mapping requirements, such as transforming incoming values into different formats. Additionally, the HTTP request is retrieved as a Java object instead of text. For this reason, select Expression as the source and use OGNL expressions to evaluate and return specific information from the HTTP request.

    Applicable only if you have enabled the use of expressions in PingFederate. Learn more in Attribute mapping expressions.

    No Mapping

    Select No Mapping to ignore the Value field.

    Text

    Select Text to return the value you enter in Value.

    There are many reasons to use a static text value. For example, if the target web application provides a service based on the name of your organization, you can provide the attribute value as a constant.

    You can mix text with references to attributes from the IdP adapter contract by using the ${attribute} syntax.

    You can also enter references to attributes from configured attribute sources by using the ${ds.attr-source-id.attribute} syntax, where attr-source-id is the Attribute Source ID value you entered on Attribute Sources & User Lookup > Data Store, and attribute is an attribute from the datastore. Learn more in Defining attribute sources and user lookup.

    You can reference attribute values in the form of ${attributeName:-defaultValue}. The default value is optional. When specified, it is used at runtime if the attribute value is not available. Do not use ${ and } in the default value.

  6. Repeat these steps until all attributes are configured.

  7. Click Done.