Defining an attribute contract for the OAuth assertion grant
About this task
An attribute contract is a set of user attributes the IdP sends in the SAML assertions or JWTs for this connection. You identity these attributes on the OAuth Assertion Grant Attribute Mapping → Attribute Contract window.
TOKEN_SUBJECT
represents the name identifier of the user for whom the access token is being requested, the SAML_SUBJECT
attribute in SAML assertions and the sub
claim in JWTs.
Optionally, you can mask the values of attributes (other than TOKEN_SUBJECT
) in the log files that PingFederate writes when it receives security tokens.
Steps
-
To add an attribute, follow these steps:
-
Enter the attribute name in the text box.
Attribute names are case-sensitive and must correspond to the attribute names expected by your partner.
-
Select the check box under Mask Values in Log.
-
Click Add.
-
-
To modify an attribute name or masking selection, follow these steps:
-
Click Edit under Action for the attribute.
-
Make the change and click Update.
If you change your mind, ensure that you click Cancel under Action.
-
-
To delete an attribute, click Delete under Action for the attribute.