PingFederate Server

Choosing a datastore for Attribute Query

On the Data Store tab, choose a datastore instance for PingFederate to look up attributes.

Before you begin

For prerequisites and previous steps to configure the Attribute Query profile, see Configuring the Attribute Query profile in an SP connection.

About this task

The process of configuring PingFederate to look up attributes in a datastore for attribute-query responses is similar to that used for single sign-on (SSO) Attribute Sources and User Lookup.

Steps

  1. Enter a Description for the datastore in the text box.

    1. If prompted, enter anID in the text box.

  2. Select a datastore instance from the Active Data Store list.

    If the datastore you want is not shown in the Active Data Store list, click Manage Data Stores to review or add a datastore instance. For more information, see Datastores.

  3. Depending on the datastore type, the rest of the setup varies as follows.

    Data store type Required tasks

    JDBC

    LDAP

    Other

    When attribute queries are sent using X.509 Attribute Sharing Profile (XASP), use the variable $subjectdn—rather than $saml_subject—to retrieve the subject identifier.

    You can also use any of these distinguished name (DN)-parsing variables:

    • CN

    • OU

    • O

    • L

    • S

    • C

    • DC

    If more than one value exists for any of the parsing variables, then they are enumerated. For example, if the Subject DN is cn=John Smith,ou=service,ou=employee, then you could use any of these elements in your filter qualifier:

    • subjectdn=cn=John Smith,ou=service,ou=employee

    • ou=service

    • ou1=employee

    For more information about XASP, see Attribute Query and XASP.

  4. When you have finished configuring your datastore, click Next to save changes.