Configuring an AWS DynamoDB datastore
Set up an Amazon Web Services (AWS) DynamoDB so that PingFederate can store user attributes in the DynamoDB NoSQL database.
Before you begin
Ensure that your server is configured to access DynamoDB. For more information on how to configure your server to access DynamoDB, see Setting up DynamoDB (web service) in the AWS DynamoDB documentation.
About this task
DynamoDB’s NoSQL nature allows for flexible schema design and horizontal scalability, accommodating varying attribute types and high volumes of user data. DynamoDB’s robust security and reliability features help ensure the confidentiality and integrity of stored user attributes.
To create a DynamoDB datasource and map local attribute names to DynamoDB document paths:
Steps
-
Go to System → Data & Credential Stores → Data Stores.
-
In the Data Stores window, click Add New Data Store.
-
On the Data Store Type tab, enter a name for the datastore.
-
Optional: To mask attribute values returned from this datastore in PingFederate logs, select the Mask Values in Log check box.
-
In the Type list, select AWS DynamoDB.
-
Click Next.
-
In the Configure Data Store Instance window, configure your AWS DynamoDB connection.
-
In the Attributes field, define the list of attributes that you want the datastore to return when performing a lookup.
For information about each field, see the following table.
Field Description Local Attribute
The attribute names that are populated in drop-down menus during contract mapping.
DynamoDB Attributes
Specifies document path, the DynamoDB-specific syntax that identifies where precisely in the record an attribute is located. For more information, see .aws.amazon.com/amazondynamodb/latest/developerguide/Expressions.Attributes.html//[Document paths] in the AWS DynamoDB documentation.
Table Name
The name of the DynamoDB table.
Allow Multi-value Attributes
When selected, a DynamoDB query that returns multiple records will result in multi-valued attributes. Otherwise, only the first record returned from the query is used. This check box is selected by default.
API Call Timeout
The amount of time in milliseconds to allow the client to complete the execution of the API call. The default value is 10000.
API Call Attempt Timeout
The amount of time in milliseconds to wait for the HTTP request to complete before giving up and timing out. The default value is 1000.
Mask Values in Log
Determines whether all attribute values returned through this datastore should be masked in PingFederate logs. These values are only applicable when editing an existing data store.
-
Click Next.
-
Click Test Connection to determine whether the administrative node can query the specified DynamoDB table.
Datastore validation is not enabled during configuration, which lets you configure datastores without requiring a successful connection between the administrative node and the AWS DynamoDB. You can also save the datastore even if the connection is not currently successful.
Next steps
See Specifying filters and fields for an AWS DynamoDB datastore to continue setting up your DynamoDB datasource and map local attribute names to DynamoDB document paths.