PingFederate Server

Configuring attribute sources and user lookup for token creation

Specify a series of local data stores from which data, along with the attributes supplied in the incoming token, will be used to fulfill the attribute contract.

About this task

Attribute sources are specific data store or directory locations containing information that might be needed for the attribute contract. They are used to retrieve supplemental attributes. You can use more than one attribute source when mapping values to the attribute contract. The order matters and affects the queries differently. For example, if you plan on using the result of a query as an input to a subsequent query, stack your attribute sources accordingly.

If you are editing a currently mapped token processor instance, you can add, remove, or reorder attribute sources, which might require additional configuration changes in subsequent tasks.

Steps

  1. In the IdP Token Processor Mapping window, click the Attribute Sources & User Lookup tab.

    +

The Attribute Sources & User Lookup tab is only visible if you selected the Retrieve Additional Attributes from Data Stores to Fulfill the Attribute Contract option on the Attribute Retrieval tab. For more information, see Selecting an attribute retrieval method for token creation.

  1. Click Add Attribute Source.

    Result:

    The Attribute Sources & User Lookup window configuration opens.

  2. On the Data Store tab, choose a data store for PingFederate to look up attributes.

  3. Enter a description in the Attribute Source Description field and a source ID in the Attribute Source ID field, if prompted, for the data store.

  4. From the Active Data Store list, select a data store instance.

    If the data store you want is not shown in the Active Data Store list, click Manage Data Stores to review or add a data store instance.

  5. Depending on the data store type, the rest of the setup varies as follows.

    +

Data store type Required tasks

JDBC

Specifying database tables and columns Entering a database search filter

LDAP

Specifying directory properties and attributes Defining encoding for binary attributes (optional) ** Entering a directory search filter

Other

** Specifying data source filters and fields

  1. Repeat steps 2 - 6 as needed.

  2. Click Save to exit the Attribute Sources & User Lookup window configuration.