PingFederate Server

Configuring authentication policy adapter mappings

Authentication policy adapter mappings allow administrators to map attributes from an authentication policy contract directly to a service provider (SP) adapter instance.

Steps

  1. Go to Applications → Integration → Policy Contract Adapter Mappings.

  2. From the Source Instance list, select the applicable authentication policy contract from the .

  3. From the Target Instance list, select the SP adapter instance integrated with your target application.

  4. Click Add Mapping.

  5. Follow the Applications → Integration → Adapter-to-Adapter Mappings wizard to create the mapping.

    1. Optional: On the Attribute Sources & User Lookup tab, click Add Attribute Source to configure datastore queries to fulfill the SP adapter contract.

      Queries are executed in the order they are displayed on the Attribute Sources & User Lookup tab. Use the up and down arrows as needed to adjust the order.

      If a required attribute cannot be fulfilled, such as the user identifier of an adapter, the request fails. For more information, see Fulfillment by datastore queries.

    2. On the Adapter Contract Fulfillment tab, select a source and an attribute to fulfill the SP adapter contract.

      Select Authentication Policy Contract from the Source list to map directly from the policy contract to the SP adapter contract or another choice to fulfill the SP adapter contract through datastore queries, dynamic texts, or results from OGNL expression

    3. Optional: On the Default Target URL tab, specify a default target URL for this mapping configuration.

    4. Optional: On the Issuance Criteria tab, configure conditions to be validated before issuing an SP adapter contract. For more information, see Define issuance criteria for adapter mapping.

    5. On the Adapter-to-Adapter Mapping Summary tab, review the configuration and modify as needed. When complete, click Done.

  6. On the Adapter-to-Adapter Mappings window, click Save.