Configuring mapping fulfillment for Attribute Query
The last step in configuring an attribute source is to map values into the assertion to be sent in response to an attribute query on the Attribute Mapping Fulfillment tab.
Before you begin
For prerequisites and previous steps to configure the Attribute Query profile, see Configuring the Attribute Query profile in an SP connection.
Steps
-
For each attribute, select a source from the Source list and then choose or enter a value.
-
Context
When selected, the Value list populates with the available context of the transaction. Select the desired context from the list. At runtime, the context value is mapped to the value of the attribute in the SSO token.
If you are configuring an SP connection to bridge one or more identity providers to a service provider, consider mapping the original issuer of the assertions into an attribute by selecting Context as the source and Authenticating Authority as the value. This is important when bridging multiple identity providers to one service provider, where the service provider should take the information about the original issuer into consideration before granting access to protected resources.
For more information, see Bridging multiple IdPs to an SP.
Because the HTTP Request context value is retrieved as a Java object rather than text, use OGNL expressions to evaluate and return values (see Expression).
-
LDAP/JDBC/Other (when a datastore is used)
Values are returned from your datastore (if used). When you make this selection, the Value list is populated by the attributes from the datastore.
-
Expression (when enabled)
This option provides more complex mapping capabilities—for example, transforming incoming values into different formats (see Attribute mapping expressions). All of the variables available for text entries (see below) are also available for expressions.
-
No Mapping
Select this option to ignore the Value field, causing no value selection to be necessary.
-
Text
This can be text only, or you can mix text with references to any of the values from your user-datastore using this syntax:
${ds.attr-source-id.attribute}
where
attr-source-id
is the Attribute Source ID value (see Choosing a datastore for Attribute Query) andattribute
is any of the datastore attributes you have selected.There are a variety of reasons why you might hard code a text value. For example, if your SP’s web application provides a service based on your company’s name, you might provide that attribute value as a constant.
You can reference attribute values in the form of
${attributeName:-defaultValue}
. The default value is optional. When specified, it is used at runtime if the attribute value is not available. Do not use${
and}
in the default value. -
-
Click Next to save changes.