PingOne

Editing an OIDC resource

You can define the global attribute mappings and scopes for the OpenID Connect resource. These mappings are inherited by all OIDC applications by default. Applications can override the inherited global attributes with custom attributes that you want included during runtime. Learn more in Customizing OIDC attributes for an application.

Steps

  1. Go to Applications → Resources.

  2. Click the OpenID Connect entry to open the details panel.

  3. On the Attributes tab, click the Pencil icon.

  4. Review the OIDC attributes and their mapping to PingOne attributes.

    • To add an attribute, click the Add button. Enter an OIDC attribute and the desired PingOne mapping. Click the gears icon to use advanced expressions. Learn more in Using the expression builder.

    • To delete an attribute, click its Deleteicon.

      Attributes with a blue background are part of the OIDC specification. You cannot delete the default attributes, but you can map them to new attributes in PingOne. PingOne will ignore an attribute if the PingOne mapping is blank.

  5. Select the delivery method:

    • ID token. The attribute is delivered to the application in the ID token.

    • UserInfo. The attribute is delivered to the application from the UserInfo endpoint.

      PingOne enforces an ID token limitation of 25 values for a multivalued attribute. When this occurs, PingOne populates [SIZE_LIMIT_EXCEEDED]as the attribute value.

      Use UserInfo to retrieve the data as needed.

  6. Click the Scopes tab.

    • To add a scope, click Add scope. Enter the Scope Name and Description, and then select Mapped Attributes to assign to the scope.

    • To edit a scope, click the Pencil icon and select Mapped Attributes to assign to the scope.

      Assigning attributes to a scope allows an application to inherit these attributes, if the application has the resource and scope added to it. Learn more in Editing an application - OIDC.

  7. Click Save.