PingOne

Generating an attribute

About this task

Generate attributes to extract JSON schema properties from parent attributes. As example data, consider the following JSON passed in a decision request. The JSON represents a user in an external identity store.

{
"Id": "my-id",
"Ip": "217.145.198.92",
"Name": "John Smith"
}

You’ll create a parent attribute that stores the user information, then generate child attributes that extract properties.

Steps

  1. Add an attribute that stores a JSON schema:

    1. On the Attributes tab, click the icon and select Add new attribute, then enter a name for the attribute, such as External User.

    2. To define where the attribute pulls information from, click Resolvers, and then click Add Resolver.

    3. In the Resolver type list, select Request Parameter.

      Screen capture showing the External User attribute with a Request Parameter resolver.

    4. In the Value Settings section, select JSON in the Type list.

    5. Use an online JSON schema generator to generate a schema for the example JSON that represents the external user.

      Example:

      {
  "$schema": "http://json-schema.org/draft-04/schema#",
  "type": "object",
  "properties": {
    "Id": {
      "type": "string"
    },
    "Ip": {
      "type": "string"
    },
    "Name": {
      "type": "string"
    }
  },
  "required": [
    "Id",
    "Ip",
    "Name"
  ]
}

    6. Copy the resulting schema and enter it in the JSON Schema field.

      Screen capture showing the resulting JSON Schema in the attribute’s Value Settings section.

      To edit large JSON objects more effectively, open the code editor by clicking Rich text editor button..

    7. Click Save Changes.

  2. Generate attributes based on the defined JSON schema.

    For example purposes, you’ll generate attributes for PingOne Protect connector service inputs.

    1. Add a connector service forPingOne Risk. Enter a name, such as External User Risk, and then select the service type, and connector types.

    2. In the Inputs section, click Switch to Attribute button next to User ID, and then click the Select an attribute list.

    3. Expand the External User parent attribute and select the Id property.

      If an attribute hasn’t been generated for a property yet, the property is grayed out. When you select a property, PingOne Authorize adds an attribute that resolves against the parent attribute and a processor that extracts the property.

      Screen capture showing External User attribute properties in the expanded Select an Attribute list.

    4. For User Type, enter EXTERNAL.

    5. For IP Address, select the External User → Ip property to generate an attribute.

    6. Click Save changes.

      Generated attributes are nested under the parent attribute on the Attributes tab.

      Screen capture showing generated Id and Ip attributes nested under the External User attribute on the Attributes tab

      The generated attributes resolve against their parent attribute, as shown in the following image.

      Screen capture showing the parent attribute resolver and JSON path processor for the Id attribute.