PingOne

Value settings

Value settings enable you to define a data type for an authorization attribute or service and an optional default value for an attribute.

For information about adding value settings to an attribute, see Adding value settings to an attribute.

Default value

You can define a default value to provide an attribute with a value when it can’t otherwise be resolved. This is optional. For example, with the following value settings, a risk level attribute resolves to the default value NO_THREAT under conditions in which it doesn’t resolve to another value.

Screen capture showing the Default Value check box, a default value of NO_THREAT, and the Type field set to String in attribute Value Settings.

An attribute with a default value and no resolvers acts as a constant that always resolves to the fixed default value.

Data type

The data type constrains the set of allowable attribute or service values and provides a predictable model for value processing and other data transformations.

The main data types for input and output data are String and JSON. All data types have conversions to and from a canonical string representation. You must use processors to convert other formats, such as date and time representations.

Data type mismatches can be a common source of errors during attribute and service testing. Check for data type inconsistencies when you are building and testing the Trust Framework.

Attributes and services can have the following data types.

Data type Description

Boolean

A simple true or false (case insensitive):

  • True can be represented in textual form, such as in default values or decision request parameters, as true, yes, or 1.

  • False can be represented by false, no, or 0.

In value processing contexts, such as SpEL expressions, the value is a java.lang.Boolean instance.

Collection

An ordered collection of other value types.

Only valid value types as described here can be members of collections. JSON-formatted arrays are valid textual representations of collections.

In value processing contexts, a collection is a java.util.Collection. However, the objects contained are of an internal type.

Use only the get() method to retrieve items by zero-based integer index.

To ensure a collection resolves successfully if it’s empty, set the Default value to open and closing brackets: [].

Date

A date, such as 23 April 2020. The textual representation is ISO-8601, for example, 2020-04-23.

In value processing contexts, the value is a java.time.LocalDate.

Date values can be converted to the following types:

  • Date Time: The time component becomes 00:00:00.

  • Zoned Date Time: The time zone is assumed to be UTC.

Date Time

A date and time of day, such as 4:15 pm and 30 seconds on 23 April 2020. The maximum resolution is microseconds. For example, 2020-04-23T16:15:30 or 2020-04-23T16:15:30.783239. The textual representation is ISO-8601.

In value processing contexts, the value is a java.time.LocalDateTime.

Date Time values can be converted to the following types:

  • Date or Time: Dropping the appropriate information in each case.

  • Zoned Date Time: The time zone is assumed to be UTC.

Duration

A time duration expressible in seconds or a fraction of seconds. The textual representation is ISO-8601, for example:

  • PT3H for 3 hours

  • PT2M45.836S for 2 minutes and 45.836 seconds

In value processing contexts, the value is a java.time.Duration.

Duration values can’t be converted to other types.

JSON

A JSON document. This is useful for bringing data into and out of the decision point. This is the only attribute type subject to JSON Path value processors. The textual representation is JSON.

In value processing contexts, the value is a java.util.Map or java.util.Collection.

Optionally, you can define a valid JSON Schema for an attribute and generate attributes based on the schema. For example:

Screen capture showing an example JSON schema in attribute Value Settings.

If the schema changes, you must update it manually in any generated child attributes.

Only simple JSON property definitions are supported. Complex object definitions, such as collections, are not supported. Limitations for the type keyword are as follows:

  • Define the type keyword as a string. Arrays are not supported.

  • PingOne Authorize recognizes the following types: string, number, integer, object, array, boolean.

    Define the keyword with a single type only. Multiple types and complex types are not supported.

  • PingOne Authorize maps JSON property types to the following attribute types:

    • JSON type string is mapped to attribute type String.

    • JSON types number and integer are mapped to attribute type Number.

    • JSON type object is mapped to attribute type JSON.

    • JSON type array is mapped to attribute type String.

      PingOne Authorize treats an array type value as an untyped object. You can’t generate child attributes for this type.

    • JSON type boolean is mapped to attribute type Boolean.

Number

A numeric value. Decimal integers and real numbers are supported, including scientific notation.

In value processing contexts, the value is a java.math.BigDecimal instance.

Period

A time period expressible in calendar units, such as a number of days or months. The textual representation is ISO-8601, for example:

  • P9Y for 9 years

  • P3M2D for 3 months and 2 days

In value processing contexts, the value is a java.time.Period.

Period values can’t be converted to other types.

String

Data that is not one of the other types is interpreted as UTF-8 text, stored internally as UTF-16.

In value processing contexts, these values are java.lang.String.

Time

A time of day, such as 4:15 pm and 30 seconds. The maximum resolution is microsecond. For example, 16:15:30, 16:15:30.783, and 16:15:30.783239 are all valid. The textual representation is ISO-8601.

In value processing contexts, the value is a java.time.LocalTime.

Time values can’t be converted to other types.

XML

An XML document. This is useful for bringing data into and out of the decision point. This is the only data type subject to XPath value processors. The textual representation is XML.

In value processing contexts, the value is an org.w3c.Document.

Zoned Date Time

A date and time of day with a time zone expressed as an offset from UTC. The textual representation is ISO-8601, for example, 2020-04-23T16:15:30.783+01:00.

In value processing contexts, the value is a java.time.ZonedDateTime.

Zoned Date Time values can be converted to the following types, dropping information in each case:

  • Date Time

  • Date

  • Time