Starting with PingFederate 8.1, if a datastore uses results from previous queries as input, and if the previous queries return no result, PingFederate records a warning message in the server log and continues with the request by querying the next datastore in the attribute source setup. This default behavior applies to all lookup configurations using multiple datastores in one mapping (see Attribute mapping with multiple data sources).

If you prefer PingFederate to abort the request immediately, which is the default behavior of PingFederate 8.0 and earlier versions, you can override the behavior by modifying a configuration file. Like the default behavior, this override also applies to all lookup configurations using multiple datastores in one mapping.

  1. Edit the org.sourceid.saml20.domain.AttributeMapping.xml file, located in the <pf_install>/pingfederate/server/default/data/config-store directory.

    Create this file if it does not exist.

  2. To override the default behavior, change the value of the AbortOnAttrLookupFailure element from false (the default value) to true.

    An example of a modified org.sourceid.saml20.domain.AttributeMapping.xml file:

    <?xml version="1.0" encoding="UTF-8"?>
    <c:config xmlns:c="http://www.sourceid.org/2004/05/config">
        <c:item name="AbortOnAttrLookupFailure">true</c:item>
    </c:config>
    Note:

    Removing the org.sourceid.saml20.domain.AttributeMapping.xml file from <pf_install>/pingfederate/server/default/data/config-store directory also has the same effect as setting the value of the AbortOnAttrLookupFailure element to true.

    For a clustered PingFederate environment, perform these steps on the console node, and then click Replicate Configuration on the System > Cluster Management screen.

Expected result when this override is set

If a datastore uses results from previous queries as input, and if the previous queries return no result, PingFederate records an error message in the server log, abort the request immediately, and returns an error message to the user, the application, or the partner.