In some cases, you might want to extend contracts of the Password Credential Validator instance. For example, you might use extended attributes to map into a USER_KEY for an OAuth persistent grant configuration.

This capability allows the validator to return attribute values pertaining to the authenticated users from PingOne® Directory, a directory server, or a RADIUS server.

Tip:

If you are configuring an HTML Form Adapter instance with an instance of the LDAP Username Password Credential Validator, extend the contract of the adapter by the same attribute names in order for the credential validator to pass extended attribute values to the HTML Form Adapter instance.

Tip:

If you are configuring the HTML Form Adapter instance with an instance of the RADIUS Username Password Credential Validator, you only need to extend the contract of the HTML Form Adapter instance itself.

Vendor specific RADIUS attributes can be made available by extending the RADIUS attribute dictionary. Copy the vendor-specific attribute dictionaries into the pingfederate/server/default/conf/radius directory. The format of the dictionaries must use the FreeRADIUS dictionary syntax (freeradius.org/radiusd/man/dictionary.html). Then edit the existing dictionary file to include each of them.

  • Optional: On the Extended Contract screen, enter an attribute name and click Add.
    Use the Edit, Update, and Cancel workflow to make or undo a change to an existing attribute. Click Delete to remove an existing attribute.