On the Contract Fulfillment screen map attributes from the access token or other sources to fulfill the attribute contract.
Values are returned from the context of the transaction at runtime.Note:
The HTTP Request context value is retrieved as a Java object rather than text. For this reason, OGNL expressions are more appropriate to evaluate and return values.
Select Expression under Source and then click Edit to enter an expression.
(If the Expression selection is not available, you may enable it by editing the org.sourceid.common.ExpressionManager.xml file in the <pf_install>/pingfederate/server/default/data/config-store directory.)
- Extended Client Metadata
Values are returned from the client record.
- LDAP/JDBC/Other (when a datastore is used)
Values are returned from your datastore (if used). When you make this selection, the Value list is populated by the attributes from the datastore.
- Expression (when enabled)
This option provides more complex mapping capabilities; for example, transforming incoming values into different formats. All of the variables available for text entries are also available for expressions.
- No Mapping
Select this option to ignore the Value field, causing no value selection to be necessary.
The value is what you enter. This can be text only, or you can mix text with references to the unique user ID returned from the credentials validator, using the syntax
You can also enter values from your datastore, when applicable, using this syntax:
attributeis any of the datastore attributes you have selected.
- Access Token
The value is provided from the access token.
- Persistent Grant
This option enables direct mapping from the grant to the ID Token and to user information attributes.
- Choose a source and then choose (or enter) a value for each attribute in the contract.
- Click Next.