The process of configuring PingFederate to look up attributes in a datastore for attribute-query responses is similar to that used for SSO Attribute Sources and User Lookup. On the Data Store screen, choose a datastore instance for PingFederate to look up attributes.

  1. Enter a description (and ID if prompted) for the datastore.
  2. Select a datastore instance from the Active Data Store list.
    Tip:

    If the datastore you want is not shown in the Active Data Store list, click Manage Data Stores to review or add a datastore instance.

  3. Depending on the datastore type, the rest of the setup varies as follows:
    Important:

    When attribute queries are sent using XASP, use the variable ${SubjectDN}—rather than ${SAML_SUBJECT}—to retrieve the subject identifier. You may also use any of these DN-parsing variables: ${CN}, ${OU}, ${O}, ${L}, ${S}, ${C}, and ${DC}.

    If more than one value exists for any of the parsing variables, then they are enumerated. For example, if the Subject DN is:

    cn=John Smith,ou=service,ou=employee

    then you could use any of these elements in your filter qualifier:

    ${SubjectDN}=cn=John Smith,ou=service,ou=employee

    ${ou}=service

    ${ou1}=employee

    For more information about XASP, see Attribute Query and XASP.