The process of configuring PingFederate to look up attributes in a datastore for attribute-query responses is similar to that used for SSO Attribute Sources and User Lookup. On the Data Store screen, choose a datastore instance for PingFederate to look up attributes.
- Enter a description (and ID if prompted) for the datastore.
-
Select a datastore instance from the Active Data Store
list.
Tip:
If the datastore you want is not shown in the Active Data Store list, click Manage Data Stores to review or add a datastore instance.
-
Depending on the datastore type, the rest of the
setup varies as follows:
Data store type Required tasks JDBC LDAP Other Important:When attribute queries are sent using XASP, use the variable
${SubjectDN}
—rather than${SAML_SUBJECT}
—to retrieve the subject identifier. You may also use any of these DN-parsing variables:${CN}
,${OU}
,${O}
,${L}
,${S}
,${C}
, and${DC}
.If more than one value exists for any of the parsing variables, then they are enumerated. For example, if the Subject DN is:
cn=John Smith,ou=service,ou=employee
then you could use any of these elements in your filter qualifier:
${SubjectDN}=cn=John Smith,ou=service,ou=employee
${ou}=service
${ou1}=employee
For more information about XASP, see Attribute Query and XASP.