Use this configuration to map values obtained from the single sign-on (SSO) tokens into the persistent grants. Persistent grants remain valid until the grant expires or is explicitly revoked.
The USER_KEY attribute is the identifier of the persistent grants. The USER_NAME attribute presents the name shown to the resource owner on OAuth user-facing pages. If extended attributes are defined in , configure a mapping for each attribute. You can optionally set up datastore queries to supplement values returned from the source. This mapping configuration is suitable for the Authorization Code and Implicit grant types.
- Go to Create Connection. and select an existing identity provider (IdP) connection or click
- On the Connection Type tab, select the Browser SSO Profiles check box and the applicable protocol.
On the Connection Options window, select the
Browser SSO check box and then select the OAuth
Attribute Mapping check box.
You can also select other options on the Connection Type and Connection Options tabs. If you do, you will be prompted to complete the required configuration. For simplicity, this topic only focuses on the OAuth Attribute Mapping configuration.
- On the General Info tab, enter the required information.
- On the Browser SSO tab, click Configure Browser SSO and follow the steps to complete the User-Session Creation tab.
On the OAuth Attribute Mapping tab, select the
Map directly into Persistent Grant option, and then click
Configure OAuth Attribute Mapping to continue.
Alternatively, if you have mapped an authentication policy contract (APC) in Map to OAuth via Authentication Policy Contract option, and then select the applicable APC from the list., you can select the