Extending the contract for the credential validator - PingFederate - 10.2

PingFederate Server

PingFederate Server
PingFederate 10.2

You can extend Password Credential Validator (PCV) instance contracts to return attribute values relevant to authenticated users.

In some use cases, you might want to extend the contracts of the PCV instance. For example, you might use extended attributes to map into a USER_KEY for an OAuth persistent grant configuration.

This capability allows the validator to return attribute values pertaining to the authenticated users from PingOne for Enterprise Directory, a directory server, or a RADIUS server.


If you are configuring an HTML Form Adapter instance with an instance of the LDAP Username Password Credential Validator, extend the contract of the adapter by the same attribute names in order for the credential validator to pass extended attribute values to the HTML Form Adapter instance.

If you are configuring the HTML Form Adapter instance with an instance of the RADIUS Username Password Credential Validator, you only need to extend the contract of the HTML Form Adapter instance itself.

  1. Copy the vendor-specific attribute dictionaries into the pingfederate/server/default/conf/radius directory.

    The format of the dictionaries must use the FreeRadius dictionary syntax.

  2. Edit the existing dictionary file to include each of the dictonaries.
  3. Optional: On the Extended Contract tab, enter an attribute name and click Add.

    Click Edit, Update, or Cancel to make or undo a change to an existing entry. Click Delete or Undelete to remove an existing entry or cancel the removal request.