Configuring request policy contract fulfillment - PingFederate - 10.3

PingFederate Server

bundle
pingfederate-103
ft:publication_title
PingFederate Server
Product_Version_ce
PingFederate 10.3
category
Product
pf-103
pingfederate
ContentType_ce

You can fulfill the request policy contract in PingFederate.

On the Contract Fulfillment tab, fulfill the request policy contract with values from the original identity hint, datastores, dynamic text values, or attribute mapping expressions (if enabled).

This contract is used to map into the OAuth grant (the USER_KEY attribute), the Client Initiated Back channel Authentication (CIBA) authenticator (attributes vary depending on the authenticator), and the user code Password Credential Validator (PCV) (the USER_CODE_USER_NAME attribute). The USER_CODE_USER_NAME attribute is shown only if a PCV instance is selected on the Manage Policy window.

  1. Select a source from the Source list.

    For more information about the Source list, see the following table.

    Source Description
    Context Select Context to return specific information from the request.
    JDBC, LDAP, or other types of datastores (if configured) Select an attribute source when PingFederate should retrieve attribute value from a datastore.

    When you make this selection, the list under Value is populated with attributes from your database, directory, or other datastore.

    Applicable only if you have added at least one attribute source on the Attribute Sources & User Lookup window. For more information, see Configuring attribute sources and user lookup for request policy contract.

    Request Select Request to use the attribute value PingFederate found in the CIBA request without customization.
    Expression (if enabled) Supports complex mapping requirements, such as transforming incoming values into different formats. Additionally, the HTTP request is retrieved as a Java object rather than text. Therefore, select Expression as the source and use OGNL expressions to evaluate and return specific information from the HTTP request.

    Applicable only if you have enabled the use of expressions in PingFederate. For more information, see Attribute mapping expressions.

    No Mapping Select No Mapping to ignore the Value field, making value selection unnecessary.
    Text Select Text to return the value you entered under Value.

    You might use a static text value if the target web application provides a service based on the name of your organization. You can provide the attribute value as a constant.

    You can mix text with references to attributes from the identity provider (IdP) adapter contract by using the ${<attribute>} syntax.

    You can also enter references to attributes from configured attribute sources by using the ${ds.<attr-source-id>.<attribute>} syntax, where <attr-source-id> is the Attribute Source ID value you entered on the Attribute Sources & User Lookup > Data Store tab and <attribute> is an attribute from datastore.

  2. Specify a value associated with the selected source.
  3. Repeat these steps until all attributes are configured.
  4. Click Next.