On the Mapping Method tab, you can select if and how PingFederate should query local datastores to help fulfill the attribute contract in conjunction with attribute values from the authentication source.
To determine whether you need to look up additional values, compare the attribute contract against the adapter contract or the authentication policy contract. If the attribute contract requires more information, you must determine whether local datastores can supply it.
Alternatively, you can configure datastore queries as part of the fulfillment configuration for the applicable identity provider (IdP) adapter contract or authentication policy contract. If so, you do not need to set up datastore query on the connection level.
For more information, see Defining the IdP adapter contract or Applying policy contracts or identity profiles to authentication policies.
- For initial steps to configure IdP adapter instances, see Mapping an adapter instance.
On the Mapping Method tab, select one of the following
Mapping method Description Retrieve additional attributes from multiple data stores using one mapping Select to configure one or more datastores to look up attributes for a single mapping. Retrieve additional attributes from a data store Select to define alternate datastores to look up attributes and a failsafe mapping configuration.Note:
When this option is selected, the token authorization framework, through issuance criteria, does not apply. For more information, see Token authorization and Selecting an attribute mapping method.
Use only the adapter contract values in the SAML assertion Select if you do not require connection-level datastore query.
Click Next to save changes and proceed to the next tab.
If you opted to require datastore queries, see Configuring attribute sources and user lookup. If not, see Configuring contract fulfillment for IdP Browser SSO.