Selecting attribute sources (SAML 2.0) - PingFederate - 10.3

PingFederate Server

bundle
pingfederate-103
ft:publication_title
PingFederate Server
Product_Version_ce
PingFederate 10.3
category
Product
pf-103
pingfederate
ContentType_ce

For SAML 2.0 connections, the server can be configured to use only assertion attributes for user provisioning, or to retrieve more attributes from the identity provider (IdP) in a follow-on attribute query transaction.

The User Attributes tab displays the attributes expected in the assertion from this IdP.

Screen capture of the User Attributes tab.
Note:

The attribute query is a SAML 2.0 profile. For OpenID Connect, SAML 1.x, and WS-Federation connections, this tab is not presented. PingFederate uses only attributes from the assertion for user provisioning.

If you and your IdP partner have agreed to use the Attribute Query profile for provisioning, select that option before leaving this tab.

You configure the attribute query profile later in the task flow.