An attribute contract is a set of user attributes the IdP sends in the SAML assertions or JWTs for this connection. You identity these attributes on thewindow.
TOKEN_SUBJECT represents the name identifier of the user for whom the access token is being requested, the SAML_SUBJECT attribute in SAML assertions and the sub claim in JWTs.
Optionally, you can mask the values of attributes (other than TOKEN_SUBJECT) in the log files that PingFederate writes when it receives security tokens.
To add an attribute, follow these steps:
Enter the attribute name in the text box.
Attribute names are case-sensitive and must correspond to the attribute names expected by your partner.
- Select the check box under Mask Values in Log.
- Click Add.
- Enter the attribute name in the text box.
To modify an attribute name or masking selection, follow these steps:
- Click Edit under Action for the attribute.
Make the change and click Update.
If you change your mind, ensure that you click Cancel under Action.
- To delete an attribute, click Delete under Action for the attribute.