Defining an attribute contract for the OAuth assertion grant - PingFederate - 11.0

PingFederate Server

bundle
pingfederate-110
ft:publication_title
PingFederate Server
Product_Version_ce
PingFederate 11.0
category
Product
pf-110
pingfederate
ContentType_ce

An attribute contract is a set of user attributes the IdP sends in the SAML assertions or JWTs for this connection. You identity these attributes on the OAuth Assertion Grant Attribute Mapping > Attribute Contract window.

TOKEN_SUBJECT represents the name identifier of the user for whom the access token is being requested, the SAML_SUBJECT attribute in SAML assertions and the sub claim in JWTs.

Optionally, you can mask the values of attributes (other than TOKEN_SUBJECT) in the log files that PingFederate writes when it receives security tokens.

  • To add an attribute, follow these steps:
    1. Enter the attribute name in the text box.
      Attribute names are case-sensitive and must correspond to the attribute names expected by your partner.
    2. Select the check box under Mask Values in Log.
    3. Click Add.
  • To modify an attribute name or masking selection, follow these steps:
    1. Click Edit under Action for the attribute.
    2. Make the change and click Update.
      Note:

      If you change your mind, ensure that you click Cancel under Action.

  • To delete an attribute, click Delete under Action for the attribute.