In concert with the attribute contract between partners, adapter contracts specify the transfer of attributes. Adapter contracts consist of a list of case-sensitive attribute names.

On the identity provider (IdP) side of a federation, an IdP adapter supplies attributes to PingFederate for more information, see Bundled adapters and authenticators and Managing IdP adapters.

On the service provider (SP) side, adapters require adapter contract attributes to start a session with an application. Each security domain requires at least one adapter type. Then, you must configure an adapter instance for each target application. For more information, see Managing SP adapters.

Attributes from the attribute contract fulfill the adapter contracts on the SP side, possibly enhanced with other attributes from local data stores. For example, if the same security context controls several target applications and provides the same set of attributes to start a session for the user, you would deploy an adapter type and configure an adapter instance for each protected application. For more information, see Managing target session mappings.

Extended adapter contract

When PingFederate deploys an adapter type, it creates adapter contracts. Developing these adapters "hard-wires" them to look up or set a specific set of attributes. Attribute requirements might change after deployment. To streamline adjustment of adapter contracts, PingFederate allows an administrator to add additional attributes to the adapter instance through the administrative console, called extended adapter contracts.