Defining encoding for binary attributes - PingFederate - 11.1

PingFederate Server

bundle
pingfederate-111
ft:publication_title
PingFederate Server
Product_Version_ce
PingFederate 11.1
category
Administrator
Audience
Capability
DeploymentMethod
Product
SingleSignonSSO
Software
SystemAdministrator
pf-111
pingfederate
ContentType_ce

Use the LDAP Binary Attribute Encoding Types window to specify an encoding type to apply during fulfillment.

The LDAP Binary Attribute Encoding Types window appears when at least one attribute is configured as such in the datastore. Because you cannot use binary attribute data in an assertion to the service provider (SP), you must specify the encoding type that you want to apply during fulfillment. The available choices are Base64, Hex, and SID.

Note:

Defining encoding for binary attributes is only applicable to identity provider (IdP) and IdP-to-SP bridging use cases.

To set an encoding type, select a value from the Attribute Encoding Type list.

Repeat this step for each binary attribute.

Examples

Microsoft Office 365 relies on an immutable Active Directory binary attribute associated with user accounts (objectGUID), and requires this binary data to be Base64-encoded to correlate provisioned federated user data to Active Directory accounts. Select Base64 from the Attribute Encoding Type list.

Claims-based authentication with Microsoft Outlook Web App and Exchange admin center (EAC) requires tokenGroups (another binary attribute in Active Directory) to be SID-encoded. Select SID from the Attribute Encoding Type list.