You can fulfill the token generator contract by using only the attributes from the incoming SAML token or by using these attributes to look up additional information from a local data store.
For token generation, you can query local data stores to help fulfill the token generator contract, in conjunction with attribute values supplied by the incoming token.
The values supplied by the token are shown in the Attribute Contract section on the Attribute Retrieval tab.
On the Token Generator Mapping & User Lookup tab, click
Map New Token Generator Instance.
The Token Generator Mapping & User Lookup configuration window opens.
On the Attribute Retrieval tab, select how you want to
fulfill the token generator contract for an instance.
- If the incoming SAML token contains all the attributes that your application requires, select Use only the attributes available in the incoming token.
- To set up a data store query, select Use the incoming token to look up additional information and then follow a series of sub tasks to complete the configuration.
For step-by-step instructions, see Choosing a datastore.Note:
If you are editing a currently mapped token generator instance, you can change the mapping method, which might require additional configuration changes in subsequent tasks.