Configuring contract mapping - PingFederate - 11.3

PingFederate Server
bundle
pingfederate-113
ft:publication_title
PingFederate Server
Product_Version_ce
PingFederate 11.3 (Latest)
category
Administrator
Administratorguide
Audience
Capability
ContentType
DeploymentMethod
Guide
Product
Productdocumentation
SingleSignonSSO
Software
SystemAdministrator
pf-113
pingfederate
ContentType_ce
Guide
Guide > Administrator Guide
Product documentation

For each authentication policy contract mapping, configure the sources of its attributes and specify any criteria for issuing the contract.

  1. Go to Authentication > OAuth > Authentication Policy Contract Mapping.
  2. On the Authentication Policy Contract list, click the desired mapping or select the desired mapping from the Authentication Policy Contract list.
    Note:

    If you don't already have an authentication policy contract mapping configured, go to Authentication > Policies > Policy Contracts to configure and save a new contract.

  3. Optional: On the Attribute Sources & User Lookup window, click Add Attribute Source to configure datastore queries.
  4. On the Contract Fulfillment tab, fulfill the selected contract.
    Note:

    If the selected closed-ended path contains more than one authentication source, you have access to attributes obtained successfully from the previous authentication sources along the same path.

    For example, referring to the earlier policy in Applying policy contracts or identity profiles to authentication policies, if you select an authentication policy contract for the PingID (Adapter) > Success result, you can map attributes from the HTML Form Adapter and the PingID Adapter.

    Besides the preceding identity provider (IdP)identity provider (IdP)IdP A service that manages identity information and provides authentication services to relying clients or service providers (SPs) within a federated or distributed network. connection or IdP adapter instance, you can also use the following as the source of fulfillment:

    • Dynamic text
    • Attribute mapping expressions, if enabled
    • Tracked HTTP request parameters, if configured
    • Request context
    • Extended properties, if configured on the Extended Properties window
  5. Optional: On the Issuance Criteria tab, configure conditions to be validated before issuing an authentication policy contract.

    For more information, see Defining issuance criteria for contract or local identity mapping.

  6. On the Summary tab, review your configuration, modify as needed, and then click Done.
  7. On the Policy window, continue with the rest of your policy configuration.