For each authentication policy contract mapping, configure the sources of its attributes and specify any criteria for issuing the contract.
- Go to .
On the Authentication Policy Contract list, click the
desired mapping or select the desired mapping from the Authentication
Policy Contract list.
If you don't already have an authentication policy contract mapping configured, go toto configure and save a new contract.
- Optional: On the Attribute Sources & User Lookup window, click Add Attribute Source to configure datastore queries.
On the Contract Fulfillment tab, fulfill the selected
If the selected closed-ended path contains more than one authentication source, you have access to attributes obtained successfully from the previous authentication sources along the same path.
For example, referring to the earlier policy in Applying policy contracts or identity profiles to authentication policies, if you select an authentication policy contract for the result, you can map attributes from the HTML Form Adapter and the PingID Adapter.
Besides the preceding
identity provider (IdP)connection or IdP adapter instance, you can also use the following as the source of fulfillment: identity provider (IdP) IdP A service that manages identity information and provides authentication services to relying clients or service providers (SPs) within a federated or distributed network.
- Dynamic text
- Attribute mapping expressions, if enabled
- Tracked HTTP request parameters, if configured
- Request context
- Extended properties, if configured on the Extended Properties window
On the Issuance Criteria tab, configure conditions to be
validated before issuing an authentication policy contract.
For more information, see Defining issuance criteria for contract or local identity mapping.
- On the Summary tab, review your configuration, modify as needed, and then click Done.
- On the Policy window, continue with the rest of your policy configuration.