From the Failsafe Attribute Source window, you can enable the failsafe mapping or stop the single sign-on (SSO) transaction when all attribute sources fail to return values for any reason.
When a datastore is configured and the attribute mappings under Attribute Sources & User Lookup fail to complete the attribute contract in a service provider (SP) connection, you can choose to configure a set of failsafe Attribute Contract Fulfillment mappings. For example, you might configure a set of attributes to identify the SSO subject as a guest user at the SP.
The Failsafe Attribute Source window does not appear if you have selected the Retrieve additional attributes from multiple data stores using one mapping option on the Mapping Method window.
The attribute contract is fulfilled using either the mapping configured under Attribute Sources & User Lookup or the failsafe mapping, not both. In other words, you cannot use the failsafe mapping to fill in missing attributes when some are found with the datastore mapping setup but others are not.
The failsafe mapping is used only when all of the mappings configured in the datastore setup fail to return values for any reason. If any mapping succeeds (an attribute mapped to text, for example), failover does not occur.
Alternatively, you can have PingFederate stop the SSO transaction. This choice depends on your agreement with the SP.
- To enable the failsafe mapping, select Send user to SP using default list of attributes, and then map or enter the desired values on the Attribute Contract Fulfillment window.
- To stop the SSO transaction, select Abort the SSO transaction.