If a datastore uses results from previous queries as input, and if the previous queries return no result, PingFederate records a warning message in the server log and continues with the request by querying the next datastore in the attribute source setup.
This default behavior applies to all lookup configurations using multiple datastores in one mapping. For more information, see Attribute mapping with multiple data sources.
If you prefer PingFederate to abort the request immediately, which is the default behavior of many earlier versions of PingFederate, you can override the behavior by modifying a configuration file. Like the default behavior, this override also applies to all lookup configurations using multiple datastores in one mapping.
Edit the org.sourceid.saml20.domain.AttributeMapping.xml
file, located in the
If this file does not exist, you must create it.
To override the default behavior, change the value of the
AbortOnAttrLookupFailure element from
false, the default value, to
The following is an example of a modified org.sourceid.saml20.domain.AttributeMapping.xml file.
<?xml version="1.0" encoding="UTF-8"?> <c:config xmlns:c="http://www.sourceid.org/2004/05/config"> <c:item name="AbortOnAttrLookupFailure">true</c:item> </c:config>Note:For a clustered PingFederate environment, perform these steps on the console node, and then click Replicate Configuration on .
Removing the org.sourceid.saml20.domain.AttributeMapping.xml file from the <pf_install>/pingfederate/server/default/data/config-store directory also has the same effect as setting the value of the AbortOnAttrLookupFailure element to
Expected result when this override is set
If a datastore uses results from previous queries as input, and if the previous queries return no result, PingFederate records an error message in the server log, aborts the request immediately, and returns an error message to the user, the application, or the partner.