Creating the OIDC policy - PingFederate

Creating the OIDC policy - PingFederate - 11.3

PingFederate Server

bundle

pingfederate-113

ft:publication_title

PingFederate Server

Product_Version_ce

PingFederate 11.3 (Latest)

category

Administrator

Administratorguide

Audience

Capability

ContentType

DeploymentMethod

Guide

Product

Productdocumentation

SingleSignonSSO

Software

SystemAdministrator

pf-113

pingfederate

ContentType_ce

Guide > Administrator Guide

Product documentation

Guide

Page created: 14 Jul 2022 |

Page updated: 6 Feb 2023

| 2 min read

Guide Administrator Guide Content Type Product documentation 11.3 Capability Single Sign-on (SSO) Deployment Method Software Audience Administrator System Administrator Product PingFederate

Go to Applications > OAuth > OpenID Connect Policy Management.
Click Add Policy.
On the Manage Policy tab:
1. In the Policy ID field, enter the policy identifier.
2. In the Name field, enter the policy name.
3. In the Access Token Manager menu, select your JWT access token manager.
4. Click Next.
On the Attribute Contract tab, add the admin_role, iss, and memberOf attribute contracts.
1. In the Extend the Contract field, enter admin_role, and click Add.
2. Repeat step a. to add the iss and memberOf attributes.
3. Click the Edit action for admin_role. Select the Override Default Delivery and ID Token check boxes, then click the Update action.
4. Repeat step c for iss, selecting the ID Token check box, and for memberOf, selecting the UserInfo check box.
5. Click Next.
On the Attribute Scopes tab, add the admin_role and iss attributes to the openid scope and the memberOf attribute to the profile scope.
1. In the Scope menu, select openid. Select the admin_role attribute's check box, and click Add. The iss attribute should already be selected.
2. In the Scope menu, select profile. Select the memberOf attribute's check box, and click Add.
3. Click Next.
On the Attribute Sources & User Lookup tab, click Next.
On the Contract Fulfillment tab, select a Source and a Value to map into the admin_role, iss, memberOf, and sub items in the Attribute Contract list.
1. For the admin_role attribute contract, select Access Token in the Source menu and admin_role in the Value menu.
2. For the iss attribute contract, select Access Token in the Source menu and iss in the Value menu.
3. For the memberOf attribute contract, select Access Token in the Source menu and memberOf in the Value menu.
4. For the sub attribute contract, select Access Token in the Source menu and sub in the Value menu.
5. Click Next.
On the Issuance Criteria tab, click Next.
On the Summary tab, review your configuration. Click Save.