As of PingFederate 10.1, the use of expressions is enabled by default. You can manually disable the use of expressions by editing a configuration file.
When upgrading PingFederate to 10.1 or later, administrative users who were granted the Admin role in the earlier installation are granted the Expression Admin role automatically.
You can disable the use of expressions by setting
to false as described in the following procedure. Also, go to and remove the Expression Admin role from all
Admin users. Doing this will prevent Admin users from entering expressions into
PingFederate if the
evaluateExpressions element is set to true at a
later time. For more information, see Administrative accounts.
If the current configuration contains expressions, disabling the feature causes errors during runtime processing.
Edit the org.sourceid.common.ExpressionManager.xml file,
located in the
If you have a clustered PingFederate environment, edit the configuration file on the console node.
Change the value of the element named
evaluateExpressionsto either true or false and save the file.
<?xml version="1.0" encoding="UTF-8"?> <config xmlns="http://www.sourceid.org/2004/05/config"> <item name="evaluateExpressions">true</item> </config>Note:
The absence of an installed default value does not necessarily disable the use of expressions. You can successfully import configuration archives containing expressions to facilitate backward compatibility when no value is present, and further use of the feature is enabled. The term “silent” is used for this condition in the server log.
If you have a stand-alone PingFederate environment, start or restart
If you are enabling expressions to use for mapping outbound provisioning attributes, you do not need to restart the PingFederate server.
If you have a clustered PingFederate environment:
- Sign on to the PingFederate administrative console.
- From Replicate Configuration. , click
- The Source list under each of the administrative-console contract fulfillment windows
- The Show Advanced Criteria section on the Issuance Criteria window following each of the administrative-console contract fulfillment windows
- The provisioning attribute-mapping window when the Outbound Provisioning protocol is enabled