On the Data Store tab, choose a datastore instance for PingFederate to look up attributes.
The process of configuring PingFederate to look up attributes in a datastore for attribute-query responses is similar to that used for single sign-on (SSO) Attribute Sources and User Lookup.
-
Enter a Description for the datastore in the text box.
- If prompted, enter an ID in the text box.
-
Select a datastore instance from the Active Data Store
list.
Tip:
If the datastore you want is not shown in the Active Data Store list, click Manage Data Stores to review or add a datastore instance. For more information, see Datastores.
-
Depending on the datastore type, the rest of the setup varies as follows.
Data store type Required tasks JDBC LDAP Other Important:When attribute queries are sent using X.509 Attribute Sharing Profile (XASP), use the variable
${SubjectDN}
—rather than${SAML_SUBJECT}
—to retrieve the subject identifier.You can also use any of these distinguished name (DN)-parsing variables:${CN}
${OU}
${O}
${L}
${S}
${C}
${DC}
If more than one value exists for any of the parsing variables, then they are enumerated. For example, if the Subject DN is
cn=John Smith,ou=service,ou=employee
, then you could use any of these elements in your filter qualifier:${SubjectDN}=cn=John Smith,ou=service,ou=employee
${ou}=service
${ou1}=employee
For more information about XASP, see Attribute Query and XASP.
- When you have finished configuring your datastore, click Next to save changes.