Creating the OIDC policy - PingFederate - 12.0
PingFederate Server
- bundle
- pingfederate-120
- ft:publication_title
- PingFederate Server
- Product_Version_ce
- PingFederate 12.0
- category
- Administrator
- Administratorguide
- Audience
- Capability
- ContentType
- DeploymentMethod
- Guide
- Product
- Productdocumentation
- SingleSignonSSO
- Software
- SystemAdministrator
- pf-120
- pingfederate
- ContentType_ce
- Guide > Administrator Guide
- Guide
- Product documentation
-
Go to .
-
Click Add Policy.
-
On the Manage Policy tab:
-
In the Policy ID field, enter the policy
identifier.
-
In the Name field, enter the policy name.
-
In the Access Token Manager menu, select your
JWT access token manager.
-
Click Next.
-
On the Attribute Contract tab, add the
admin_role
, iss
, and
memberOf
attribute contracts.
-
In the Extend the Contract field, enter
admin_role, and click
Add.
-
Repeat step a. to add the iss and
memberOf attributes.
-
Click the Edit action for
admin_role
. Select the Override Default
Delivery and ID Token check
boxes, then click the Update action.
-
Repeat step c for
iss
, selecting the ID
Token check box, and for memberOf
,
selecting the UserInfo check box.
-
Click Next.
-
On the Attribute Scopes tab, add the
admin_role
and iss
attributes to the
openid scope and the memberOf
attribute to the profile
scope.
-
In the Scope menu, select
openid. Select the
admin_role
attribute's check box, and click
Add. The iss
attribute
should already be selected.
-
In the Scope menu, select
profile. Select the
memberOf
attribute's check box, and click Add.
-
Click Next.
-
On the Attribute Sources & User Lookup tab, click
Next.
-
On the Contract Fulfillment tab, select a
Source and a Value to map into
the
admin_role
, iss
,
memberOf
, and sub
items in the
Attribute Contract list.
-
For the
admin_role
attribute contract, select
Access Token in the
Source menu and
admin_role in the
Value menu.
-
For the
iss
attribute contract, select
Access Token in the
Source menu and iss in
the Value menu.
-
For the
memberOf
attribute contract, select
Access Token in the
Source menu and
memberOf in the Value
menu.
-
For the
sub
attribute contract, select
Access Token in the
Source menu and sub in
the Value menu.
-
Click Next.
-
On the Issuance Criteria tab, click
Next.
-
On the Summary tab, review your configuration. Click
Save.