Advanced prompt customizations allow for complex and programmatic attribute mappings. These customizations can require coordinated changes in several locations.
Overview
- PingOne Template Variable Name
-
Allows you to define an attribute name.
When the authenticator passes this attribute to PingOne, it becomes available to use as a variable in the PingOne notification template. For example, the attribute
purchaseTotal
populates the variable${purchaseTotal}
. - PingOne Template Variable Value
-
Allows you combine or manipulate a variety of inputs to create a dynamic value for the attribute.
You can use Apache Velocity Template Language code in this field. For more information on working with Velocity Template Language, see Velocity Template Language in the Apache documentation.
This field is the core of the advanced prompt customizations. The sections below describe the various inputs that you can use in this field.
- PingOne notification templates
- Use the variables that you define in the PingOne Template Variable Name field.
- PingOne CIBA MFA Authenticator Extended
Contract tab
- Add any CIBA request policy attributes that you use in the PingOne Template Variable Value field.
- PingFederate CIBA request policy
- Modify the Contract Fulfillment tab to provide the request policy attributes that you use in the PingOne Template Variable Value field.
The sections below describe the types of inputs and techniques that you can use in the PingOne Template Variable Value field. The examples show the coordinating changes that you need to make.
Contract attributes from the CIBA request policy
If your CIBA request policy includes valuable contract attributes that you want to include in the CIBA prompt, you can include the attributes in the PingOne Template Variable Value field.
To make an attribute available in the PingOne Template Variable Value field, add it on the Extended Contract tab of the authenticator configuration.
If your CIBA request policy does not already include an attribute that you want to use, configure it on the Contract Fulfillment tab of your CIBA request policy.
- In the PingOne notification template, use this
variable:
${purchaseSummary}
- In the PingOne MFA CIBA Authenticator, in the PingOne Template
Variables table:
- In the PingOne Template Variable Name field,
enter:
purchaseSummary
- In the PingOne Template Variable Name field,
enter:
The purchase total for $subject is: $sum $currency.
- In the PingOne Template Variable Name field,
enter:
- In the PingOne MFA CIBA Authenticator, on the Extended
Contract tab, add:
sum
currency
Note: Thesubject
attribute is in the core contract and does not need to be added.
- In the PingFederate CIBA Request Policy, on the Contract
Fulfillment tab, map values for the following contract
attributes:
sum
currency
subject
The purchase total for jsmith is: $40 USD.
Language pack messages
Use the $languagePackMessages
attribute to include a message from
the language-pack file configured for this authenticator. The authenticator includes
the message from the language-pack file that matches the user's locale.
- In the PingOne notification template, use this
variable:
${localizedTransferWarning}
- In the PingOne MFA CIBA Authenticator, in the PingOne Template
Variables table:
- In the PingOne Template Variable Name field,
enter:
localizedTransferWarning
- In the PingOne Template Variable Name field,
enter:
$languagePackMessages.getMessage(“transfer.warning”).
- In the PingOne Template Variable Name field,
enter:
Advertencia: transferencia de dinero iniciada
Modified request context attributes
You can use any attributes contained within the
$oobAuthRequestContext
sent by the client to PingFederate.
- $locale – The user's locale which represents the user's country and language.
- $requestedScope – The descriptive scope name
requested by the client, such as "Email address access". Multiple scopes are
separated with a new line (
\n
). - $requestingApplicationId – ID of the requesting client.
- $requestingApplicationName – Name of the requesting client.
- $requestingApplicationLogoUrl – Logo image URL of the requesting client.
- $authUserBindingMessage – A human-readable message or number intended to be displayed on both the consumption device and authenticating device to provide a visual cue of the interaction to the user.
For detailed information about what is available in
$oobAuthRequestContext
, see Class OOBAuthRequestContext in the PingFederate SDK
documentation (Javadoc).
- In the PingOne notification template, use this
variable:
${commaDelimitedScopes}
- In the PingOne MFA CIBA Authenticator, in the PingOne Template
Variables table:
- In the PingOne Template Variable Name field,
enter:
commaDelimitedScopes
- In the PingOne Template Variable Name field,
enter:
#set( $delimiter = "")#foreach($scope in $oobAuthRequestContext.requestedScope.values())$delimiter$scope#set( $delimiter = ", ")#end.
- In the PingOne Template Variable Name field,
enter:
Email address access, Phone number access