- Sign on to PingFederate and go to Authentication > Authorization > IdP Connections. Click Create Connection.
- On the Connection Type tab, select the Browser SSO check box, and in the Protocol list, select SAML 2.0. Click Next.
- On the Connection Options tab, select the Browser SSO check box. Click Next.
- On the General Info tab, in the Issuer field, enter https://api.login.yahoo.com.
- In the Client ID and Client Secret fields, enter the values copied earlier from your Yahoo OIDC app.
- Click Load Metadata. Click Next.
- On the Extended Properties tab, click Next.
- On the Browser SSO tab, click Configure Browser SSO.
- On the User Session Creation tab, click Configure User-Session Creation.
- On the Identity Mapping tab, select Account Mapping. Click Next.
- On the Attribute Contract tab, leave the default values selected. Click Next.
- On the Target Session Mapping tab, click Map New Adapter Instance.
- On the Adapter Instance tab, in the Adapter Instance list, select Open Token adapter. Click Next.
- On the Attribute Data Store tab, leave the default values selected. Click Next.
-
On the Adapter Contract Fulfillment tab, map the values
as follows. Click Next.
Attribute Source Value givenName
Provider Claims
given_name
mail
Provider Claims
email
sn
Provider Claims
family_name
subject
Provider Claims
sub
- On the Issuance Criteria tab, click Next.
- On the Summary tab, review your entries and click Done.
- On the User Session Creation tab, click Next.
- On the Protocol Settings tab, click Configure Protocol Settings.
- On the OpenID Provider Info tab, review the information and click Next.
- On the Overrides tab, enter a Default Target URL. Click Next.
- On the Summary tab, review your entries and click Done.
- On the Protocol Settings tab, click Next.
- On the Summary tab, review your entries and click Done.
- On the Activation and Summary tab, click the toggle to activate the connection. Click Save.