In this task, you are adding an OGNL expression to the issuance criteria of the corporate adapter. This expression prevents a non-corporate user from being authenticated with a corporate identifier. For more information, see Setting an OGNL expression.

  1. In the PingFederate administrative console, go to Authentication > Integration > IdP Adapters.
  2. Select your corporate adapter instance.
  3. On the Adapter Contract Mapping tab, click Configure Adapter Contract.
  4. On the Issuance Criteria tab, click Show Advanced Criteria.
    Screen capture of the Adapter contract mapping page with the Show advanced criteria button highlighted on the Issuance criteria tab
  5. In the Expression field, enter the following: 
    #allowed=#this.get(“mapped.mail”), #allowed==null?”false”:#this.get(“mapped.mail”).toString().contains(“<corporate email domain>”)
  6. In the Error Result field, enter your desired error message.
    Note:

    The error message displays if the user's mapped attribute from the adapter is not consistent with the string contained in your OGNL expression. This indicates a failure to authenticate the user as an employee.