In this task, you are adding an OGNL expression to the issuance criteria of the corporate adapter. This expression prevents a non-corporate user from being authenticated with a corporate identifier. For more information, see Setting an OGNL expression.
- In the PingFederate administrative console, go to .
- Select your corporate adapter instance.
- On the Adapter Contract Mapping tab, click Configure Adapter Contract.
On the Issuance Criteria tab, click Show
In the Expression field, enter the following:
#allowed=#this.get(“mapped.mail”), #allowed==null?”false”:#this.get(“mapped.mail”).toString().contains(“<corporate email domain>”)
In the Error Result field, enter your desired error
The error message displays if the user's mapped attribute from the adapter is not consistent with the string contained in your OGNL expression. This indicates a failure to authenticate the user as an employee.