PingOne Advanced Identity Cloud

IdP attribute mapper

Use an IdP attribute mapper script to map user-configured attributes to SAML attributes in the generated SAML assertion.

The default implementation retrieves the mapped attribute values from the user profile first. If the attribute values are missing from the user’s profile, then PingOne Advanced Identity Cloud attempts to retrieve them from the user’s session.

Learn about IdP attribute mapper scripts from the following resources:

Demonstrate an IdP attribute mapper

Before you try the example, configure single sign-on using SAML v2.0 with PingOne Advanced Identity Cloud as the hosted IdP.

The following example modifies the SAML attributes in the assertion returned by the IdP:

Create the script

  1. In the Advanced Identity Cloud admin UI, create a script of type SAML2 IDP Attribute Mapper.

  2. In the JavaScript field, paste the template saml2-idp-attribute-mapper.js script.

  3. Insert the following lines just before return attributes; around line 150 to return a custom static attribute:

    var customSet = new java.util.HashSet();
    customSet.add("test");
    attributes.add(
      idpAttributeMapperScriptHelper.createSAMLAttribute(
        "customSAMLAttribute", null, customSet));
  4. Save your changes and close the editor.

Configure the IdP

  1. Under Native Consoles > Access Management, go to Applications > Federation > Entity Providers > Hosted IDP Name > Assertion Processing.

  2. In the Attribute Mapper Script field, select your script.

  3. Save your changes.

Test the script

  1. Perform a SAML v2.0 flow.

  2. Verify the AttributeStatement element in the SAML assertion contains the custom attribute:

    <saml:AttributeStatement>
      <saml:Attribute Name="customSAMLAttribute">
        <saml:AttributeValue
          xmlns:xs="http://www.w3.org/2001/XMLSchema"
          xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
          xsi:type="xs:string"
        >test</saml:AttributeValue>
      </saml:Attribute>
    </saml:AttributeStatement>
Copyright © 2010-2024 ForgeRock, all rights reserved.