PingOne

Extracting data from PingFederate

Extract data collected from PingFederate through the simple and advanced parameter mappings to use in a PingAM journey (tree).

Steps

  1. Create a script to extract data coming from PingFederate into the PingAM journey that you specified in the adapter settings:

    1. In the PingAM administrative console, go to the realm that the journey is in, then go to Scripts and click New Script.

    2. In the Name field, give the script a meaningful name.

    3. In the Description field, give the script a meaningful description.

    4. In the Script Type list, select Decision node script for authentication trees.

    5. In the Language section, select JavaScript.

    6. In the Evaluator Version section, confirm that the value is Legacy.

    7. In the Script field, enter the following sample code.

      Use this script as a starting point. In this example, the data sent from PingFederate is configured with the Parameter Name appName.

      		 
      /*
- Data made available by nodes that have already executed are available in the sharedState variable.
- The script should set outcome to either "true" or "false".
*/

var fr = JavaImporter(org.forgerock.openam.auth.node.api.Action);

var pfApplicationName = nodeState.get("appName").asString();

logger.error("The PingFederate application name passed in is {}", pfApplicationName);

//for each attribute, add the 'putSessionProperty' method
action = fr.Action.goTo("true").putSessionProperty("am.pf.appName", pfApplicationName)
.build();

outcome = "true";

    8. Click Validate.

  2. Use the script in the authentication journey:

    1. Go to Authentication > Trees and open the journey that’s being used in the adapter.

    2. Drag the Scripted Decision node onto the journey.

    3. Select the Scripted Decision node and give the node a meaningful name.

    4. In the Script list, select the script that you created in the previous step.

    5. In the Outcomes field, enter true. Press Enter.

    6. Connect the True outcome of the DataStore Decision node to the Scripted Decision node.

    7. Connect the True outcome of the Scripted Decision node to the Success node.

    8. Click Save.

  3. Add the properties that the script sets in the session to the allow list:

    1. In the PingAM administrative console, go to Services.

    2. Add or edit the Session Property Whitelist Service. To add this service:

      1. Click Add a Service.

      2. In the Choose a service type list, search for Session Property Whitelist Service and select it in the list.

    3. On the Session Property Whitelist Service page, in the Allowlisted Session Property Names field, add the properties that you set in the script:

      For example:

      • am.pf.appName

    4. Click Save Changes.

  4. Test the user journey.