Use the PUT /idp/adapters/{{idpAdapterId}} endpoint to update an IdP adapter instance. If the IdP adapter is not properly configured, a 422 status code is returned along with a list of validation errors that must be corrected.

Path parameters

Parameter Value Description
idpAdapterId string(required) ID of IdP adapter instance.

Status codes

Code Reason
200 Adapter updated.
400 The request was improperly formatted or contained invalid fields.
403 PingFederate does not have its IdP role enabled. Operation not available.
404 Resource not found.
422 Validation error(s) occurred.

IdpAdapter - An IdP adapter instance.

Property Type Description
attributeContract IdpAdapterAttributeContract The list of attributes that the IdP adapter provides.
attributeMapping IdpAdapterContractMapping The attributes mapping from attribute sources to attribute targets.
authnCtxClassRef string The fixed value that indicates how the user was authenticated.
configuration * PluginConfiguration Plugin instance configuration.
id * string The ID of the plugin instance. The ID cannot be modified once the instance is created.
Note: Ignored when specifying a connection’s adapter override.
name * string The plugin instance name. The name cannot be modified once the instance is created.
Note: Ignored when specifying a connection’s adapter override.
parentRef ResourceLink The reference to this plugin’s parent instance. The parent reference is only accepted if the plugin type supports parent instances.
Note: This parent reference is required if this plugin instance is used as an overriding plugin (e.g. connection adapter overrides)
pluginDescriptorRef * ResourceLink Reference to the plugin descriptor for this instance. The plugin descriptor cannot be modified once the instance is created.
Note: Ignored when specifying a connection’s adapter override.

ResourceLink - A reference to a resource.

Property Type Description
id * string The ID of the resource.
location string A read-only URL that references the resource. If the resource is not currently URL-accessible, this property will be null.

PluginConfiguration - Configuration settings for a plugin instance.

Property Type Description
fields array[ConfigField] List of configuration fields.
tables array[ConfigTable] List of configuration tables.

ConfigTable - A plugin configuration table populated with values.

Property Type Description
inherited boolean Whether this table is inherited from its parent instance. If true, the rows become read-only. The default value is false.
name * string The name of the table.
rows array[ConfigRow] List of table rows.

ConfigRow - A row of configuration values for a plugin configuration table.

Property Type Description
defaultRow boolean Whether this row is the default.
fields * array[ConfigField] The configuration fields in the row.

ConfigField - A plugin configuration field value.

Property Type Description
encryptedValue string For encrypted or hashed fields, this attribute contains the encrypted representation of the field’s value, if a value is defined. If you do not want to update the stored value, this attribute should be passed back unchanged.
inherited boolean Whether this field is inherited from its parent instance. If true, the value/encrypted value properties become read-only. The default value is false.
name * string The name of the configuration field.
value string The value for the configuration field. For encrypted or hashed fields, GETs will not return this attribute. To update an encrypted or hashed field, specify the new value in this attribute.

IdpAdapterContractMapping -

Property Type Description
attributeContractFulfillment * Map[string, AttributeFulfillmentValue] A list of mappings from attribute names to their fulfillment values.
attributeSources array[AttributeSource] A list of configured data stores to look up attributes from.
inherited boolean Whether this attribute mapping is inherited from its parent instance. If true, the rest of the properties in this model become read-only. The default value is false.
issuanceCriteria IssuanceCriteria The issuance criteria that this transaction must meet before the corresponding attribute contract is fulfilled.

AttributeSource - The configured settings to look up attributes from an associated data store.

Property Type Description
attributeContractFulfillment Map[string, AttributeFulfillmentValue] A list of mappings from attribute names to their fulfillment values. This field is only valid for the SP Connection’s Browser SSO mappings
dataStoreRef * ResourceLink Reference to the associated data store.
description string The description of this attribute source. The description needs to be unique amongst the attribute sources for the mapping.
Note: Required for APC-to-SP Adapter Mappings
id string The ID that defines this attribute source. Only alphanumeric characters allowed.
Note: Required for OpenID Connect policy attribute sources, OAuth IdP adapter mappings, OAuth access token mappings and APC-to-SP Adapter Mappings. IdP Connections will ignore this property since it only allows one attribute source to be defined per mapping. IdP-to-SP Adapter Mappings can contain multiple attribute sources.
type * DataStoreType The data store type of this attribute source.

AttributeFulfillmentValue - Defines how an attribute in an attribute contract should be populated.

Property Type Description
source * SourceTypeIdKey The attribute value source.
value * string The value for this attribute.

SourceTypeIdKey - A key that is meant to reference a source from which an attribute can be retrieved. This model is usually paired with a value which, depending on the SourceType, can be a hardcoded value or a reference to an attribute name specific to that SourceType. Not all values are applicable - a validation error will be returned for incorrect values.
For each SourceType, the value should be:
ACCOUNT_LINK - If account linking was enabled for the browser SSO, the value must be ‘Local User ID’, unless it has been overridden in PingFederate’s server configuration.
ADAPTER - The value is one of the attributes of the IdP Adapter.
ASSERTION - The value is one of the attributes coming from the SAML assertion.
AUTHENTICATION_POLICY_CONTRACT - The value is one of the attributes coming from an authentication policy contract.
LOCAL_IDENTITY_PROFILE - The value is one of the fields coming from a local identity profile.
CONTEXT - The value must be one of the following [‘TargetResource’ or ‘OAuthScopes’ or ‘ClientId’ or ‘AuthenticationCtx’ or ‘ClientIp’ or ‘Locale’ or ‘StsBasicAuthUsername’ or ‘StsSSLClientCertSubjectDN’ or ‘StsSSLClientCertChain’ or ‘VirtualServerId’ or ‘AuthenticatingAuthority’ or ‘DefaultPersistentGrantLifetime’]
CLAIMS - Attributes provided by the OIDC Provider.
CUSTOM_DATA_STORE - The value is one of the attributes returned by this custom data store.
EXPRESSION - The value is an OGNL expression.
EXTENDED_CLIENT_METADATA - The value is from an OAuth extended client metadata parameter. This source type is deprecated and has been replaced by EXTENDED_PROPERTIES.
EXTENDED_PROPERTIES - The value is from an OAuth Client’s extended property.
IDP_CONNECTION - The value is one of the attributes passed in by the IdP connection.
JDBC_DATA_STORE - The value is one of the column names returned from the JDBC attribute source.
LDAP_DATA_STORE - The value is one of the LDAP attributes supported by your LDAP data store.
MAPPED_ATTRIBUTES - The value is the name of one of the mapped attributes that is defined in the associated attribute mapping.
OAUTH_PERSISTENT_GRANT - The value is one of the attributes from the persistent grant.
PASSWORD_CREDENTIAL_VALIDATOR - The value is one of the attributes of the PCV.
NO_MAPPING - A placeholder value to indicate that an attribute currently has no mapped source.TEXT - A hardcoded value that is used to populate the corresponding attribute.
TOKEN - The value is one of the token attributes.
REQUEST - The value is from the request context such as the CIBA identity hint contract or the request contract for Ws-Trust.
TRACKED_HTTP_PARAMS - The value is from the original request parameters.
SUBJECT_TOKEN - The value is one of the OAuth 2.0 Token exchange subject_token attributes.
ACTOR_TOKEN - The value is one of the OAuth 2.0 Token exchange actor_token attributes.
TOKEN_EXCHANGE_PROCESSOR_POLICY - The value is one of the attributes coming from a Token Exchange Processor policy.

Property Type Description
id string The attribute source ID that refers to the attribute source that this key references. In some resources, the ID is optional and will be ignored. In these cases the ID should be omitted. If the source type is not an attribute source then the ID can be omitted.
type * SourceType The source type of this key.

LdapAttributeSource : AttributeSource - The configured settings used to look up attributes from a LDAP data store.

Property Type Description
attributeContractFulfillment Map[string, AttributeFulfillmentValue] A list of mappings from attribute names to their fulfillment values. This field is only valid for the SP Connection’s Browser SSO mappings
baseDn string The base DN to search from. If not specified, the search will start at the LDAP’s root.
binaryAttributeSettings Map[string, BinaryLdapAttributeSettings] The advanced settings for binary LDAP attributes.
dataStoreRef * ResourceLink Reference to the associated data store.
description string The description of this attribute source. The description needs to be unique amongst the attribute sources for the mapping.
Note: Required for APC-to-SP Adapter Mappings
id string The ID that defines this attribute source. Only alphanumeric characters allowed.
Note: Required for OpenID Connect policy attribute sources, OAuth IdP adapter mappings, OAuth access token mappings and APC-to-SP Adapter Mappings. IdP Connections will ignore this property since it only allows one attribute source to be defined per mapping. IdP-to-SP Adapter Mappings can contain multiple attribute sources.
memberOfNestedGroup boolean Set this to true to return transitive group memberships for the ‘memberOf’ attribute. This only applies for Active Directory data sources. All other data sources will be set to false.
searchFilter * string The LDAP filter that will be used to lookup the objects from the directory.
searchScope * LdapSearchScope Determines the node depth of the query.
type * DataStoreType The data store type of this attribute source.

BinaryLdapAttributeSettings - Binary settings for a LDAP attribute.

Property Type Description
binaryEncoding LdapAttrEncodingType Get the encoding type for this attribute. If not specified, the default is BASE64.

CustomAttributeSource : AttributeSource - The configured settings used to look up attributes from a custom data store.

Property Type Description
attributeContractFulfillment Map[string, AttributeFulfillmentValue] A list of mappings from attribute names to their fulfillment values. This field is only valid for the SP Connection’s Browser SSO mappings
dataStoreRef * ResourceLink Reference to the associated data store.
description string The description of this attribute source. The description needs to be unique amongst the attribute sources for the mapping.
Note: Required for APC-to-SP Adapter Mappings
filterFields array[FieldEntry] The list of fields that can be used to filter a request to the custom data store.
id string The ID that defines this attribute source. Only alphanumeric characters allowed.
Note: Required for OpenID Connect policy attribute sources, OAuth IdP adapter mappings, OAuth access token mappings and APC-to-SP Adapter Mappings. IdP Connections will ignore this property since it only allows one attribute source to be defined per mapping. IdP-to-SP Adapter Mappings can contain multiple attribute sources.
type * DataStoreType The data store type of this attribute source.

FieldEntry - A simple name value pair to represent a field entry.

Property Type Description
name * string The name of this field.
value string The value of this field. Whether or not the value is required will be determined by plugin validation checks.

JdbcAttributeSource : AttributeSource - The configured settings used to look up attributes from a JDBC data store.

Property Type Description
attributeContractFulfillment Map[string, AttributeFulfillmentValue] A list of mappings from attribute names to their fulfillment values. This field is only valid for the SP Connection’s Browser SSO mappings
dataStoreRef * ResourceLink Reference to the associated data store.
description string The description of this attribute source. The description needs to be unique amongst the attribute sources for the mapping.
Note: Required for APC-to-SP Adapter Mappings
filter * string The JDBC WHERE clause used to query your data store to locate a user record.
id string The ID that defines this attribute source. Only alphanumeric characters allowed.
Note: Required for OpenID Connect policy attribute sources, OAuth IdP adapter mappings, OAuth access token mappings and APC-to-SP Adapter Mappings. IdP Connections will ignore this property since it only allows one attribute source to be defined per mapping. IdP-to-SP Adapter Mappings can contain multiple attribute sources.
schema string Lists the table structure that stores information within a database. Some databases, such as Oracle, require a schema for a JDBC query. Other databases, such as MySQL, do not require a schema.
table * string The name of the database table. The name is used to construct the SQL query to retrieve data from the data store.
type * DataStoreType The data store type of this attribute source.

IssuanceCriteria - A list of criteria that determines whether a transaction (usually a SSO transaction) is continued. All criteria must pass in order for the transaction to continue.

Property Type Description
conditionalCriteria array[ConditionalIssuanceCriteriaEntry] A list of conditional issuance criteria where existing attributes must satisfy their conditions against expected values in order for the transaction to continue.
expressionCriteria array[ExpressionIssuanceCriteriaEntry] A list of expression issuance criteria where the OGNL expressions must evaluate to true in order for the transaction to continue.

ConditionalIssuanceCriteriaEntry - An issuance criterion that checks a source attribute against a particular condition and the expected value. If the condition is true then this issuance criterion passes, otherwise the criterion fails.

Property Type Description
attributeName * string The name of the attribute to use in this issuance criterion.
condition * ConditionType The condition that will be applied to the source attribute’s value and the expected value.
errorResult string The error result to return if this issuance criterion fails. This error result will show up in the PingFederate server logs.
source * SourceTypeIdKey The source of the attribute.
value * string The expected value of this issuance criterion.

ExpressionIssuanceCriteriaEntry - An issuance criterion that uses a Boolean return value from an OGNL expression to determine whether or not it passes.

Property Type Description
errorResult string The error result to return if this issuance criterion fails. This error result will show up in the PingFederate server logs.
expression * string The OGNL expression to evaluate.

IdpAdapterAttributeContract - A set of attributes exposed by an IdP adapter.

Property Type Description
coreAttributes * array[IdpAdapterAttribute] A list of IdP adapter attributes that correspond to the attributes exposed by the IdP adapter type.
extendedAttributes array[IdpAdapterAttribute] A list of additional attributes that can be returned by the IdP adapter. The extended attributes are only used if the adapter supports them.
inherited boolean Whether this attribute contract is inherited from its parent instance. If true, the rest of the properties in this model become read-only. The default value is false.
maskOgnlValues boolean Whether or not all OGNL expressions used to fulfill an outgoing assertion contract should be masked in the logs. Defaults to false.

IdpAdapterAttribute - An attribute for the IdP adapter attribute contract.

Property Type Description
masked boolean Specifies whether this attribute is masked in PingFederate logs. Defaults to false.
name * string The name of this attribute.
pseudonym boolean Specifies whether this attribute is used to construct a pseudonym for the SP. Defaults to false.