A protected web application requires that additional attributes be provided once the user is authenticated. Which two steps must the administrator perform to meet this requirement? (Choose 2 answers.)
A.
Request that the token provider update the ID token with the additional attributes.
B.
Update the Identity Mapping.
C.
Update the Site Authenticator.
D.
Request that the token provider update the access token with the additional attributes.
TheWeb Sessionmust be configured to retrieve those attributes from the token provider (OIDC or PingFederate).
TheIdentity Mappingmust be updated to forward those attributes to the application (e.g., as headers).
Exact Extract:
“Web sessions define how user attributes are retrieved from the token provider. Identity mappings determine how those attributes are inserted into requests to applications.”
Option Ais not necessarily required; attributes can be retrieved via userinfo endpoint or access token, not only ID tokens.
Option Bis correct — Identity Mappings must be updated to pass attributes to the app.
Option Cis incorrect — Site Authenticators define how PingAccess authenticates to apps, not attribute handling.
Option Dis incorrect unless the architecture specifically requires access token updates; PingAccess often uses the Web Session to fetch attributes.
Option Eis correct — Web Session must be updated to retrieve additional attributes.
[Reference:PingAccess Administration Guide –Web Sessions and Identity Mapping, ]
Contribute your Thoughts:
Chosen Answer:
This is a voting comment (?). You can switch to a simple comment. It is better to Upvote an existing comment if you don't have anything to add.
Submit