PingAccess

Adding access token validators

Add an access token validator to verify signed or encrypted access tokens in PingAccess.

Steps

  1. Click Access and then go to Token Validation → Access Token Validators.

  2. Click Add Access Token Validator.

  3. In the Name field, enter a name for the token validator.

  4. From the Type list, select the type of key you want to validate.

    The type of key is specified in the token provider configuration.

    For more information about configuring PingFederate, see Configure JSON token management.

  5. Optional: In the Description field, enter a description for the token validator.

  6. In the Path field, specify the endpoint path used to verify the signature.

    This entry must start with a forward slash (/), and must not end with a forward slash (/). Host and port are derived from PingFederate token provider configuration. A query string is permitted in the path.

  7. Optional: In the Subject Attribute Name field, enter the attribute expected as the subject.

    If the specified subject attribute name is not present in the token, validation will fail.

  8. Optional: In the Issuer field, enter the expected value of the issuer to include in the access token.

    If configured, and the value is not present in the token, validation will fail.

  9. Optional: In the Audience field, specify the audience value to include in the access token.

    If configured, and the value is not present in the token, validation will fail.

  10. Click Save.