PingAccess

Adding access token validators

Add an access token validator to verify signed or encrypted access tokens in PingAccess.

Steps

  1. Click Access and then go to Token Validation → Access Token Validators.

  2. Click Add Access Token Validator.

  3. In the Name field, enter a name for the token validator.

  4. In the Type list, select the type of key you want to validate.

    The token provider configuration specifies which type of key.

    For more information about configuring PingFederate as the token provider, see Configuring JSON token management.

  5. Optional: In the Description field, enter a description for the token validator.

  6. In the Path field, specify the endpoint path to verify the signature.

    This entry must start with a forward slash (/), and mustn’t end with a forward slash (/). PingFederate token provider configuration informs the host and port. PingAccess permits query strings in the path.

  7. Optional: In the Subject Attribute Name field, enter the attribute expected as the subject.

    If this value is configured and the specified subject attribute name isn’t present in the token, validation fails.

  8. Optional: In the Issuer field, enter the expected value of the issuer to include in the access token.

    If this value is configured and the specified issuer isn’t present in the token, validation fails.

  9. Optional: In the Audience field, specify the audience value to include in the access token.

    If this value is configured and the specified audience isn’t present in the token, validation fails.

  10. If you don’t want to validate access tokens for an audience value, you must select the Skip Audience Validation check box.

  11. Click Save.