Managing Server SDK Extensions
You can create extensions that use the Server SDK to add new functionality to your PingAuthorize Server.
To download the PingAuthorize Server SDK, go to the PingAuthorize downloads page and click the Add-ons tab.
About the Server SDK
Extension bundles are installed from a .zip
archive or a file system directory. You can use the manage-extension
tool to install or update any extension that is packaged using the extension bundle format. It opens and loads the extension bundle, confirms the correct extension to install, stops the server if necessary, copies the bundle to the server install root, and then restarts the server.
You can only use the |
Available types of extensions
Learn more about specific extension types in the docs/getting-started/extension-types.html
page in your Server SDK build.
The Server SDK supports the following extensions:
Extensions | Description |
---|---|
Access Loggers |
Record information about operations processed by the server. This includes information about connections that are established and closed, as well as whenever requests are received from clients or responses are returned to clients. |
Access Token Validators |
Validate access tokens submitted by client applications for access to protected HTTP resources. |
Alert Handlers |
Convey alert notifications generated within the server to administrators so they can take appropriate action. Alert notifications report significant errors, warnings, or events that may warrant immediate attention. |
Error Loggers |
Record information about events occurring in the server, including warning and error conditions, informational messages, and some limited debugging information (although most debugging information is made available through debug loggers rather than error loggers). |
HTTP Operation Loggers |
Record information about communication performed by HTTP clients, including requests received and responses written. |
HTTP Servlet Extensions |
Create servlets that perform custom processing in response to requests received from HTTP clients. HTTP Servlet Extensions can customize the paths for which they should be invoked, the set of initialization parameters, the initialization order, and an optional set of filters that may be used in conjunction with the servlet. |
Key Manager Providers |
Provide access to Java key managers, which you use to obtain access to a certificate that you might need to present to another system. This includes cases where the server is configured to accept connections from secure clients using SSL or StartTLS, as well as when it needs to establish secure connections to other systems with a certificate for client authentication. |
Manage Extensions Plugins |
Introduce custom processing at various points in the extension bundle installation process while using the You can invoke Manage Extension Plugins in the following contexts:
|
Monitor Providers |
Report information about the state of components within the server, and can be used for health-checking purposes, real-time and historical monitoring, and debugging and troubleshooting. You can use each Monitor Provider instance to generate a single monitor entity, generally with information about a single component of the server. |
OAuth Token Handlers |
Validate incoming SCIM requests using OAuth 2.0 bearer tokens for authentication. Implementations of this API are responsible for decoding the bearer token and checking it for authenticity and validity. |
Plugins |
Introduce custom processing at various points in the server life cycle or in interaction with clients. You can use Plugins to alter some content before the server performs other processing on it. For example, you can use pre-parsing Plugins to alter the content of a request read from a client or reject that request with an error. |
Policy Decision Loggers |
Enable custom logging behavior for policy decision point (PDP) responses. This includes defining custom log formats and destinations, as well as specifying which policy messages to include or exclude from the loggers based on criteria such as the message type or defined key-values. This extension also enables integrations with external logging systems. |
Trust Manager Providers |
Provide access to Java trust managers, which the server uses to determine whether to trust a certificate presented to it. This includes cases where a client using SSL or StartTLS presents its own certificate to the server, and also when the client needs to establish secure connections with other systems. |
Advices |
Carry out custom processing directives included in a policy decision result. For example, you can use an advice to add or remove response content. |
Store Adapters |
Serve as a native interface to a backend datastore. Store Adapters are aggregated into a SCIM Resource Type in the PingAuthorize Server, which supports a SCIM front-end which can be backed by any number and type of native datastores. |
Store Adapter Plugins |
Perform processing on Store Adapter operations before and after those operations are processed by a Store Adapter. |
Token Resource Lookup Methods |
Look up the attributes of an access token owner. Using the result of Access Token Validator processing as input, a Token Resource Lookup Method can query a datastore to obtain the token owner’s attributes. These attributes are then made available to policies for making access control decisions. |