PingAuthorize

Managing Server SDK Extensions

You can create extensions that use the Server SDK to add new functionality to your PingAuthorize Server.

To download the PingAuthorize Server SDK, go to the PingAuthorize downloads page and click the Add-ons tab.

About the Server SDK

Extension bundles are installed from a .zip archive or a file system directory. You can use the manage-extension tool to install or update any extension that is packaged using the extension bundle format. It opens and loads the extension bundle, confirms the correct extension to install, stops the server if necessary, copies the bundle to the server install root, and then restarts the server.

You can only use the manage-extension tool with Java extensions packaged using the extension bundle format. Groovy extensions do not use the extension bundle format. For more information, see the docs/getting-started/java-extensions.html directory in your Server SDK download, which describes the extension bundle format and how to build an extension.

Available types of extensions

Learn more about specific extension types in the docs/getting-started/extension-types.html page in your Server SDK build.

The Server SDK supports the following extensions:

Extensions Description

Access Loggers

Record information about operations processed by the server. This includes information about connections that are established and closed, as well as whenever requests are received from clients or responses are returned to clients.

Access Token Validators

Validate access tokens submitted by client applications for access to protected HTTP resources.

Alert Handlers

Convey alert notifications generated within the server to administrators so they can take appropriate action. Alert notifications report significant errors, warnings, or events that may warrant immediate attention.

Error Loggers

Record information about events occurring in the server, including warning and error conditions, informational messages, and some limited debugging information (although most debugging information is made available through debug loggers rather than error loggers).

HTTP Operation Loggers

Record information about communication performed by HTTP clients, including requests received and responses written.

HTTP Servlet Extensions

Create servlets that perform custom processing in response to requests received from HTTP clients. HTTP Servlet Extensions can customize the paths for which they should be invoked, the set of initialization parameters, the initialization order, and an optional set of filters that may be used in conjunction with the servlet.

Key Manager Providers

Provide access to Java key managers, which you use to obtain access to a certificate that you might need to present to another system. This includes cases where the server is configured to accept connections from secure clients using SSL or StartTLS, as well as when it needs to establish secure connections to other systems with a certificate for client authentication.

Manage Extensions Plugins

Introduce custom processing at various points in the extension bundle installation process while using the manage-extension tool.

You can invoke Manage Extension Plugins in the following contexts:

  • Before any files are copied during a first-time install of the extension bundle

  • After files are copied during a first-time install of the extension bundle

  • Before any files are updated during the update of an installed extension bundle

  • After all files are updated during the update of an installed extension bundle

Monitor Providers

Report information about the state of components within the server, and can be used for health-checking purposes, real-time and historical monitoring, and debugging and troubleshooting. You can use each Monitor Provider instance to generate a single monitor entity, generally with information about a single component of the server.

OAuth Token Handlers

Validate incoming SCIM requests using OAuth 2.0 bearer tokens for authentication. Implementations of this API are responsible for decoding the bearer token and checking it for authenticity and validity.

Plugins

Introduce custom processing at various points in the server life cycle or in interaction with clients. You can use Plugins to alter some content before the server performs other processing on it. For example, you can use pre-parsing Plugins to alter the content of a request read from a client or reject that request with an error.

Policy Decision Loggers

Enable custom logging behavior for policy decision point (PDP) responses. This includes defining custom log formats and destinations, as well as specifying which policy messages to include or exclude from the loggers based on criteria such as the message type or defined key-values. This extension also enables integrations with external logging systems.

Trust Manager Providers

Provide access to Java trust managers, which the server uses to determine whether to trust a certificate presented to it. This includes cases where a client using SSL or StartTLS presents its own certificate to the server, and also when the client needs to establish secure connections with other systems.

Advices

Carry out custom processing directives included in a policy decision result. For example, you can use an advice to add or remove response content.

Store Adapters

Serve as a native interface to a backend datastore. Store Adapters are aggregated into a SCIM Resource Type in the PingAuthorize Server, which supports a SCIM front-end which can be backed by any number and type of native datastores.

Store Adapter Plugins

Perform processing on Store Adapter operations before and after those operations are processed by a Store Adapter.

Token Resource Lookup Methods

Look up the attributes of an access token owner. Using the result of Access Token Validator processing as input, a Token Resource Lookup Method can query a datastore to obtain the token owner’s attributes. These attributes are then made available to policies for making access control decisions.