PingDirectory

Configuring bearer token authentication

Configure an access token validator.

About this task

You can configure the Consent Service to use a single validator.

Steps

  • Configure an access token validator using dsconfig.

    Example:

    This example shows an access token validator configured on a PingDirectory server for a PingFederate server.

    $ bin/dsconfig create-external-server \
      --server-name PingFederate \
      --type http \
      --set base-url:https://my-ping-federate-server:1443/
    $ bin/dsconfig create-access-token-validator \
      --validator-name "PingFederate Token Validator" \
      --type ping-federate \
      --set enabled:true \
      --set "identity-mapper:User ID Exact Match" \
      --set authorization-server:PingFederate \
      --set client-id:id \
      --set client-secret:secret
  • Optional: If more than one access token validator is configured on a PingDirectory server, you can configure the Consent Service to use a single validator with the following command.

    Example:

    $ bin/dsconfig set-http-servlet-extension-prop \
      --extension-name Consent \
      --set "access-token-validator:PingFederate Token Validator"