PingDirectory

Configuring bearer token authentication

Configure an access token validator.

About this task

You can configure the Consent Service to use a single validator.

Steps

  • Configure an access token validator using dsconfig.

    Example:

    This example shows an access token validator configured on a PingDirectory server for a PingFederate server.

    $ bin/dsconfig create-external-server \
  --server-name PingFederate \
  --type http \
  --set base-url:https://my-ping-federate-server:1443/
    $ bin/dsconfig create-access-token-validator \
  --validator-name "PingFederate Token Validator" \
  --type ping-federate \
  --set enabled:true \
  --set "identity-mapper:User ID Exact Match" \
  --set authorization-server:PingFederate \
  --set client-id:id \
  --set client-secret:secret

  • Optional: If more than one access token validator is configured on a PingDirectory server, you can configure the Consent Service to use a single validator with the following command.

    Example:

    $ bin/dsconfig set-http-servlet-extension-prop \
  --extension-name Consent \
  --set "access-token-validator:PingFederate Token Validator"