Configuring a JWT Token Processor 2.0 instance
The PingFederate Security Token Service (STS) provides validation for any JSON Web Token (JWT).
Before you begin
Use the Type tab on the Create Token Processor Instance window to begin configuring a JWT token processor 2.0 instance. See Selecting a token processor type.
About this task
The following procedure describes how to use the Instance Configuration tab on the Create Token Processor Instance window to continue configuring a JWT token processor 2.0 instance.
This feature supports the OAuth 2.0 Token Exchange and WS Trust specifications. JWT token processor 2.0 offers more functions than does JWT token processor 1.2.
Screenshot of the Instance Configuration tab for a JWT token processor 2.0
Steps
-
On the Create Token Processor Instance window, go to the Instance Configuration tab.
-
Specify one or more Allowed Issuers and a JWKS or JWKS URL for each allowed issuer.
PingFederate uses the JWKS or JWKS URL to get the validation keys for the issuer.
-
Specify one or more Allowed Audiences.
This setting is optional unless you select the Require Audience check box.
-
Specify which of the following token claims are required:
-
Audience (
aud
) -
Expiration time (
exp
) -
Issued at time (
iat
) -
Not before time (
nbf
)
By default, the
aud
andexp
claims are required, and theiat
andnbf
claims are not required. -
-
Optional: Click Show Advanced Fields and change the default value for any of the following settings:
-
Default Cache Configuration, which sets the number of minutes to cache the JWKS
This feature affects JWKS caching only when you specify a JWKS URL for an Allowed Issuer and the JWKS URL response doesn’t indicate a cache time. This feature doesn’t apply when you specify a JWKS for an allowed issuer.
-
Allowed Clock Skew for
exp
andnbf
claims -
Max Future Validity, which limits the lifetime of the token
-
-
Click Save.
Next steps
After selecting the token processor type, go to the Extended Contract tab to continue configuring the token processor instance. See Extending a token processor contract.