Add an access token validator to verify signed or encrypted access tokens in PingAccess.
- Click Access and then go to Token Validation > Access Token Validators.
- Click + Add Access Token Validator.
- In the Name field, enter a name for the token validator.
-
From the Type list, select the type of key you want to
validate.
The type of key is specified in the token provider configuration.
Note:For more information about configuring PingFederate, see Configure JSON token management.
- Optional: In the Description field, enter a description for the token validator.
-
In the Path field, specify the endpoint path used to
verify the signature.
This entry must start with a forward slash (/), and must not end with a forward slash (/). Host and port are derived from PingFederate token provider configuration. A query string is permitted in the path.
- Optional:
In the Subject Attribute Name field, enter the attribute
expected as the subject.
If the specified subject attribute name is not present in the token, validation will fail.
- Optional:
In the Issuer field, enter the expected value of the
issuer to include in the access token.
If configured, and the value is not present in the token, validation will fail.
- Optional:
In the Audience field, specify the audience value to
include in the access token.
If configured, and the value is not present in the token, validation will fail.
- Click Save.