Adding OAuth Groovy script rules - PingAccess - 7.2

PingAccess
bundle
pingaccess-72
ft:publication_title
PingAccess
Product_Version_ce
PingAccess 7.2
category
Product
pa-72
pingaccess
ContentType_ce

Add an OAuth Groovy script rule to determine whether to grant access to a target site based on the results returned from a Groovy script that evaluates request details and OAuth details.

Adding an OAuthOAuth A standard framework that enables an application (OAuth client) to obtain access tokens from an OAuth authorization server for the purpose of retrieving protected resources on a resource server. Groovy script rule allows you to create more sophisticated OAuth scope and OAuth attribute value rules for APIapplication programming interface (API) A specification of interactions available for building software to access an application or service. applications.

Info:

Since the regular Groovy rule and the OAuth Groovy rule differ in the scope of their functionality, the relevant rules are tagged for Web App or for API, respectively, in the rules list.

  1. Click Access and then go to Rules > Rules.
  2. Click + Add Rule.
  3. In the Name field, enter a unique name, up to 64 characters long.

    Special characters and spaces are allowed.

  4. From the Type list, select OAuth Groovy Script (for API).
  5. In the Groovy Script field, enter the Groovy script to use for rule evaluation.

    To create an OAuth scope rule that matches more than one scope, you might include the hasScopes("access","portfolio") matcher in your Groovy script.

    Note:

    Groovy script rules must end execution with a matcher instance. For more information, see Matcher usage reference.

  6. Optional: To configure rejection handling, click Show Advanced Settings, then select a rejection handling method.
    • If you select Default, use the Rejection Handler list to select an existing rejection handler that defines whether to display an error template or redirect to a URL.
    • If you select Basic, you can customize an error message to display as part of the default error page rendered in the end user's browser if rule evaluation fails. This page is among the templates you can modify with your own branding or other information. If you select Basic, provide the following:
      1. In the Error Response Code field, enter the HTTP status response code to send if rule evaluation fails.

        The default is 403.

      2. In the Error Response Status Message field, enter the HTTP status response message to send if rule evaluation fails.

        The default is Forbidden.

      3. In the Error Response Template File field, enter the HTML template page for customizing the error message that displays if rule evaluation fails. This template file is located in the <PA_HOME>/conf/template/ directory.
      4. From the Error Response Content Type list, select the type of content for the error response.

        This lets the client properly display the response.

  7. Click Save.