Adding OAuth scope rules - PingAccess

Adding OAuth scope rules - PingAccess - 7.2

PingAccess

bundle

pingaccess-72

ft:publication_title

PingAccess

Product_Version_ce

PingAccess 7.2 (Latest)

category

Product

pa-72

pingaccess

ContentType_ce

Page created: 27 Jul 2022 |

Page updated: 6 Feb 2023

| 2 min read

7.2 PingAccess Product IT Administrator Administrator Audience Web Access Management Access security Capability Administration User task Product documentation Content Type OAuth Standards, specifications, and protocols API Access Management API Security

Add an OAuth scope rule to examine the contents of the PingFederate validation response and determine whether to grant access to a backend target site based on a match found between the scopes of the validation response and scope specified in the rule.

For example, a resource might require that the OAuth access token contain the scope superuser.

Click Access and then go to Rules > Rules.
Click + Add Rule.
In the Name field, enter a unique name, up to 64 characters long.

Special characters and spaces are allowed.
From the Type list, select OAuth Scope.
From the Scope list, select the scope you want to match to values returned from the access token.

Info:
This is one scope requirement in the set of scopes associated with the access token.
Select Negate if, when a match is found, access is not allowed.
Optional: To configure rejection handling, click Show Advanced Settings, then select a rejection handling method:
- If you select Default, use the Rejection Handler list to select an existing rejection handler that defines whether to display an error template or redirect to a URL.
- If you select Basic, you can customize an error message to display as part of the default error page rendered in the end user's browser if rule evaluation fails. This page is among the templates you can modify with your own branding or other information. If you select Basic, provide this information:
  1. In the Error Response Code field, enter the HTTP status response code to send if rule evaluation fails. The default is 403.
  2. In the Error Response Status Message field, enter the HTTP status response message to send if rule evaluation fails. The default is Forbidden.
  3. In the Error Response Template File field, enter the HTML template page for customizing the error message that displays if rule evaluation fails. This template file is located in the <PA_HOME>/conf/template/ directory.
  4. From the Error Response Content Type list, select the type of content for the error response. This lets the client properly display the response.
If you select Basic, you can customize an error message to display as part of the default error page rendered in the end-user's browser if rule evaluation fails. This page is among the templates you can modify with your own branding or other information. If you select Basic, provide this information:
Click Save.