Configure PingAuthorize Server to search the user store for OAuth token subjects.
-
To configure the PingAuthorize Server to
mock OAuth access token validation, run the dsconfig
create-access-token-validator command.
PingAuthorize/bin/dsconfig create-access-token-validator \ --no-prompt --port 8636 --useSSL --trustAll \ --bindDN "cn=directory manager" \ --bindPassword <your-pingauthorize-password> \ --validator-name "Mock Access Token Validator" \ --type mock --set enabled:true --set subject-claim-name:sub
The Mock Access Token Validator accepts tokens without authenticating them and is used only for demonstration and testing purposes. To use an authorization server like PingFederate, see Access token validators.
-
To configure PingAuthorize Server to
search the user store and retrieve the identity attributes of the OAuth token
subject so the attributes can be evaluated in a policy, run the
dsconfig create-token-resource-lookup-method
command.
PingAuthorize/bin/dsconfig create-token-resource-lookup-method \ --no-prompt --port 8636 --useSSL --trustAll \ --bindDN "cn=directory manager" \ --bindPassword <your-pingauthorize-password> \ --validator-name "Mock Access Token Validator" \ --method-name "User by uid" \ --type 'scim' \ --set scim-resource-type:Users \ --set 'match-filter:uid eq "%_subject_claim_name%"' \ --set evaluation-order-index:100
A token resource lookup method defines the expression that is used to search System for Cross-domain Identity Management (SCIM) resources by the access token subject or additional claims. In this example, the value of the access token subject claim is used to search the
uid
attribute value of the SCIM user resource.