HTTP services - PingAuthorize - 9.2

Core settings

• URL

  URL for the REST endpoint that the PDP accesses. The Policy Manager can interpolate attributes anywhere in the URL. Because no escaping of attribute values takes place, make certain that this action is completed in the attribute definition, if necessary.

• HTTP Method

  Method to send in the HTTP request.

• Content Type

  Content-Type header to send, which relates to the body of the request.

• Body

  Body to send with the request. The Policy Manager can interpolate attributes anywhere in the body with no escaping.

Authentication

The Authentication drop-down lists the following HTTP authentication types, which correspond to an authorization header sent with the request:

• None

  Default value that indicates the PDP sends no authorization header.

• Basic

  Reveals the choices for attributes whose values function as the user name and password of an HTTP request with basic authentication.

• OAuth2

  Reveals a token selector. The PDP sends the selected attribute as the authorization token in an HTTP request with bearer authentication.

Headers

You can add any number of custom headers to the request. The header names are fixed strings, but their values can be constants or attribute values. To switch between constant and attribute, toggle C / A, which is next to a header value.

Certificate validation

With certificate validation, you can define TLS and Mutual-TLS (M-TLS) certificates and keys when connecting to the TLS (or SSL) based service.

When using external PDP mode, you can declare local file-based trust stores and key stores by providing an options file during setup. See Specifying custom configuration with an options file.

When using embedded PDP mode, you do this by assigning Trust Manager Providers and Key Manager Providers to the Policy Decision Service. See Use policies in a production environment.

Server (TLS)

Server (TLS) settings apply when validating the certificate or certificate chain sent from the server. You have three options when validating a server certificate.

• No Validation

  Skips validating the server certificates and initiates connection without any restriction.

• Default

  This option is the default for Server (TLS).

  Uses the default trust store provided by the runtime environment.

  Use this if you are trying to connect to a service that has a certificate issued from a valid certificate authority.

• Custom

  Allows the user to define a custom certificate or certificate chain that is stored in a trust store.

  Custom trust store settings:

  • Source

    Trust store source. Currently, it only supports file-based trust stores.

  • Trust store name

    The name given to the trust store in configuration.yml.

  • Alias

    Certificates in the trust stores are mapped by alias. You must set the alias in the trust store to specify which certificate to use for validation.

    Attributes can be interpolated anywhere in the value.

  • Alias password

    If the certificate is password-protected, it might need to provide the password.

    Attributes can be interpolated anywhere in the value.

Client (M-TLS)

Some services might require the client to provide a client certificate when initializing the connection. To provide a client certificate, enable this setting and provide a custom key store to be sent to the service.

Custom key store settings:

• Source

  Key store source. Currently, it only supports file-based key stores.

• Key store name

  The name given to the key store in configuration.yml.

• Alias

  Key-value pairs and the certificate entry in the key stores are mapped by alias. You must set the alias in the key store to specify which entry to use for validation.

  Attributes can be interpolated anywhere in the value.

• Alias password

  If the entry is password-protected, it might need to provide the password.

  Attributes can be interpolated anywhere in the value.