Configuring the Access Token Manager for PingCentral - PingCentral

Configuring the Access Token Manager for PingCentral - PingCentral - 1.8

PingCentral

bundle

pingcentral-18

ft:publication_title

PingCentral

Product_Version_ce

PingCentral 1.8

category

Administrator

Audience

Developer

Product

pc-18

pingcentral

ContentType_ce

Page created: 17 Jun 2021 |

Page updated: 8 Oct 2021

| 1 min read

1.8 Product PingCentral Developer Audience Administrator OpenID Connect Standards, specifications, and protocols

The access token manager associated with the OIDC Policy must support signed JSON web token (JWT) tokens. To validate the token signature, PingCentral must be able to access a JWKS endpoint URL.

Note:

Signing certificates and JSON web encryption (JWE) encryption (symmetric or asymmetric) are not supported in this release.

If you are using PingFederate 10.1 or later, you can enable the centralized signing key functionality.

Note:

Additional configuration isn't required in PingCentral to access the centralized JWKS endpoint.

Select the Use Centralized Signing Key check box.
If you are using an older version of PingFederate, define an explicit JWKS endpoint path:
1. Select Show Advanced Fields and specify the path in the JWKS Endpoint Path field.
  
  Note:
  This path must be explicitly configured in PingCentral. See Configuring resource server functionality.
If you define either or both of the issuer or audience claim values within the access token manager, you can configure PingCentral to validate them.

These claim values are also defined within the advanced fields, as shown in the following example.