Page created: 31 Aug 2020
|
Page updated: 9 Feb 2021
The following example configures a JWT access token validator to retrieve public keys from a PingFederate authorization server's JWKS endpoint.
# Change the host name and port below, as needed
dsconfig create-external-server \
--server-name "PingFederate External Server" \
--type http \
--set base-url:https://example.com:9031
# Create the Access Token Validator
dsconfig create-access-token-validator \
--validator-name "JWT Access Token Validator" \
--type jwt \
--set enabled:true \
--set evaluation-order-index:1000 \
--set allowed-signing-algorithm:RS256 \
--set "authorization-server:PingFederate External Server" \
--set jwks-endpoint-path:/ext/oauth/jwks
# Match the token's subject (sub) claim to the uid attribute
# of a SCIM resource
dsconfig create-token-resource-lookup-method \
--validator-name "JWT Access Token Validator" \
--method-name "User by uid" \
--type scim \
--set scim-resource-type:Users \
--set 'match-filter:uid eq "%sub%"' \
--set evaluation-order-index:1000