The PingDirectory server uses an identity mapper to match the sub claim against the entryUUID attribute.

To configure the PingDirectory server as the token validator:

  1. Sign on to the PingFederate administrative console.
  2. Go to Applications > OAuth > Clients.
  3. Click Add Client.
  4. For both the Client ID and Name, specify pingdirectory.
  5. In the Client Authentication section, select Client Secret.
  6. In the Client Secret section, select Change Secret and then enter or generate a secret.
  7. Copy the secret key.
  8. In the Allowed Grant Types section, select Access Token Validation (Client is a Resource Server).
  9. Set the Default Access Token Manager to the access token manager you created in step 3 of Configuring the OAuth server.
  10. Click Save.