The Client Registration Policy plugin capability allows you to write custom processing rules to provide additional control over which registrations and configurations are accepted and stored for each client created via the OAuth 2.0 Dynamic Client Registration protocol.

Depending on the complexity of the business or technical requirements of your use cases, you can create one or more Client Registration Policy plugins using the PingFederate SDK. After deploying your plugins, you can create and configure instances of them. (Note that configuration requirements vary based on your custom solutions.) Finally, when you are ready to configure dynamic client registration, add your policies to its configuration.

  1. Implement the DynamicClientRegistrationPlugin interface.

    For more information, refer to the Javadoc for the DynamicClientRegistrationPlugin interface, the SoftwareStatementValidatorPlugin.java file for a sample implementation, and the SDK developer's guide for build and deployment information.

    Tip:

    The Javadoc for PingFederate and the sample implementation are located under the <pf_install>/pingfederate/sdk directory.

  2. Create, modify, or remove one or more instances.
    • To configure a new instance, click Create New Instance.
    • To modify an existing instance, select it by its name under Instance Name.
    • To remove an existing instance or to cancel the removal request, click Delete or Undelete under Action.
      Note:

      You can remove a Client Registration Policy instance only if it is not currently in-use by dynamic client registration.

    • To save the plugin configuration, click Save.
Important:

A Client Registration Policy instance is not enforced (or executed as part of the dynamic client registration process) until it is selected on the OAuth Server > Client Settings > Client Registration Policies screen.