Configuring policy and ID token settings - PingFederate - 10.3

PingFederate Server

bundle
pingfederate-103
ft:publication_title
PingFederate Server
Product_Version_ce
PingFederate 10.3
category
Product
pf-103
pingfederate
ContentType_ce

On the Manage Policy tab, enter the required information and configure optional settings for ID tokens issued under this policy.

  1. Go to Applications > OAuth > OpenID Connect Policy Management and click Add Policy.
  2. In the Policy ID field, enter the policy identifier.
  3. In the Name field, enter the policy name.
  4. From the Access Token Manager list, select an access token management instance.
  5. Optional: In minutes, define the expiry information for ID tokens issued based on this policy in the ID Token Lifetime field.

    The default value is 5 minutes.

  6. Optional: Select the Include Session Identifier in ID Token check box to add a session identifier (pi.sri) in the ID tokens.
  7. Optional: Select the Include User Info in ID Token check box to include additional attributes in the ID tokens.
    Tip:

    OAuth clients can also obtain additional attributes from the UserInfo endpoint at /idp/userinfo.openid. For more information, see UserInfo endpoint.

  8. Optional: Select the Include State Hash in ID Token check box to include the s_hash claim in ID tokens.
    Note:

    A state hash protects the state parameter by binding it to the ID token. For more information, see Financial Services – Financial API - Part 2: Read and Write API Security Profile.

  9. Optional: Select the Return ID Token On Refresh Grant checkbox to return an ID token for OpenID Connect to Salesforce and Kubernetes when the OAuth access token is refreshed.