• Create a Service Provider Open ID Connect IdP connection.
  • Configure an Identity Provider authentication policy for the connection.
  1. Make the Open ID Connect call to the application to obtain the access token that you plan to use as a bearer token.
    After you've made the connection, you can find the access token attribute name in <pf_install>/pingfederate/log/server.log in debug mode.
  2. On the Configure Data Source Filters window, enter the access token attribute name in the Authorization Header field.
    Tip:

    You can reference attribute values in the form of ${attributeName:-defaultValue}. The default value is optional. When specified, it is used at runtime if the attribute value is not available. Do not use ${ and } in the default value.

Authorization Headers

Authorization Header entries are shown here for Yahoo and Google Open ID Connect IdP connections:
  • For Yahoo: Bearer ${idp.https://api.login.yahoo.com.access_token}
  • For Google: Bearer ${idp.https://accounts.google.com.access_token}