Use the Type tab on the Create Token Processor Instance window to begin configuring a JWT token processor 2.0 instance. See Selecting a token processor type.
The following procedure describes how to use the Instance Configuration tab on the Create Token Processor Instance window to continue configuring a JWT token processor 2.0 instance.Screenshot of the Instance Configuration tab for a JWT token processor 2.0
- On the Create Token Processor Instance window, go to the Instance Configuration tab.
Specify one or more Allowed Issuers and a
JWKS or JWKS URL for each allowed
PingFederate uses the JWKS or JWKS URL to get the validation keys for the issuer.
Specify one or more Allowed Audiences.
This setting is optional unless you select the Require Audience check box.
Specify which of the following token claims are required:
- Audience (
- Expiration time (
- Issued at time (
- Not before time (
By default, the
expclaims are required, and the
nbfclaims are not required.
- Audience (
Click Show Advanced Fields and change the default value for
any of the following settings:
- Default Cache Configuration, which sets the number of
minutes to cache the JWKSNote:
This feature affects JWKS caching only when you specify a JWKS URL for an Allowed Issuer and the JWKS URL response doesn’t indicate a cache time. This feature doesn’t apply when you specify a JWKS for an allowed issuer.
- Allowed Clock Skew for
- Max Future Validity, which limits the lifetime of the token
- Default Cache Configuration, which sets the number of minutes to cache the JWKS
- Click Save.
After selecting the token processor type, go to the Extended Contract tab to continue configuring the token processor instance. See Extending a token processor contract.