• Create a Service Provider Open ID Connect IdP connection.
  • Configure an Identity Provider authentication policy for the connection.
  1. Make the Open ID Connect call to the application to obtain the access token that you plan to use as a bearer token.
    After you've made the connection, you can find the access token attribute name in <pf_install>/pingfederate/log/server.log in debug mode.
  2. On the Configure Data Source Filters window, enter the access token attribute name in the Authorization Header field.

    You can reference attribute values in the form of ${attributeName:-defaultValue}. The default value is optional. When specified, it is used at runtime if the attribute value is not available. Do not use ${ and } in the default value.

Authorization Headers

Authorization Header entries are shown here for Yahoo and Google Open ID Connect IdP connections:
  • For Yahoo: Bearer ${idp.https://api.login.yahoo.com.access_token}
  • For Google: Bearer ${idp.https://accounts.google.com.access_token}