Specifying a dynamic authorization header for a REST API datastore - PingFederate

Specifying a dynamic authorization header for a REST API datastore - PingFederate - 10.3

PingFederate Server

bundle

pingfederate-103

ft:publication_title

PingFederate Server

Product_Version_ce

PingFederate 10.3

category

Product

pf-103

pingfederate

ContentType_ce

When you configure an Open ID Connect identity provider (IdP) connection with an application, you can use the access token from the connection as a bearer token in an authorization header to receive additional information as needed.

Create a Service Provider Open ID Connect IdP connection.
Configure an Identity Provider authentication policy for the connection.

Make the Open ID Connect call to the application to obtain the access token that you plan to use as a bearer token.
After you've made the connection, you can find the access token attribute name in <pf_install>/pingfederate/log/server.log in debug mode.
On the Configure Data Source Filters window, enter the access token attribute name in the Authorization Header field.

Authorization Headers

Authorization Header entries are shown here for Yahoo and Google Open ID Connect IdP connections:

For Yahoo: Bearer ${idp.https://api.login.yahoo.com.access_token}
For Google: Bearer ${idp.https://accounts.google.com.access_token}