Validate JWT Signature Locally
A flag for whether the agent validates the JWT signature locally:
-
0
: The agent does not validate the JWT signature locally. The agent validates a JWT by doing audience claim validation and callbacks to PingAM. -
1
: The agent validates the JWT signature locally.
When the agent validates the JWT locally, it checks the signature of the JWT using the public key of the issuer. The JWKS is downloaded from the PingAM endpoint: /oauth2/connect/jwk_uri
Enabling this feature causes the agent to first validate the JWT signature, before continuing with audience claim validation and callbacks to PingAM. This allows for JWT tampering detection early on in the handling of the request, instead of during callbacks to PingAM.
There is an expected drop in performance when enabling this feature.
Default: 0
Property name |
|
Type |
Boolean: |
Bootstrap property |
Yes |
Required property |
No |
Restart required |
No |