PingAuthorize Server Documentation Index
Configuration Reference Home

External API Gateway Access Token Validator

Note: this component stores cluster-wide configuration data and is mirrored across all servers in the topology within the the same cluster.

Note: changes to cluster-wide configuration objects are immediately and automatically mirrored across all servers within the same cluster, so offline changes are not supported.

An External API Gateway Access Token Validator is a special-purpose Access Token Validator used by the Sideband API to handle parsed access token data provided by a trusted third-party API gateway.

External API Gateway Access Token Validators are used especially for cases in which a third-party API gateway is trusted to authenticate and parse an access token, which it provides to the Sideband API as an object containing the access token claims. External API Gateway Access Token Validators is only intended for use with the Sideband API and will be ignored if configured for use with other services.

Parent Component
Properties
dsconfig Usage

Parent Component

The External API Gateway Access Token Validator component inherits from the Access Token Validator

Properties

The properties supported by this managed object are as follows:


General Configuration Basic Properties: Advanced Properties:
↓ description  None
↓ enabled
↓ evaluation-order-index

Basic Properties

description

Property Group
General Configuration
Description
A description for this Access Token Validator
Default Value
None
Allowed Values
A string
Multi-Valued
No
Required
No
Admin Action Required
None. Modification requires no further action

enabled

Property Group
General Configuration
Description
Indicates whether this Access Token Validator is enabled for use in PingAuthorize Server.
Default Value
None
Allowed Values
true
false
Multi-Valued
No
Required
Yes
Admin Action Required
None. Modification requires no further action

evaluation-order-index

Property Group
General Configuration
Description
When multiple External API Gateway Access Token Validators are defined for a single PingAuthorize Server, this property determines the evaluation order for determining the correct validator class for an access token received by the PingAuthorize Server. Values of this property must be unique among all External API Gateway Access Token Validators defined within PingAuthorize Server but not necessarily contiguous. External API Gateway Access Token Validators with a smaller value will be evaluated first to determine if they are able to validate the access token.
Default Value
0
Allowed Values
An integer value. Lower limit is 0.
Multi-Valued
No
Required
Yes
Admin Action Required
None. Modification requires no further action


dsconfig Usage

To list the configured Access Token Validators:

dsconfig list-access-token-validators
     [--property {propertyName}] ...

To view the configuration for an existing Access Token Validator:

dsconfig get-access-token-validator-prop
     --validator-name {name}
     [--tab-delimited]
     [--script-friendly]
     [--property {propertyName}] ...

To update the configuration for an existing Access Token Validator:

dsconfig set-access-token-validator-prop
     --validator-name {name}
     (--set|--add|--remove) {propertyName}:{propertyValue}
     [(--set|--add|--remove) {propertyName}:{propertyValue}] ...

To create a new External API Gateway Access Token Validator:

dsconfig create-access-token-validator
     --validator-name {name}
     --type external-api-gateway
     --set enabled:{propertyValue}
     [--set {propertyName}:{propertyValue}] ...

To delete an existing Access Token Validator:

dsconfig delete-access-token-validator
     --validator-name {name}