Note: this is an abstract component that cannot be instantiated.
Note: this component stores cluster-wide configuration data and is mirrored across all servers in the topology within the the same cluster.
Note: changes to cluster-wide configuration objects are immediately and automatically mirrored across all servers within the same cluster, so offline changes are not supported.
External Access Token Validators validate access tokens that are issued by an external entity.
↓Direct Subcomponents
↓Parent Component
↓Relations from This Component
↓Properties
↓dsconfig Usage
The following External Access Token Validators are available in the server :
These External Access Token Validators inherit from the properties described below.
The External Access Token Validator component inherits from the Access Token Validator
The following components have a direct composition relation from External Access Token Validators:
The following components have a direct aggregation relation from External Access Token Validators:
The properties supported by this managed object are as follows:
| Basic Properties: | Advanced Properties: |
|---|---|
| ↓ description | None |
| ↓ enabled | |
| ↓ evaluation-order-index | |
| ↓ hostname-verification-method | |
| ↓ key-manager-provider | |
| ↓ trust-manager-provider |
| Description | A description for this Access Token Validator |
| Default Value | None |
| Allowed Values | A string |
| Multi-Valued | No |
| Required | No |
| Admin Action Required | None. Modification requires no further action |
| Description | Indicates whether this Access Token Validator is enabled for use in Data Governance Broker. |
| Default Value | None |
| Allowed Values | true false |
| Multi-Valued | No |
| Required | Yes |
| Admin Action Required | None. Modification requires no further action |
| Description | When multiple Access Token Validators are defined for a single Data Governance Broker, this property determines the evaluation order for determining the correct validator class for an access token received by the Data Governance Broker. Values of this property must be unique among all Access Token Validators defined within Data Governance Broker but not necessarily contiguous. Access Token Validators with a smaller value will be evaluated first to determine if they are able to validate the access token. |
| Default Value | None |
| Allowed Values | An integer value. Lower limit is 0. |
| Multi-Valued | No |
| Required | Yes |
| Admin Action Required | None. Modification requires no further action |
| Description | The mechanism for checking if the external validation service hostname matches the name(s) stored inside the server's X.509 certificate. This is only applicable if SSL is being used for connection security. |
| Default Value | strict |
| Allowed Values | allow-all - This mechanism turns hostname verification off. strict - This mechanism works the same way as the Java Runtime Environment. It is also compliant with RFC 2818 for dealing with wildcards. The hostname must match any of the Subject Alternative Names or the first CN. A wildcard can occur in the CN, and in any of the Subject Alternative Names. A wildcard such as "*.foo.com" matches only subdomains in the same level, for example "a.foo.com". It does not match deeper subdomains such as "a.b.foo.com". |
| Multi-Valued | No |
| Required | No |
| Admin Action Required | The External Access Token Validator must be disabled and re-enabled for changes to this setting to take effect. In order for this modification to take effect, the component must be restarted, either by disabling and re-enabling it, or by restarting the server |
| Description | The key manager provider to use if SSL (HTTPS) is to be used for connection-level security. When specifying a value for this property (except when using the Null key manager provider) you must ensure that the external server trusts this server's public certificate by adding this server's public certificate to the external server's trust store. |
| Default Value | The Java Runtime Environment's default key manager will be used |
| Allowed Values | The DN of any Key Manager Provider. The associated key manager provider must exist and must be enabled if SSL is to be used. |
| Multi-Valued | No |
| Required | No |
| Admin Action Required | The External Access Token Validator must be disabled and re-enabled for changes to this setting to take effect. In order for this modification to take effect, the component must be restarted, either by disabling and re-enabling it, or by restarting the server |
| Description | The trust manager provider to use if SSL (HTTPS) is to be used for connection-level security. |
| Default Value | The Java Runtime Environment's default trust manager will be used |
| Allowed Values | The DN of any Trust Manager Provider. The associated trust manager provider must exist and must be enabled if SSL is to be used. |
| Multi-Valued | No |
| Required | No |
| Admin Action Required | The External Access Token Validator must be disabled and re-enabled for changes to this setting to take effect. In order for this modification to take effect, the component must be restarted, either by disabling and re-enabling it, or by restarting the server |
To list the configured Access Token Validators:
dsconfig list-access-token-validators
[--property {propertyName}] ...
To view the configuration for an existing Access Token Validator:
dsconfig get-access-token-validator-prop
--validator-name {name}
[--tab-delimited]
[--script-friendly]
[--property {propertyName}] ...
To update the configuration for an existing Access Token Validator:
dsconfig set-access-token-validator-prop
--validator-name {name}
(--set|--add|--remove) {propertyName}:{propertyValue}
[(--set|--add|--remove) {propertyName}:{propertyValue}] ...
To delete an existing Access Token Validator:
dsconfig delete-access-token-validator
--validator-name {name}