Ping Identity Data Governance Broker - Google Plus External Identity Provider

Data Governance Broker Documentation Index
Configuration Reference Home

Google Plus External Identity Provider

Note: this component stores cluster-wide configuration data and is mirrored across all servers in the topology within the the same cluster.

Note: changes to cluster-wide configuration objects are immediately and automatically mirrored across all servers within the same cluster, so offline changes are not supported.

A Google Plus External Identity Provider uses Google+ Sign-In to authenticate users and the people.get API to retrieve user attributes.

↓Parent Component
↓Properties
↓dsconfig Usage

Parent Component

The Google Plus External Identity Provider component inherits from the External Identity Provider

Properties

The properties supported by this managed object are as follows:

Basic Properties:	Advanced Properties:
↓ description	None
↓ enabled
↓ icon-uri
↓ hostname-verification-method
↓ key-manager-provider
↓ trust-manager-provider
↓ client-id
↓ client-secret
↓ scope
↓ access-type
↓ include-granted-scopes

Basic Properties

description

Description	A description for this External Identity Provider
Default Value	None
Allowed Values	A string
Multi-Valued	No
Required	No
Admin Action Required	None. Modification requires no further action

enabled

Description	Indicates whether the External Identity Provider is enabled.
Default Value	None
Allowed Values	true false
Multi-Valued	No
Required	Yes
Admin Action Required	None. Modification requires no further action

icon-uri

Description	The icon URI for this External Identity Provider.
Default Value	None
Allowed Values	An absolute URL with one of the following schemes: { http, https }, or a relative URL
Multi-Valued	No
Required	No
Admin Action Required	None. Modification requires no further action

hostname-verification-method

Description	The mechanism for checking if the identity provider's hostname matches the name(s) stored inside the server's X.509 certificate. This is only applicable if SSL is being used for connection security.
Default Value	strict
Allowed Values	allow-all - This mechanism turns hostname verification off. strict - This mechanism works the same way as the Java Runtime Environment. It is also compliant with RFC 2818 for dealing with wildcards. The hostname must match any of the Subject Alternative Names or the first CN. A wildcard can occur in the CN, and in any of the Subject Alternative Names. A wildcard such as "*.foo.com" matches only subdomains in the same level, for example "a.foo.com". It does not match deeper subdomains such as "a.b.foo.com".
Multi-Valued	No
Required	No
Admin Action Required	The Google Plus External Identity Provider must be disabled and re-enabled for changes to this setting to take effect. In order for this modification to take effect, the component must be restarted, either by disabling and re-enabling it, or by restarting the server

key-manager-provider

Description	The key manager provider to use if SSL (HTTPS) is to be used for connection-level security. When specifying a value for this property (except when using the Null key manager provider) you must ensure that the external server trusts this server's public certificate by adding this server's public certificate to the external server's trust store.
Default Value	The Java Runtime Environment's default key manager will be used
Allowed Values	The DN of any Key Manager Provider. The associated key manager provider must exist and must be enabled if SSL is to be used.
Multi-Valued	No
Required	No
Admin Action Required	The Google Plus External Identity Provider must be disabled and re-enabled for changes to this setting to take effect. In order for this modification to take effect, the component must be restarted, either by disabling and re-enabling it, or by restarting the server

trust-manager-provider

Description	The trust manager provider to use if SSL (HTTPS) is to be used for connection-level security.
Default Value	The Java Runtime Environment's default trust manager will be used
Allowed Values	The DN of any Trust Manager Provider. The associated trust manager provider must exist and must be enabled if SSL is to be used.
Multi-Valued	No
Required	No
Admin Action Required	The Google Plus External Identity Provider must be disabled and re-enabled for changes to this setting to take effect. In order for this modification to take effect, the component must be restarted, either by disabling and re-enabling it, or by restarting the server

client-id

Description	The client ID assigned by Google.
Default Value	None
Allowed Values	A string
Multi-Valued	No
Required	Yes
Admin Action Required	None. Modification requires no further action

client-secret

Description	The client secret assigned by Google.
Default Value	None
Allowed Values	A string
Multi-Valued	No
Required	Yes
Admin Action Required	None. Modification requires no further action

scope

Description

The Google+ scopes to request authorization for.

Default Value

None

Allowed Values

A string

Example values

Value	Synopsis
profile	Basic login scope with access to authenticated user's basic profile information.
email	Access to the user's Google account email address and the name of the Google Apps domain, if any, that the user belongs to.
https://www.googleapis.com/auth/plus.login	Login scope providing access to Google+ social features. Users without Google+ will be prompted to upgrade their account.
https://www.googleapis.com/auth/plus.profile.emails.read	Access to the user's Google account email address, as well as any public, verified email addresses in the user's Google+ profile, and the name of the Google Apps domain, if any, that the user belongs to.

Multi-Valued

Yes

Required

Admin Action Required

None. Modification requires no further action

access-type

Description	The access type to request. Allowed values include 'offline' and 'online'. Offline access is required to receive a refresh token.
Default Value	None
Allowed Values	A string
Multi-Valued	No
Required	No
Admin Action Required	None. Modification requires no further action

include-granted-scopes

Description	Specifies whether authorization should include any previous authorizations granted to this user/application combination for other scopes.
Default Value	None
Allowed Values	true false
Multi-Valued	No
Required	No
Admin Action Required	None. Modification requires no further action

dsconfig Usage

To list the configured External Identity Providers:

dsconfig list-external-identity-providers
     [--property {propertyName}] ...

To view the configuration for an existing External Identity Provider:

dsconfig get-external-identity-provider-prop
     --provider-name {name}
     [--tab-delimited]
     [--script-friendly]
     [--property {propertyName}] ...

To update the configuration for an existing External Identity Provider:

dsconfig set-external-identity-provider-prop
     --provider-name {name}
     (--set|--add|--remove) {propertyName}:{propertyValue}
     [(--set|--add|--remove) {propertyName}:{propertyValue}] ...

To create a new Google Plus External Identity Provider:

dsconfig create-external-identity-provider
     --provider-name {name}
     --type google-plus
     --set enabled:{propertyValue}
     --set client-id:{propertyValue}
     --set client-secret:{propertyValue}
     [--set {propertyName}:{propertyValue}] ...

To delete an existing External Identity Provider:

dsconfig delete-external-identity-provider
     --provider-name {name}